hxxp://www[.]auslogics[.]com

Analysis

max time kernel
120s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.auslogics.com

Score

8^/10

bootkit discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 13 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TabDashboard.exeauslogics-boost-speed-setup.tmpIntegrator.exeTabCleanUp.exeTabAllTools.exeTabOptimize.exeTabMaintain.exeTabProtect.exeTabCareCenter.exeIntegrator.exeDiskDefrag.exeTabMyTasks.exeTabDashboard.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabDashboard.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	auslogics-boost-speed-setup.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Integrator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabCleanUp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabAllTools.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabOptimize.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabMaintain.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabProtect.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabCareCenter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Integrator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DiskDefrag.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabMyTasks.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TabDashboard.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

auslogics-boost-speed-setup.tmpIntegrator.exeTabMaintain.exeTabDashboard.exeTabOptimize.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	auslogics-boost-speed-setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	Integrator.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	TabMaintain.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	TabDashboard.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	TabOptimize.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 14 IoCs

Processes:

auslogics-boost-speed-setup.exeauslogics-boost-speed-setup.tmpIntegrator.exeDiskDefrag.exeIntegrator.exeTabDashboard.exeTabDashboard.exeTabMyTasks.exeTabCleanUp.exeTabOptimize.exeTabProtect.exeTabMaintain.exeTabCareCenter.exeTabAllTools.exe

pid	process
1644	auslogics-boost-speed-setup.exe
2540	auslogics-boost-speed-setup.tmp
4616	Integrator.exe
208	DiskDefrag.exe
316	Integrator.exe
2008	TabDashboard.exe
2776	TabDashboard.exe
2668	TabMyTasks.exe
684	TabCleanUp.exe
5224	TabOptimize.exe
5772	TabProtect.exe
5972	TabMaintain.exe
6108	TabCareCenter.exe
5148	TabAllTools.exe

Loads dropped DLL 64 IoCs

Processes:

auslogics-boost-speed-setup.tmpregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeIntegrator.exeDiskDefrag.exe

pid	process
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
5088	regsvr32.exe
1964	regsvr32.exe
1964	regsvr32.exe
1964	regsvr32.exe
4972	regsvr32.exe
4972	regsvr32.exe
1500	regsvr32.exe
1500	regsvr32.exe
1500	regsvr32.exe
4520	regsvr32.exe
1996	regsvr32.exe
1996	regsvr32.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
4616	Integrator.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
208	DiskDefrag.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 5 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

TabOptimize.exeTabMaintain.exeTabDashboard.exeTabCleanUp.exe

description	ioc	process
File opened (read-only)	\??\F:	TabOptimize.exe
File opened (read-only)	\??\D:	TabMaintain.exe
File opened (read-only)	\??\F:	TabMaintain.exe
File opened (read-only)	\??\F:	TabDashboard.exe
File opened (read-only)	\??\F:	TabCleanUp.exe

Writes to the Master Boot Record (MBR) 1 TTPs 6 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

TabOptimize.exeTabMaintain.exeTabDashboard.exeIntegrator.exeTabCleanUp.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	TabOptimize.exe
File opened for modification	\??\PhysicalDrive0	TabMaintain.exe
File opened for modification	\??\PhysicalDrive0	TabDashboard.exe
File opened for modification	\??\PHYSICALDRIVE0	Integrator.exe
File opened for modification	\??\PhysicalDrive0	Integrator.exe
File opened for modification	\??\PhysicalDrive0	TabCleanUp.exe

Drops file in Program Files directory 64 IoCs

Processes:

auslogics-boost-speed-setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-M98RN.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-T0UEJ.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-JNHLH.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-MEPQ2.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-KIKSV.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-H0VSR.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-NCK7S.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-CMJIS.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-BNH3H.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\Data\is-ICH1A.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\Data\is-TBBCO.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-TKEFU.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-11370.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-OPBLD.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-M24JI.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-4N4J6.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-KIPOO.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-DV4CS.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-LUDRV.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\Lang\is-B3MRK.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-T526G.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-349VI.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-IKNF7.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\Lang\is-1SEVR.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-KFRH9.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-7G7QJ.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-8CF34.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-TELJ3.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-B2475.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-PUNCQ.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-PDOKG.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-06I69.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-HS2LU.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-Q4VB6.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-OTEEM.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-CH28C.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-U7UNR.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-BTRAS.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-U4SQQ.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-5JPM8.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-CBI7O.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-145GS.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-7V0KM.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-2SE60.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-HADUS.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-IF71U.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-18QOM.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-C31H0.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-V13B5.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-J0MO6.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-H5FHF.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-S8B7K.tmp	auslogics-boost-speed-setup.tmp
File opened for modification	C:\Program Files (x86)\Auslogics\BoostSpeed\unins000.dat	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-J2VME.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-HCMRH.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-5IUV2.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-L95LI.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-80MH3.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-C46CF.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-D1R06.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-PJ0JO.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\Lang\is-Q1UVJ.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-NNEC6.tmp	auslogics-boost-speed-setup.tmp
File created	C:\Program Files (x86)\Auslogics\BoostSpeed\is-QVNOK.tmp	auslogics-boost-speed-setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

