General Info

File name

google-chrome_msetup_[1244143].exe

Full analysis
https://app.any.run/tasks/c57b9d92-e027-40b9-821c-8d816f1c0aed
Verdict
Malicious activity
Analysis date
5/15/2019, 15:38:09
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

c41dc6a580bc50ae0850587f20fb68bc

SHA1

fe6e4d5d8bbc398a5e33a576ae108d7afe4f62e2

SHA256

b8c3866121b71c44fb52f965f6ee49188989850a4cda6627dae224aa71421218

SSDEEP

6144:n0HjIpOcK9GK81fl2RrS8i5U/V260mZ3Gn9HK70z3p+PyqQS:nR7sRrS8iit26LW960zqQS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • instup.exe (PID: 3872)
  • lite_installer.exe (PID: 1744)
  • YandexPackSetup.exe (PID: 4080)
  • seederexe.exe (PID: 2320)
  • downloader.exe (PID: 2340)
  • instup.exe (PID: 2428)
  • sbr.exe (PID: 2404)
  • Yandex.exe (PID: 2560)
  • sender.exe (PID: 2892)
  • downloader.exe (PID: 3448)
  • avast_free_antivirus_setup_online.exe (PID: 2612)
  • GoogleUpdate.exe (PID: 2520)
  • GoogleUpdate.exe (PID: 3884)
  • 2_ChromeSetup.exe (PID: 2284)
  • avast_free_antivirus_setup_online.exe (PID: 2844)
  • GoogleUpdate.exe (PID: 2680)
  • GoogleUpdate.exe (PID: 3636)
Loads dropped or rewritten executable
  • instup.exe (PID: 3872)
  • GoogleUpdate.exe (PID: 3636)
  • GoogleUpdate.exe (PID: 3884)
  • GoogleUpdate.exe (PID: 2680)
  • GoogleUpdate.exe (PID: 2520)
Downloads executable files from the Internet
  • downloader.exe (PID: 3448)
  • google-chrome_msetup_[1244143].exe (PID: 3960)
  • avast_free_antivirus_setup_online.exe (PID: 2612)
Changes the autorun value in the registry
  • instup.exe (PID: 2428)
Changes settings of System certificates
  • GoogleUpdate.exe (PID: 2520)
  • google-chrome_msetup_[1244143].exe (PID: 3960)
Executable content was dropped or overwritten
  • instup.exe (PID: 2428)
  • msiexec.exe (PID: 3048)
  • MsiExec.exe (PID: 4044)
  • instup.exe (PID: 3872)
  • Yandex.exe (PID: 2560)
  • downloader.exe (PID: 3448)
  • avast_free_antivirus_setup_online.exe (PID: 2612)
  • 2_ChromeSetup.exe (PID: 2284)
  • avast_free_antivirus_setup_online.exe (PID: 2844)
  • google-chrome_msetup_[1244143].exe (PID: 3960)
Creates a software uninstall entry
  • Yandex.exe (PID: 2560)
Application launched itself
  • downloader.exe (PID: 3448)
Creates files in the user directory
  • Yandex.exe (PID: 2560)
  • MsiExec.exe (PID: 4044)
  • seederexe.exe (PID: 2320)
  • lite_installer.exe (PID: 1744)
  • google-chrome_msetup_[1244143].exe (PID: 3960)
Changes the started page of IE
  • seederexe.exe (PID: 2320)
Starts itself from another location
  • instup.exe (PID: 3872)
  • GoogleUpdate.exe (PID: 3636)
Reads Environment values
  • MsiExec.exe (PID: 4044)
Low-level read access rights to disk partition
  • instup.exe (PID: 2428)
  • instup.exe (PID: 3872)
  • avast_free_antivirus_setup_online.exe (PID: 2612)
  • avast_free_antivirus_setup_online.exe (PID: 2844)
Creates files in the Windows directory
  • instup.exe (PID: 2428)
  • instup.exe (PID: 3872)
  • avast_free_antivirus_setup_online.exe (PID: 2612)
  • avast_free_antivirus_setup_online.exe (PID: 2844)
Removes files from Windows directory
  • instup.exe (PID: 2428)
  • instup.exe (PID: 3872)
Creates files in the program directory
  • instup.exe (PID: 3872)
  • 2_ChromeSetup.exe (PID: 2284)
  • avast_free_antivirus_setup_online.exe (PID: 2844)
Adds / modifies Windows certificates
  • GoogleUpdate.exe (PID: 2520)
  • google-chrome_msetup_[1244143].exe (PID: 3960)
Application launched itself
  • msiexec.exe (PID: 3048)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   InstallShield setup (54.3%)
.exe
|   Win64 Executable (generic) (34.8%)
.exe
|   Win32 Executable (generic) (5.6%)
.exe
|   Generic Win/DOS Executable (2.5%)
.exe
|   DOS Executable Generic (2.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2019:05:07 19:20:03+02:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
210432
InitializedDataSize:
196608
UninitializedDataSize:
null
EntryPoint:
0x208dd
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
1.1.9.0
ProductVersionNumber:
1.1.9.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Russian
CharacterSet:
Unicode
CompanyName:
MultiSetup
FileDescription:
MultiSetup
FileVersion:
1.1.9.0
InternalName:
multisetup.exe
LegalCopyright:
Copyright (C) 2019
OriginalFileName:
multisetup.exe
ProductName:
MultiSetup
ProductVersion:
1.1.9.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-May-2019 17:20:03
Detected languages
Russian - Russia
Debug artifacts
F:\Sources.Smartline\multi_install\Release\multi_setup.pdb
CompanyName:
MultiSetup
FileDescription:
MultiSetup
FileVersion:
1.1.9.0
InternalName:
multisetup.exe
LegalCopyright:
Copyright (C) 2019
OriginalFilename:
multisetup.exe
ProductName:
MultiSetup
ProductVersion:
1.1.9.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
07-May-2019 17:20:03
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0003342A 0x00033600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61199
.rdata 0x00035000 0x0000FA92 0x0000FC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.75459
.data 0x00045000 0x00003FC8 0x00001C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.02182
.rsrc 0x00049000 0x00018F88 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.52142
.reloc 0x00062000 0x0000332C 0x00003400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.54652
Resources
1