regsvr32.exeIntegrator.exeIntegrator.exeTabOptimize.exeTabProtect.exeTabAllTools.exeregsvr32.exeregsvr32.exeTabDashboard.exeTabCleanUp.exeTabMaintain.exeTabCareCenter.exeauslogics-boost-speed-setup.exeauslogics-boost-speed-setup.tmpDiskDefrag.exeregsvr32.exeTabDashboard.exeregsvr32.exeTabMyTasks.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Integrator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Integrator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabOptimize.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabProtect.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabAllTools.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabDashboard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabCleanUp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabMaintain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabCareCenter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	auslogics-boost-speed-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	auslogics-boost-speed-setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DiskDefrag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabDashboard.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TabMyTasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133749532805740115"	chrome.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-D46FF1C671E9}\DllSurrogate	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-863B4A40A1A1}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\ProgID\ = "BrowserPluginsAgentCOM32.BrowserPluginsAgent32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\ = "Auslogics BrowserPluginsAgent32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\ProgID\ = "BrowserPluginsAgentCOM32.BrowserPluginsAgent32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}\ = "Auslogics BrowserPluginsAgent64"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\AppID = "{93469602-4134-4012-A6BC-D46FF1C671E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-CBF4ABB4456D}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE9301D5-9266-4A2F-8767-85482115CAB0}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-D46FF1C671E9}\DllSurrogate	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM32.BrowserPluginsAgent32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\ProgID\ = "TMAgentCOM.TMAgent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-863B4A40A1A1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\ = "Auslogics BrowserPluginsAgent32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DiskDoctorChecker.DiskChecker	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\AppID = "{278029E0-2347-4254-A65E-204AC55E2508}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\AppID = "{278029E0-2347-4254-A65E-204AC55E2508}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6855F0CE-00B1-483F-8633-33B650EE4310}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-00DB857103B2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\InprocServer32\ = "C:\\PROGRA~2\\AUSLOG~1\\BOOSTS~1\\BROWSE~3.DLL"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE9301D5-9266-4A2F-8767-85482115CAB0}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Auslogics\\BoostSpeed\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6855F0CE-00B1-483F-8633-33B650EE4310}\ = "ITMAgent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}\ = "IBrowserPluginsAgent32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE9301D5-9266-4A2F-8767-85482115CAB0}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64\Clsid\ = "{93469602-4134-4012-A6BC-3E73B9855F90}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\InprocServer32\ = "C:\\PROGRA~2\\AUSLOG~1\\BOOSTS~1\\TASKMA~2.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}\InprocServer32\ = "C:\\PROGRA~2\\AUSLOG~1\\BOOSTS~1\\BROWSE~2.DLL"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}\1.0\0\win32\ = "C:\\Program Files (x86)\\Auslogics\\BoostSpeed\\TaskManagerHelper.Agent.x64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6855F0CE-00B1-483F-8633-33B650EE4310}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\AppID = "{93469602-4134-4012-A6BC-D46FF1C671E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-863B4A40A1A1}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-C0B2C19C6B87}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-CBF4ABB4456D}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}\ = "IDiskChecker"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6855F0CE-00B1-483F-8633-33B650EE4310}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\ProgID\ = "DiskDoctorChecker.DiskChecker"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}\1.0\ = "TMAgentCOM"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM32.BrowserPluginsAgent32\Clsid\ = "{93469602-4134-4012-A6BC-F0AD1C3D66AB}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6855F0CE-00B1-483F-8633-33B650EE4310}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-3E73B9855F90}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\Version	regsvr32.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Integrator.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Integrator.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	Integrator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Integrator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Integrator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Integrator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Integrator.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	Integrator.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Integrator.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeauslogics-boost-speed-setup.tmpIntegrator.exeDiskDefrag.exeIntegrator.exeTabDashboard.exeTabDashboard.exeTabMyTasks.exeTabCleanUp.exeTabOptimize.exeTabProtect.exeTabMaintain.exeTabCareCenter.exeTabAllTools.exechrome.exe

pid	process
4644	chrome.exe
4644	chrome.exe
2540	auslogics-boost-speed-setup.tmp
2540	auslogics-boost-speed-setup.tmp
4616	Integrator.exe
4616	Integrator.exe
208	DiskDefrag.exe
208	DiskDefrag.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
2008	TabDashboard.exe
2008	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2668	TabMyTasks.exe
2668	TabMyTasks.exe
316	Integrator.exe
316	Integrator.exe
684	TabCleanUp.exe
684	TabCleanUp.exe
5224	TabOptimize.exe
5224	TabOptimize.exe
5772	TabProtect.exe
5772	TabProtect.exe
5972	TabMaintain.exe
5972	TabMaintain.exe
316	Integrator.exe
316	Integrator.exe
6108	TabCareCenter.exe
6108	TabCareCenter.exe
5148	TabAllTools.exe
5148	TabAllTools.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
5772	TabProtect.exe
5772	TabProtect.exe
316	Integrator.exe
316	Integrator.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
2776	TabDashboard.exe
316	Integrator.exe
6208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4644 chrome.exe
4644 chrome.exe
4644 chrome.exe
4644 chrome.exe
4644 chrome.exe
4644 chrome.exe
4644 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeIntegrator.exe

pid	process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe
316	Integrator.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

auslogics-boost-speed-setup.tmp

pid process

2540 auslogics-boost-speed-setup.tmp
2540 auslogics-boost-speed-setup.tmp

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4644 wrote to memory of 1228	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 1228	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 2508	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4316	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4316	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe
PID 4644 wrote to memory of 4824	4644	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.auslogics.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff84a7cc40,0x7fff84a7cc4c,0x7fff84a7cc58
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3664,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:1
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4496,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
2⤵
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4656,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5392,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5152,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=2268,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5600,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5748 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6004,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:8
2⤵
PID:1396

C:\Users\Admin\Downloads\auslogics-boost-speed-setup.exe
"C:\Users\Admin\Downloads\auslogics-boost-speed-setup.exe"
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1644

C:\Users\Admin\AppData\Local\Temp\is-8HTJL.tmp\auslogics-boost-speed-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8HTJL.tmp\auslogics-boost-speed-setup.tmp" /SL5="$801CC,39394012,505856,C:\Users\Admin\Downloads\auslogics-boost-speed-setup.exe"
3⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDoctorChecker.x64.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:5088

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDoctorChecker.x32.dll"
4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1964

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\TaskManagerHelper.Agent.x64.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:4972

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\TaskManagerHelper.Agent.x32.dll"
4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1500

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x64.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:4520

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x32.dll"
4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1996

C:\Program Files (x86)\Auslogics\BoostSpeed\Integrator.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\Integrator.exe" /install /setautostart
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDefrag.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDefrag.exe" /install
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:208

C:\Program Files (x86)\Auslogics\BoostSpeed\Integrator.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\Integrator.exe" /FromInstall
4⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:316

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x32.dll"
5⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1680

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x64.dll"
5⤵
- System Location Discovery: System Language Discovery
PID:1112

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x64.dll"
6⤵
- Modifies registry class
PID:1760

C:\Program Files (x86)\Auslogics\BoostSpeed\TabDashboard.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabDashboard.exe" /FromInstall /ShowTab:Main
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2008

C:\Program Files (x86)\Auslogics\BoostSpeed\TabDashboard.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabDashboard.exe" /FromInstall /ShowTab:ScannerPage /NoActivate
5⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2776

C:\Program Files (x86)\Auslogics\BoostSpeed\TabMyTasks.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabMyTasks.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2668

C:\Program Files (x86)\Auslogics\BoostSpeed\TabCleanUp.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabCleanUp.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:684

C:\Program Files (x86)\Auslogics\BoostSpeed\TabOptimize.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabOptimize.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5224

C:\Program Files (x86)\Auslogics\BoostSpeed\TabProtect.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabProtect.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5772

C:\Program Files (x86)\Auslogics\BoostSpeed\TabMaintain.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabMaintain.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5972

C:\Program Files (x86)\Auslogics\BoostSpeed\TabCareCenter.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabCareCenter.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6108

C:\Program Files (x86)\Auslogics\BoostSpeed\TabAllTools.exe
"C:\Program Files (x86)\Auslogics\BoostSpeed\TabAllTools.exe" /FromInstall
5⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5476,i,2485223208270434610,12360781157001280928,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:664

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4616

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5392

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:6320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x32.dll

Filesize
67KB

MD5
cd7e9d0e78ffd73ee584ef8971700745

SHA1
070480e8b54da3cfd5c67f241cede1fd9b98e8ca

SHA256
bbb9aa1a08dc6437eb4e7e2b70129373cb8192a393863baa2231f1a16fb40c47

SHA512
477a42e07420d46b42f0b0f16f9939ff9d828af2008c55cc8b3e6a3df0be22117b610125c320bfa1d89e1e4c5a8202cef0543d0e82cb56a75423fe137b995e7d

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\BrowserPluginsHelper.Agent.x64.dll