2

3

4

107

129

130

131

132

134

135

136

137

138

139

142

143

144

145

146

147

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    WINTRUST.dll

    CRYPT32.dll

    PSAPI.DLL

    SHLWAPI.dll

    VERSION.dll

    COMCTL32.dll

    POWRPROF.dll

    gdiplus.dll

    WININET.dll

Exports

    No exports.

Screenshots

Processes

Total processes
57
Monitored processes
21
Malicious processes
12
Suspicious processes
3

Behavior graph

+
download and start drop and start drop and start start drop and start download and start download and start drop and start drop and start drop and start drop and start drop and start drop and start google-chrome_msetup_[1244143].exe no specs google-chrome_msetup_[1244143].exe 2_chromesetup.exe avast_free_antivirus_setup_online.exe googleupdate.exe no specs downloader.exe googleupdate.exe no specs googleupdate.exe googleupdate.exe avast_free_antivirus_setup_online.exe instup.exe yandexpacksetup.exe downloader.exe msiexec.exe msiexec.exe lite_installer.exe seederexe.exe yandex.exe instup.exe sbr.exe no specs sender.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3076
CMD
"C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe"
Path
C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
MultiSetup
Description
MultiSetup
Version
1.1.9.0
Modules
Image
c:\users\admin\appdata\local\temp\google-chrome_msetup_[1244143].exe
c:\systemroot\system32\ntdll.dll

PID
3960
CMD
"C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe"
Path
C:\Users\admin\AppData\Local\Temp\google-chrome_msetup_[1244143].exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
MultiSetup
Description
MultiSetup
Version
1.1.9.0
Modules
Image
c:\users\admin\appdata\local\temp\google-chrome_msetup_[1244143].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\users\admin\downloads\downloads msetup\2_chromesetup.exe
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\msetup\avast_free_antivirus_setup_online.exe
c:\users\admin\appdata\local\temp\msetup\downloader.exe