Filesize
1.6MB

MD5
eefcbe98d5c8b1645bdc60254e80cfa7

SHA1
df358519e0e8cb5069c6506cdef21000f242d0b3

SHA256
83717560f68469a7c1f11542f16a04d7e3b0c94e84851ebd8ea52ce0c77eb954

SHA512
aab037ed08b9a1ad5e630e210a1c6119f4a592571b0b4721af279d36672df56d939cd1503171145a46d253ae56be3b0465531816c5c56c4cd3643d54c6dd9077

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\Data\main.ini

Filesize
4KB

MD5
93d1c6058116d8f59304929051dbc18e

SHA1
1a036a3fc42f4d1ecd6163ae032abdc615bf2eeb

SHA256
31b8ee1cbc87680ddbfe267112a466c1a959f70b4508a6aaad93df1ea0e720f2

SHA512
e5e0e43be22b906e8af4706058ed0a004dd53f36382e7349e9a0d9901d31cbd7b6b69f6fd9e2e337bbac55715c6fe0418c7f2bccf2fb3efad7f53d817d807682

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDoctorChecker.x32.dll

Filesize
117KB

MD5
3f67436d40b6d7c08520c4e6bf661bc8

SHA1
a2052c3472f12639b4ab2326e01649d6c96adec8

SHA256
ca7dadd06a88e23d482da8a7bf3d8715e5bcef4479ec1a14aa9ff39185c4da85

SHA512
a920f2a9d8881f65a44179a97a4d40a1a4f2a1fe5dea569c3a2d7d90dae705901c961cde90687933b6dd53355df031695fb4286b6b6981d110e7d24ec304729a

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\DiskDoctorChecker.x64.dll

Filesize
1.7MB

MD5
c34a2020f22662af7e6b9cfae8f80d0d

SHA1
4f97781f56c0c6d8faca582c721f4ca2a9f42222

SHA256
56856a0157e0af501abd0531491a7b38448e4db0666f793fb1d350424f122f38

SHA512
4db90ea3dc14849def6b3e2d33d53840fc74f58a8a4ea6ce476e196e8e5951a8d17c5c0ecb2429ccafc98a522ad4fd72830f8d9d20725dead55906dca1f0c7a5

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\Integrator.exe

Filesize
8.7MB

MD5
4c0574e97dc59931de3f9121260e2829

SHA1
6fa8c8626979f698464e87f842cc74a0c29dc52f

SHA256
d498dd8bc75ff4fccb44b0c56b1b5ddffcb11ca4bba1e5ffd022a38809cb72ae

SHA512
fd43a70b0898a5ba82e681f6d0d9833b4ac430e7721cfe5ce2e75f09609fa61be1bfc6d6323868d8dcb1b999593b47ac23cebf47d390027ab0172d7edf8a5550

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\TaskManagerHelper.Agent.x32.dll

Filesize
70KB

MD5
39d69f8e2726b0fc7a7430a94f9ef626

SHA1
f9ec7beae8a9cbd1ab6c3897ebbc5eb49a9bc432

SHA256
b8e0de536671e86451e1b97eb0c076c3ddf5c2ebe136666182f5687a83b615c0

SHA512
51fcbdf378d72a29d1049d2b61d0f8c7c0e3664f8b556a3fbc17a7d605f0c3a033f75e915ea824cffccdfc380f9d746b59969d7c076e4576ac464bbe88079bbd

Download Submit
C:\Program Files (x86)\Auslogics\BoostSpeed\TaskManagerHelper.Agent.x64.dll

Filesize
1.7MB

MD5
efc2dd6749c0e54410c271d90098f152

SHA1
4cadd597a8325dc12fb0d9671b7742cb245f6aa5

SHA256
440cdd1118c5fc918af6bd2e8eb66b0d334c0cd22b8d04641b661c18ecf25af4

SHA512
730ceadcc152eb66a7dfb79140ed98672973699b80fc85cb597ff1f79d06af80960860aea73ea21fe693f46dfe0b3d5d9941f450ce30c669039c0981e4a4b0fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4b603c68174a4e4737683d771abe4ad2

SHA1
4802ebc3fe55ed51572bab8a4046b233db5298ee

SHA256
699ddf5d076ce0fc78bec54d4faa3d5e62fff54a47a0b3c702667d3da4c5777a

SHA512
d7e606796f3cc000da65d40755513dad45b912ed98f9b02b7fbab382d583a8f3684a044123dbdcf473f031b648f933a47b927e64c9345b8859cc371179611948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
7a91d47e327d300ba289b2b48a8fe0e5

SHA1
ce29a598b33b4a8d9fd7275b5df72624080a1c79

SHA256
e71e3c005fa9ebacbe836f4d99102be232e71ad594dd2d9312a53e9f3f799af5

SHA512
616b187cbfc4717e955cc819b1e5c0910edd58b7acc52c99be280f7c77af3e43cb6d424f6692f5a229c4e053b85590037f488032f23548a6c830c0b38b92c6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00ec55698201f0b2fa9cb9217ede886d

SHA1
42c763494c8322b8396c547e52a5dc23e063505a

SHA256
1cce0db02671d5b28c430afa9dedaf9b06f056880458a001453199574bb93b9f

SHA512
f5453bd8c65a2c493d8fcb1d3592e668e3b64a97411f018c89f8d10afac346624aa90745b39a3a66da1e13a5d15fd2357e1d28e639fb3f1bc4e70785c9ec9f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fb211e43e281dbb3c9d0baa9e060eda1

SHA1
7004f8a3c7e4c32a88a291f920d57c97631add45

SHA256
1072dbe7174b42bddc5c003e8df5e7630eee3441df8588b1b19a099fae6cc9f7

SHA512
afe21b98435472a498c649270d93a9ec5b563695abb13e6d89d92167eb9ac0ecf26a61cc1955ad0c9f69c3dcad69f2270d5f7b0994cc336e6d28c5b9824001e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c27c0c366fedfa04f103f7608ca8a22

SHA1
c17a4cadcaf73e4794bed41ffa65ffc91a29a6a2

SHA256
d09068f0b9bffeb646903b5607093baa1837af65df62f1c18cd5cf97571f721c

SHA512
117657622decb94719e337dac780e0db52b3ae39a879bebc13c6472087cd2ae456b45de7e5e9b6db3fb9cdf1281f3478b2b419ab51470c6a4aa8b5d28719086c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
848714eb830841ad0554b3841e0600d2

SHA1
d919ed6f52893b5108719077d9d3a21e0d28bf50

SHA256
f723d8ae37a6fbac24f8f14075f5ad3aefb154b36787a080bd3e1c013502fb02

SHA512
28c026a089b0f8a034d069ccdeeda1c5327e0274415763d751e460b362dbdf94ce16cb51e51109c711ef943d1f5a66731a862a97edd3d4dbb8de8446aa491e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
751c03d9e65899c2594e29f7caa7d39b

SHA1
e8a1161bbd75ca84c2e4444fb66b117f12d4ea67

SHA256
5bdd7d17d3357a743b835b57215f704eb679c5fe2993719da75d55e13d49b5fb

SHA512
e222a996d0f50270cad36c11df6cbe821b5246939dacdea8804a0dbb79ef5d1da0328b06f02bd151bb0fd844be3701a5e3a197110ca21aae154cf9ed2ef95259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf5a18f4b172d0549bcbbf034e0846ed

SHA1
f7d6c6535618d09a6782992762c35e83bfd9e330

SHA256
d31a283c12e0934101dd07a1646e65508329c481dc748aa2b5f66be74275b45f

SHA512
c8f4c1b96ef3d72b38865af7e3b312808d53338ec7f5b740030518922317200a7f8bb4e76fffdb1b22f6d2e378f139891d3438dcd683e6745893ef04413f942c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45cf6cb51275a9ca168f061e1976f228

SHA1
1f383360c045ba168dc89337055a70dda44d2605

SHA256
9f6bf14ce59557a08e3df37a093f85b9b0481660d526d2e9cf728b08fbeabd3a

SHA512
de1e919854bc45ca662a424874d93ac68f2adca729590938acb360b0256188d016a95e5d7f533d9356794def64ba1092373da03e2607c5a74584a451d54f0c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eae1f74947de08bd1efdc42ee9231c5d

SHA1
36c7748ef820084990cea9bb0dd3f483fe06c56e

SHA256
90e901b048838b88f0b86472d42d0a34508f63dfbcac87da26365e7c803a8f9a

SHA512
e40d270b375ca7f4d38ff601836899468a068f68f57de20021ce9d327be88fc83759977dfbf9adea7a18f11d7a2aba25cfb8485916e625a16d13a1019d73aa12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e87a8dcc0ec80cdf3acda67eb6bcaec

SHA1
aca8264de2479542f3634fff42dd03996efc3e82

SHA256
60a906d0df5ce5a6d376568c89622a2ab1137362852fabd67cbeccd8a6ce867b

SHA512
702986cbaa76d0977b49b561e52f8f4394d9160534784716f73269f92c02c7b1609b3df43bc6b83437059ece8c28f2917bb48773cb01eb7ac559b5a5afaa46f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18415286d1c9defa4666721dcde416e0

SHA1
12b1f1f40dc6667ac070010c6ef021fefd6e130a

SHA256
024262d82752591753cc3e368e8d0a27bd25a0a69bd52c8f2ff21e228db0154b

SHA512
c2fb93d579530dcaadcfb898f196e2f2e37fed4fe3e9903a5387a1e8a3171cdb5db2a5bfa1fe02b057580cfd136b963ec401b71f6ac211f429594a8e390dc284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75ddeb1002d22758e9054cc1ea91d05d