PID
2284
CMD
"C:\Users\admin\Downloads\Downloads msetup\2_ChromeSetup.exe"
Path
C:\Users\admin\Downloads\Downloads msetup\2_ChromeSetup.exe
Indicators
Parent process
google-chrome_msetup_[1244143].exe
User
admin
Integrity Level
HIGH
Version:
Company
Google Inc.
Description
Google Update Setup
Version
1.3.33.23
Modules
Image
c:\users\admin\downloads\downloads msetup\2_chromesetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\gum41f4.tmp\googleupdate.exe

PID
2612
CMD
"C:\Users\admin\AppData\Local\Temp\msetup\avast_free_antivirus_setup_online.exe" /silent
Path
C:\Users\admin\AppData\Local\Temp\msetup\avast_free_antivirus_setup_online.exe
Indicators
Parent process
google-chrome_msetup_[1244143].exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1279.0
Modules
Image
c:\users\admin\appdata\local\temp\msetup\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
3636
CMD
"C:\Program Files\GUM41F4.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={C092240D-67D5-6EA5-F682-55125B75EF75}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
Path
C:\Program Files\GUM41F4.tmp\GoogleUpdate.exe
Indicators
No indicators
Parent process
2_ChromeSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\program files\gum41f4.tmp\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\gum41f4.tmp\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\gum41f4.tmp\goopdateres_ru.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\google\update\googleupdate.exe

PID
3448
CMD
"C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe" --partner 8937 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y ILIGHT=1 VID=600"
Path
C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe
Indicators
Parent process
google-chrome_msetup_[1244143].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup Downloader
Version
0.1.0.32
Modules
Image
c:\users\admin\appdata\local\temp\msetup\downloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe

PID
3884
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /healthcheck
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.23\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll

PID
2520
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zMy4yMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjIzIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0U4MkY1MUYzLTcyRTctNDBBOS1BM0RGLUZEMUJBODBDRkFEMX0iIHVzZXJpZD0iezYwQkIwMzQ0LThDMTYtNENERi1CMzI2LUUwODNCQTlFMDVCNH0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9InswQkVDQzk3RC1ENzZDLTQ4RkItQkREMC0wNkZFRDIyMjFENUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zMy4yMyIgbmV4dHZlcnNpb249IjEuMy4zMy4yMyIgbGFuZz0icnUiIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntDMDkyMjQwRC02N0Q1LTZFQTUtRjY4Mi01NTEyNUI3NUVGNzV9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM5MSIvPjwvYXBwPjwvcmVxdWVzdD4
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.23\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll

PID
2680
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={C092240D-67D5-6EA5-F682-55125B75EF75}&lang=ru&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}"
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.23\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\1.3.33.23\goopdateres_ru.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bitsprx4.dll

PID
2844
CMD
"C:\Windows\Temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe" /silent /cookie:mmm_mrk_ppi_004_408_p /ga_clientid:f3a88f5a-e776-4b17-bf0d-65bc1f888443 /edat_dir:C:\Windows\Temp\asw.cc55296d0fa91dd3
Path
C:\Windows\Temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.4.4318.0
Modules
Image
c:\windows\temp\asw.cc55296d0fa91dd3\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.d1b1720210bf9654\instup.exe

PID
3872
CMD
"C:\Windows\Temp\asw.d1b1720210bf9654\instup.exe" /edition:1 /ga_clientid:f3a88f5a-e776-4b17-bf0d-65bc1f888443 /guid:58a68fee-1383-4778-b9e4-adb8a441ea8d /prod:ais /sfx:lite /sfxstorage:C:\Windows\Temp\asw.d1b1720210bf9654 /silent /cookie:mmm_mrk_ppi_004_408_p /ga_clientid:f3a88f5a-e776-4b17-bf0d-65bc1f888443 /edat_dir:C:\Windows\Temp\asw.cc55296d0fa91dd3
Path
C:\Windows\Temp\asw.d1b1720210bf9654\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.4.4318.0
Modules
Image
c:\windows\temp\asw.d1b1720210bf9654\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.d1b1720210bf9654\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.d1b1720210bf9654\uat_3872.dll
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\avb8101.tmp
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\avd8121.tmp
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\ins8132.tmp
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\ins8152.tmp
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\asw822e.tmp
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\htm824e.tmp
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\instup.exep