SHA1
447dfe2d1d8ca1da75b8929fbd0ed04103de1c32

SHA256
022a46c0a12c841ad88104f3df46d820ead8d3c2e1129be50c9e7a513ca5fa4d

SHA512
1110cba876c8fb60a9c663c283309f178cdbee6149a435bfcca2acd8218dadb180cd281fe92ded9555c289e817e2a8a4b4cbac3087564b5a3d25b68d43402cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c5733cbfb42c6aaecbec6bd3ae106d6

SHA1
3b6ae4feed570565d11bae86572b795c09f3fc89

SHA256
9beca5a2e9c07b0b370dc7fdd1b4d8bd2918b1786401428a9863c22748ebf289

SHA512
95ddf4155e75a29365a9a5e445b62f95b985684b5085d2584cc15fd85b7674e5ca0125d0daa5f83b1117dcf6305a790d90c6624cc8d91c2ec1e8f358e919e3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb227780703d701f974d805f216f0167

SHA1
cf4ce71ab911dc463b26422b931b12d1df1396c1

SHA256
3fd840d27b80c318c69be4da464acb1f23f5c15f71f8e651567db3806d9f7736

SHA512
24d7040fbe8e326766e3abc9f0bc64d1d27426892f890f75b308a3b7a11b9824b1935705f90ec37ed24fc486a7233c4e2d2e5ba1b565b9bec7d974d70743e109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b9b3ff8681eb820ce553498944971f7

SHA1
7e3d797faaf6845dc541a8cacd41c4a26a29a25f

SHA256
b0fe1a322c256ebaf32d2c8d5cd0c43056b4c216ce03d39b00ef114dbad692dc

SHA512
280df4254a6660ba2b4aebeca531119af557d5500e55873cabb1cea4723bffd43a51618099f970955fc0d88aaa93cd83c05a7f70905b14b7c132a2015e45e7a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3cdb2bc137d131c2dd3ea6522196b867

SHA1
27a52aada1ed6d83d105719bbcb328ae2f9cb409

SHA256
66ac42e6277e8ada27dddabc241c6d65e30b271566aa3cdce8b4cd058a1ce559

SHA512
a8756c4b04cb13cf6ebd680442ff52f4d72ea112bc0fdc006620380a57202473e3bd1c190155f0b625ec4563c57e59a7bce6cf922daeea7333213d7c9c771f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
39cce785b117c7e878adc85996acdd95

SHA1
c64e51d257d7461714ca3a14296a650e3e88de55

SHA256
330503646a16f77a2eb2abedff1d5ebd8e78d1163f45b861b39038b7258e7e9b

SHA512
61fef6870a5458c98e3806664cfc8911862eaf5c8fd37b0c70458fe7854b610e8cd90d930c841bdcc5526b36a5b22086ee04af576f9f3c9dbb05e45fe05ff278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f584472e16e73406b865a2a474c6cc55

SHA1
2e3dd00b76852e0a1c6ea2584c726ed34a3a5e2d

SHA256
4adaee965ffeffee4820fddae05e3cc2d8890207c14b4d72b4bf3360d91bd0a1

SHA512
bb9616e2f1571ba59302084afb3eaa238aa068f063c953994f523942cf3303e33a5d6945527225a0f488e1338daec57f453d9cd23d64f743e1d18d5241e6ab9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8HTJL.tmp\auslogics-boost-speed-setup.tmp

Filesize
1.5MB

MD5
1b0e45e742d176c1acd6d5f886ea6b8b

SHA1
16383d32444282860910bdee4ae03209f0984b8a

SHA256
dce59a6f06423eedab8d1431618cc0d07ce45bc808acdb5b144d3db5340a7d8c

SHA512
df6d9574596c747a750730578323c35694d87e00a5f6ad5c915ef43c198970d674326f39fb7c4c47bc23223e749653455b60d04ad859e4745159fe7421011f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\AxComponentsRTL.bpl

Filesize
2.4MB

MD5
a8e707e7bb1a042705e6015bd5487b01

SHA1
df28290863bc469bc5612ce644b8d933213f8d85

SHA256
16684bac886d653a427f19ab24ab6beec6057f6a871b33cbff2d247b92f09db0

SHA512
d04a7c538c768a761c782a8d2b6e7bc706bf82464edc7c513ccf8f8f6daae163042847b9357ed1c35f5fbed9b45a67c7bcadbe3197a6dda34736c86ff3ffbd2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\AxComponentsVCL.bpl

Filesize
8.9MB

MD5
29acba02d36a8b23c0d3ad8ccd7121aa

SHA1
aba583dc6ccc33e830dffa2621118880552b3d5b

SHA256
826935b766788a1d02fdd047718c49da90e2d355011147148aa9988f4c1ee3bf

SHA512
9d19859af84d2f30caf9e04201db275e2ef3d0a867d9c70cdbbdf1ddfdf544fd98c324b27e47cc696bfcc7ce05ce774e2309feb6964a721cb296fe06eab18349

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\BrowserHelper.dll

Filesize
2.1MB

MD5
8960acaa58a05f5ba14107ce5e9d721f

SHA1
2e371867c949f5cf62afa1c6322d86792533436c

SHA256
9b02da3b9e13ebe2ab4b9e45b872d2f8123f1f0e31e729dfffd4615b9c677235

SHA512
f3b666ad91725983fc6b5e6da397fd0ceae5924744b6ae4039e1e3d40b4f76f4308dea8c17110ccd4eab1e59395675ef67ea2b389f4bacf5d75c393363d05cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\CFAHelper.dll

Filesize
97KB

MD5
a16377354a781ec92113996fbf9abaad

SHA1
ca1b210059a209d688d6c0e68b17e9d0739176d8

SHA256
a38e47f2659333984add646d036711f9402ebdaca03c96b0778e581d6f24d947

SHA512
4af3c2f9d8473d204972d30dc5ddd703ef22cbd1720874c9452ba73c26d07a376bc9712eb19994963de3446cb60ddaecea5e5dc848218f76480985c5c79a2292

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\CommonForms.Site.dll

Filesize
341KB

MD5
f2b937092f3f78e8469c385677ab123b

SHA1
808fb5fd4fbdddba25904bf063a684aabe1541f0

SHA256
90d3590a3a663663c2c843688d942f99e6ce14b6e7f254b24f3fac33b87a28d0

SHA512
0284252da59235dc8bfd6442442b5702e385971fd8f8eeabe4d41fbb83f1a9632878bf83a26eb4549a46207620e1b1bcbb0d3a9b9519b3d6191ee804b50c0abd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\GoogleAnalyticsHelper.dll

Filesize
140KB

MD5
e66aa4531cff756a3bd1cdddc2fc16ae

SHA1
cf0fb0de82a6c4097961582e185e724101d53f6e

SHA256
86844a405c32d65c44ab3930701b4d8abbe5dcb819906b021d7a393eaaebb2bf

SHA512
5ff3cb5cbd0878afb4c69d80a1d8ad2121bb4ff257e9295f206416577235ef15d4edd2fa2f194a8d54198828dce442cf1da6882e8d0cd2053e92358bb6a2f19c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\Localizer.dll

Filesize
192KB

MD5
b11c827799d58b265fec2eb974085408

SHA1
51b055e252b4e59f2f8dad9093b0a2176f1b4e40

SHA256
19d36e18d775dc8962d219669d84e71ece7d337ed846416bf3f16f19687ee04c

SHA512
b14075b1ddf163053bd1eb54995448687dc05dba0c9243b10e9c98e7b3f00bf6666f571fffda49f86ef141dc76e042e467eb77b2c61b857e2154cff57ff4dd12

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\SetupCustom.dll

Filesize
1.5MB

MD5
84aeaf8c8cd4138c1cd12d6ec6261ef0

SHA1
6a6f8ebabb4388147495c55da84202c29be9395c

SHA256
e68162392a859aa0641bddfce32ef3d1e4b59ea12dc77744d6cefa4a891396d2

SHA512
bbb75d9a4612d087b289edd21a57018bd4cffde181bf5464fb1a34b42ef2608c29d84752dd6007ee32255ae74dd0ccfbee368e7c38ce3db363bddd0e1b5b2ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\enu.lng

Filesize
1.6MB

MD5
53dc4f314befbcc8a4f30bd43770e106

SHA1
760a7000adc143ccb8df642fe602e75828ceb0b5

SHA256
83811822d4341920a7348d451e6e55362094a63bcfdc25130ef5163a91abfa15

SHA512
dca73272b1d2f33d9f1d1ab87c09878b1e30af3fe93c0b62c30f7844695d33bddeb5f7c11ad71606c5ad2a8be0ee18ea61ebddce4f731ea294e22a82b9507c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\rtl250.bpl

Filesize
10.1MB

MD5
942cc74b7ef66b51859d135fa3bc8bb2

SHA1
642810b822d9e4ddd40faafb7437b552d2ad7d56

SHA256
66f2f6b2e8c24827d63f6415094ae40fddd50f30e097cda395cc0116d57356a6

SHA512
941e41ed4031674168d4b4380d52cdea4d3077c1e871a9f61d8c85030befda654b06cb5da666d906130fa2d5b985573b274f9d77ac570b634be295baefa385e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\vcl250.bpl