PID
4080
CMD
"C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y ILIGHT=1 VID=600"
Path
C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
Indicators
Parent process
downloader.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Software Installer
Version
3.0.5419.0
Modules
Image
c:\users\admin\appdata\local\temp\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2340
CMD
C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe --stat dwnldr/p=8937/cnt=0/dt=10/ct=1/rt=0 --dh 332 --st 1557927541
Path
C:\Users\admin\AppData\Local\Temp\msetup\downloader.exe
Indicators
Parent process
downloader.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup Downloader
Version
0.1.0.32
Modules
Image
c:\users\admin\appdata\local\temp\msetup\downloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll

PID
3048
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\users\admin\appdata\local\yandex\yapin\yandex.exe

PID
4044
CMD
C:\Windows\system32\MsiExec.exe -Embedding 15430F574E56DC4D29FEE61C0396C0FC
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi7895.tmp
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\installer\msi7980.tmp
c:\windows\installer\msi79cf.tmp
c:\windows\installer\msi7a3d.tmp
c:\windows\installer\msi7a6d.tmp
c:\windows\installer\msi7a9d.tmp
c:\windows\installer\msi7c34.tmp
c:\windows\installer\msi7ca3.tmp
c:\windows\installer\msi7d6f.tmp
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\installer\msi7dfd.tmp

PID
1744
CMD
"C:\Users\admin\AppData\Local\Temp\7DC1FD6A-CEC1-49BE-9832-40C330578D23\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
Path
C:\Users\admin\AppData\Local\Temp\7DC1FD6A-CEC1-49BE-9832-40C330578D23\lite_installer.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Yandex
Description
YandexBrowserDownloader
Version
1.0.1.88
Modules
Image
c:\users\admin\appdata\local\temp\7dc1fd6a-cec1-49be-9832-40c330578d23\lite_installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll

PID
2320
CMD
"C:\Users\admin\AppData\Local\Temp\3A760A57-58B6-40F6-BB4B-B337ADC0648E\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=1" "--locale=us" "--browser=y" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\admin\AppData\Local\Temp\1A694684-9B03-4982-88A5-AC36A5931507\sender.exe" "--is_elevated=yes" "--ui_level=2" "--good_token=1"
Path
C:\Users\admin\AppData\Local\Temp\3A760A57-58B6-40F6-BB4B-B337ADC0648E\seederexe.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Yandex
Description
Browser Integration Module
Version
3.5.3.98
Modules
Image
c:\users\admin\appdata\local\temp\3a760a57-58b6-40f6-bb4b-b337adc0648e\seederexe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\program files\opera\opera.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\zipfldr.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\cscapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\users\admin\appdata\local\temp\1a694684-9b03-4982-88a5-ac36a5931507\sender.exe
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
2560
CMD
"C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe" --silent
Path
C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Description
YandexPin
Version
2.0.5.38
Modules
Image
c:\users\admin\appdata\local\yandex\yapin\yandex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ie4uinit.exe
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\userenv.dll
c:\windows\system32\accessibilitycpl.dll
c:\windows\system32\sud.dll
c:\windows\system32\wucltux.dll
c:\windows\ehome\ehres.dll
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\windowsanytimeupgradeui.exe
c:\program files\dvd maker\dvdmaker.exe
c:\windows\system32\fxsresm.dll
c:\windows\system32\unregmp2.exe
c:\windows\system32\xpsrchvw.exe
c:\windows\system32\displayswitch.exe
c:\program files\common files\microsoft shared\ink\mip.exe
c:\windows\system32\mblctr.exe
c:\windows\system32\netprojw.dll
c:\windows\system32\mstsc.exe
c:\windows\system32\snippingtool.exe
c:\windows\system32\soundrecorder.exe
c:\windows\system32\sntsearch.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\oobefldr.dll
c:\windows\system32\speech\speechux\sapi.cpl
c:\windows\system32\dfrgui.exe
c:\windows\system32\wdc.dll
c:\windows\system32\msinfo32.exe
c:\windows\system32\rstrui.exe
c:\windows\system32\miguiresource.dll
c:\windows\system32\migwiz\wet.dll
c:\program files\common files\microsoft shared\ink\shapecollector.exe
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\windows journal\journal.exe
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\comres.dll
c:\windows\system32\mycomput.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\iscsicpl.dll
c:\windows\system32\mdsched.exe
c:\windows\system32\pmcsnap.dll
c:\windows\system32\wsecedit.dll
c:\windows\system32\filemgmt.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\authfwgp.dll
c:\windows\system32\gameux.dll
c:\windows\system32\sdcpl.dll
c:\windows\system32\recdisc.exe
c:\windows\system32\msra.exe
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mssprxy.dll

PID
2428
CMD
"C:\Windows\Temp\asw.d1b1720210bf9654\New_13040946\instup.exe" /cookie:mmm_mrk_ppi_004_408_p /edat_dir:C:\Windows\Temp\asw.cc55296d0fa91dd3 /edition:1 /ga_clientid:f3a88f5a-e776-4b17-bf0d-65bc1f888443 /guid:58a68fee-1383-4778-b9e4-adb8a441ea8d /online_installer /prod:ais /sfx /sfxstorage:C:\Windows\Temp\asw.d1b1720210bf9654 /silent
Path
C:\Windows\Temp\asw.d1b1720210bf9654\New_13040946\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
19.4.4318.0
Modules
Image
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\instup.dllp
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.d1b1720210bf9654\uat_2428.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\sbr.exe

PID
2404
CMD
"C:\Windows\Temp\asw.d1b1720210bf9654\New_13040946\sbr.exe" 2428 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Path
C:\Windows\Temp\asw.d1b1720210bf9654\New_13040946\sbr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Shutdown blocker
Version
19.4.4318.0
Modules
Image
c:\windows\temp\asw.d1b1720210bf9654\new_13040946\sbr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2892
CMD
C:\Users\admin\AppData\Local\Temp\1A694684-9B03-4982-88A5-AC36A5931507\sender.exe --send "/status.xml?clid=2337021-600&uuid=%7B0BE3CC9A-ACE4-4B17-A24A-0EBF217E63B6%7D&vnt=Windows 7x32&file-no=6%0A10%0A11%0A12%0A13%0A15%0A16%0A17%0A18%0A20%0A21%0A22%0A25%0A40%0A42%0A43%0A45%0A57%0A61%0A89%0A103%0A108%0A111%0A121%0A123%0A124%0A129%0A"
Path
C:\Users\admin\AppData\Local\Temp\1A694684-9B03-4982-88A5-AC36A5931507\sender.exe
Indicators
Parent process
seederexe.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Yandex
Description
Yandex Statistics
Version
0.0.2.14
Modules
Image
c:\users\admin\appdata\local\temp\1a694684-9b03-4982-88a5-ac36a5931507\sender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