Filesize
3.9MB

MD5
e4f482e3f7eb949256402c38e467122f

SHA1
2910db3ffc1769d2ae83b6569fa91e79faaa4033

SHA256
10b9d8569b8f9e9e46e7a579855492353c43f1e3b5d4a28959015bed5570350c

SHA512
8dc4eadc0ebe0cc86e7ac85843c16be5cc563a5dce2985f34b4769786e5d2f7176b62506854ef5e5b75a58aa1cbe45934650e7cab098a639bc62affe9119241b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DUTIB.tmp\vclimg250.bpl

Filesize
355KB

MD5
57496780b9a5c733144e5663f088f42a

SHA1
ccdd74d1a638629f8fdba43ce1180a23d7a463dc

SHA256
6be794294ff9c4b27debc6ed50fce865d028cf496d4e39fcce9c4f8e48cbfbfd

SHA512
50cf52cc8524551e9fd106c823039f604df2b92d2de859ef2d4b85016d603a6c31dc928e155949554c20ebd63f5b5665b627cc8853576a6149f2213b533f16d0

Download Submit
C:\Users\Admin\Downloads\auslogics-boost-speed-setup.exe

Filesize
38.0MB

MD5
f66c5dc988fc1cb3f8caf39addfafc4d

SHA1
562989b3affa78ece9119cd9b25654d995264c59

SHA256
97a56cf608daec091d551432382ebdd9f3858384fad41f377c81a9c11bbd174f

SHA512
448171bd8386265cde755ead980faab9328460da689844395854c8e2ffd2c5b0ad6f1d46de42f7043ee83df4683d1ea278267d60b2e96e022c2a072b8068598c

Download Submit
\??\pipe\crashpad_4644_JUPGTQFWGTREIPMD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1644-297-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1644-438-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/1644-298-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/2540-442-0x0000000050A80000-0x0000000050E72000-memory.dmp

Filesize
3.9MB

Download
memory/2540-471-0x00000000034E0000-0x0000000003666000-memory.dmp

Filesize
1.5MB

Download
memory/2540-448-0x0000000005340000-0x000000000535B000-memory.dmp

Filesize
108KB

Download
memory/2540-447-0x00000000050F0000-0x0000000005148000-memory.dmp

Filesize
352KB

Download
memory/2540-446-0x0000000005060000-0x0000000005092000-memory.dmp

Filesize
200KB

Download
memory/2540-444-0x00000000036D0000-0x00000000040F6000-memory.dmp

Filesize
10.1MB

Download
memory/2540-399-0x0000000005290000-0x00000000052B0000-memory.dmp

Filesize
128KB

Download
memory/2540-443-0x0000000003670000-0x00000000036CA000-memory.dmp

Filesize
360KB

Download
memory/2540-441-0x0000000050000000-0x0000000050260000-memory.dmp

Filesize
2.4MB

Download
memory/2540-439-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/2540-450-0x00000000061B0000-0x00000000063D6000-memory.dmp

Filesize
2.1MB

Download
memory/2540-445-0x0000000004100000-0x00000000049DE000-memory.dmp

Filesize
8.9MB

Download
memory/2540-414-0x0000000005340000-0x000000000535B000-memory.dmp

Filesize
108KB

Download
memory/2540-472-0x0000000050000000-0x0000000050260000-memory.dmp

Filesize
2.4MB

Download
memory/2540-474-0x0000000003670000-0x00000000036CA000-memory.dmp

Filesize
360KB

Download
memory/2540-449-0x0000000005360000-0x0000000005385000-memory.dmp

Filesize
148KB

Download
memory/2540-440-0x00000000034E0000-0x0000000003666000-memory.dmp

Filesize
1.5MB

Download
memory/2540-420-0x0000000005360000-0x0000000005385000-memory.dmp

Filesize
148KB

Download
memory/2540-358-0x0000000004100000-0x00000000049DE000-memory.dmp

Filesize
8.9MB

Download
memory/2540-359-0x00000000036D0000-0x00000000040F6000-memory.dmp

Filesize
10.1MB

Download
memory/2540-428-0x00000000061B0000-0x00000000063D6000-memory.dmp

Filesize
2.1MB

Download
memory/2540-339-0x00000000034E0000-0x0000000003666000-memory.dmp

Filesize
1.5MB

Download
memory/2540-354-0x0000000003670000-0x00000000036CA000-memory.dmp

Filesize
360KB

Download
memory/2540-372-0x0000000004D90000-0x0000000004DB0000-memory.dmp

Filesize
128KB

Download
memory/2540-373-0x0000000004D90000-0x0000000004DB0000-memory.dmp

Filesize
128KB

Download
memory/2540-303-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/2540-1058-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/2540-385-0x0000000005060000-0x0000000005092000-memory.dmp

Filesize
200KB

Download
memory/2540-395-0x00000000050F0000-0x0000000005148000-memory.dmp

Filesize
352KB

Download
memory/2540-398-0x0000000005290000-0x00000000052B0000-memory.dmp

Filesize
128KB

Download