Registry activity

Total events
5184
Read events
2223
Write events
2945
Delete events
16

Modification events

PID
Process
Operation
Key
Name
Value
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\EAB040689A0D805B5D6FD654FC168CFF00B78BE3
Blob
030000000100000014000000EAB040689A0D805B5D6FD654FC168CFF00B78BE31400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB040000000100000010000000DB78CBD190952735D940BC80AC2432C00F0000000100000030000000435FE6564241D6B3828352EF9BE443D511C21F0AFB325C4038A5820F00D87774A8EF2193DDAAE065B2572FAF2BF0EE63190000000100000010000000EA6089055218053DD01E37E1D806EEDF18000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C20000000010000007B050000308205773082045FA003020102021013EA28705BF4ECED0C36630980614336300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C050003820101009365F63783950F5EC3821C1FD677E73C8AC0AA09F0E90B26F1E0C26A75A1C779C9B95260C829120EF0AD03D609C476DFE5A68195A746DA8257A99592C5B68F03226C3377C17B32176E07CE5A14413A05241BF614063BA825240EBBCC2A75DDB970413F7CD0633621071F46FF60A491E167BCDE1F7E1914C9636791EA67076BB48F8BC06E437DC3A1806CB21EBC53857DDC90A1A4BC2DEF4672573505BFBB46BB6E6D3799B6FF239291C66E40F88F2956EA5FD55F1453ACF04F61EAF722CCA7560BE2B8341F26D97B1905683FBA3CD43806A2D3E68F0EE3B4716D4042C584B440952BF465A04879F61D8163969D4F75E0F87CE48EA9D1F2AD8AB38CC721CDC2EF
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
EnableFileTracing
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
EnableConsoleTracing
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
FileTracingMask
4294901760
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
ConsoleTracingMask
4294901760
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
MaxFileSize
1048576
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASAPI32
FileDirectory
%windir%\tracing
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
EnableFileTracing
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
EnableConsoleTracing
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
FileTracingMask
4294901760
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
ConsoleTracingMask
4294901760
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
MaxFileSize
1048576
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\google-chrome_msetup_[1244143]_RASMANCS
FileDirectory
%windir%\tracing
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3960
google-chrome_msetup_[1244143].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510
3960
google-chrome_msetup_[1244143].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
Blob
0400000001000000100000002C8F9F661D1890B147269D8E86828CA90F00000001000000140000001E427A3639CCE4C27E94B1777964CA289A722CAD09000000010000003E000000303C06082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B0601050507030806082B06010505070309620000000100000020000000D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D81436241400000001000000140000006DAA9B0987C4D0D422ED4007374D19F191FFDED31D000000010000001000000096F98B6E79A74810CE7D398A82F977780B000000010000000E000000430065007200740075006D0000000300000001000000140000006252DC40F71143A22FDE9EF7348E064251B181181900000001000000100000000B6CD9778E41AD67FD6BE0A6903710442000000001000000100300003082030C308201F4A0030201020203010020300D06092A864886F70D0101050500303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D204341301E170D3032303631313130343633395A170D3237303631313130343633395A303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D20434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CEB1C12ED34F7CCD25CE183E4FC48C6F806A73C85B51F89BD2DCBB005CB1A0FC7503EE81F088EE2352E9E615338DAC2D09C576F92B398089E4974B90A5A878F873437BA461B0D858CCE16C667E9CF3095E556384D5A8EFF3B12E3068B3C43CD8AC6E8D995A904E34DC369A8F818850B76D964209F3D795830D414BB06A6BF8FC0F7E629F67C4ED265F10260F084FF0A45728CE8FB8ED45F66EEE255DAA6E39BEE4932FD947A072EBFAA65BAFCA533FE20EC69656116EF7E966A926D87F9553ED0A8588BA4F29A5428C5EB6FC852000AA680BA11A85019CC446638288B622B1EEFEAA46597ECF352CD5B6DA5DF748331454B6EBD96FCECD88D6AB1BDA963B1D590203010001A3133011300F0603551D130101FF040530030101FF300D06092A864886F70D01010505000382010100B88DCEEFE714BACFEEB044926CB4393EA2846EADB82177D2D4778287E6204181EEE2F811B763D11737BE1976241C041A4CEB3DAA676F2DD4CDFE653170C51BA6020ABA607B6D58C29A49FE63320B6BE33AC0ACAB3BB0E8D309518C1083C634E0C52BE01AB66014276C32778CBCB27298CFCDCC3FB9C8244214D657FCE62643A91DE58090CE0354283EF73FD3F84DED6A0A3A93139B3B142313639C3FD1872779E54C51E301AD855D1A3BB1D57310A4D3F2BC6E64F55A5690A8C70E4C740F2E713BF7C847F4696F15F2115E831E9C7C52AEFD02DA12A8596718DBBC70DD9BB169ED80CE8940486A0E35CA29661521942CE8602A9B854A40F36B8A24EC06162C73
2612
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.cc55296d0fa91dd3
3636
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{0BECC97D-D76C-48FB-BDD0-06FED2221D5B}
3636
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
1
3636
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
iid
{C092240D-67D5-6EA5-F682-55125B75EF75}
3636
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{0BECC97D-D76C-48FB-BDD0-06FED2221D5B}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.23" shell_version="1.3.33.23" ismachine="1" sessionid="{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}" userid="{60BB0344-8C16-4CDF-B326-E083BA9E05B4}" installsource="taggedmi" requestid="{0BECC97D-D76C-48FB-BDD0-06FED2221D5B}" dedup="cr" domainjoined="0"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" version="1.3.33.23" nextversion="1.3.33.23" lang="ru" brand="" client="" iid="{C092240D-67D5-6EA5-F682-55125B75EF75}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="391"/></app></request>
3636
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{0BECC97D-D76C-48FB-BDD0-06FED2221D5B}
PersistedPingTime
132024011297331250
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
EnableFileTracing
0
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
EnableConsoleTracing
0
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
FileTracingMask
4294901760
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
ConsoleTracingMask
4294901760
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
MaxFileSize
1048576
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASAPI32
FileDirectory
%windir%\tracing
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
EnableFileTracing
0
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
EnableConsoleTracing
0
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
FileTracingMask
4294901760
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
ConsoleTracingMask
4294901760
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
MaxFileSize
1048576
3448
downloader.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\downloader_RASMANCS
FileDirectory
%windir%\tracing
3448
downloader.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3448
downloader.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3448
downloader.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3448
downloader.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3448
downloader.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
uid
{60BB0344-8C16-4CDF-B326-E083BA9E05B4}
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
uid-create-time
1557927529
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
uid-num-rotations
1
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\uid
UlQASgSv
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Counts
opt_in_uid_generated
0100000000000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
omaha_version
1700210003000100
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Booleans
is_system_install
01000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Counts
goopdate_main
0100000000000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Counts
goopdate_constructor
0100000000000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_sp_major_version
0100000000000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_minor_version
0100000000000000
3884
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_major_version
0600000000000000
2520
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
2520
GoogleUpdate.exe
write
HKEY_CURRENT_USER\Software\Google\Update\proxy
source
auto
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
omaha_version
1700210003000100
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Booleans
is_system_install
01000000
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Counts
goopdate_main
0200000000000000
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Counts
goopdate_constructor
0200000000000000
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_sp_major_version
0100000000000000
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_minor_version
0100000000000000
2520
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Integers
windows_major_version
0600000000000000
2680
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
2680
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{E61040E6-2CE7-455A-95AE-8BBAC67D843B}
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
1
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{E61040E6-2CE7-455A-95AE-8BBAC67D843B}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.23" shell_version="1.3.33.23" ismachine="1" sessionid="{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}" userid="{60BB0344-8C16-4CDF-B326-E083BA9E05B4}" requestid="{E61040E6-2CE7-455A-95AE-8BBAC67D843B}" dedup="cr" domainjoined="0"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/></request>
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{E61040E6-2CE7-455A-95AE-8BBAC67D843B}
PersistedPingTime
132024011301550000
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
pv
73.0.3683.75
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
3
2680
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2680
GoogleUpdate.exe
write
HKEY_CURRENT_USER\Software\Google\Update\proxy
source
auto
2680
GoogleUpdate.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
0
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
ping_freshness
{1239D7E0-96FD-41DB-A6F9-4CA39FDF9BA4}
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
1:gu/rm3:
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
hint
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
name
74_157_Win
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
4
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.23" shell_version="1.3.33.23" ismachine="1" sessionid="{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}" userid="{60BB0344-8C16-4CDF-B326-E083BA9E05B4}" installsource="taggedmi" requestid="{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}" dedup="cr" domainjoined="0"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="74.0.3729.157" ap="x64-stable-statsdef_1" lang="ru" brand="" client="" installage="260" installdate="4256" iid="{C092240D-67D5-6EA5-F682-55125B75EF75}" cohort="1:gu/rm3:" cohortname="74_157_Win"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="empty"/></app></request>
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}
PersistedPingTime
132024011336393750
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
4294967295
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
0
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
5
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.23" shell_version="1.3.33.23" ismachine="1" sessionid="{E82F51F3-72E7-40A9-A3DF-FD1BA80CFAD1}" userid="{60BB0344-8C16-4CDF-B326-E083BA9E05B4}" installsource="taggedmi" requestid="{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}" dedup="cr" domainjoined="0"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="74.0.3729.157" ap="x64-stable-statsdef_1" lang="ru" brand="" client="" installage="260" installdate="4256" iid="{C092240D-67D5-6EA5-F682-55125B75EF75}" cohort="1:gu/rm3:" cohortname="74_157_Win"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="empty"/></app></request>
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{A93B0B09-7CD0-49AA-BD7F-4411CCA799B6}
PersistedPingTime
132024011343581250
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
7
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
78244
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
1
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
70710
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
2
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
67083
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
3
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
70726
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
4
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
70207
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
5
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
63074
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
6
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
52831
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
8
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
51354
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
9
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
50652
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
10
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
50265
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
11
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
46039
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
12
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
42002
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
14
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
36804
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
16
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
37405
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
17
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
39345
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
18
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
39264
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
19
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
38695
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
20
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
37829
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
21
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
37867
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
22
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
41167
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
23
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
45108
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
45326
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
24
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
46227
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
25
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
49100
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
26
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
49489
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
27
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
50281
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
28
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
61340
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
29
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
57107
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
30
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
58339
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
31
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
55196
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
32
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
56526
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
33
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
49892
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
34
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
50068
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
35
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
54249
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
36
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
52610
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
37
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
53702
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
38
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
53292
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
39
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
53219
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
40
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
52195
2680
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
41
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
12
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
18
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
62
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
31
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
37
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
43
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
50
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
56
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
25
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
68
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
75
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
81
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
87
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
2844
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
3872
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-946.vpx
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
16
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-946.vpx
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
33
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
50
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
66
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-946.vpx
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
83
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvBugReport.exe
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvDump.exe
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.exe
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.dll
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: aswOfferTool.exe
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: HTMLayout.dll
3872
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Replacing files
3048
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
3048
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62
3048
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3048
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3048
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
3048
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3048
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3048
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
E80B0000A25E938E230BD501
3048
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
666E89E725A9E5A565F552AD72E9A8D38E7895593B8709710458D648525367D4
3048
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\1576c2.ipi
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1576c3.rbs
30739243
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1576c3.rbsLow
4055713072
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1302019708-1500728564-335382590-1000\Components\E2F7BA5F3A11DF34592646F9E7939D30
E0E469B53A9B6724E99DD4A5750247A7
C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Local\Yandex\YaPin\
3048
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\admin\AppData\Local\Yandex\
1744
lite_installer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Yandex
UICreated_admin
1
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
EnableFileTracing
0
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
EnableConsoleTracing
0
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
FileTracingMask
4294901760
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
ConsoleTracingMask
4294901760
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
MaxFileSize
1048576
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASAPI32
FileDirectory
%windir%\tracing
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
EnableFileTracing
0
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
EnableConsoleTracing
0
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
FileTracingMask
4294901760
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
ConsoleTracingMask
4294901760
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
MaxFileSize
1048576
1744
lite_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\lite_installer_RASMANCS
FileDirectory
%windir%\tracing
1744
lite_installer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1744
lite_installer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000070000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1744
lite_installer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1744
lite_installer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ldgpjdiadomhinpimgchmeembbgojnjk
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\mjmpfdkmpojoeemjmfiddlhkkndcdpno
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ibknafobnmndicojahlppolcaaibngjf
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gndelhfhcfbdhndfpcinebijfcjpmpec
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
2320
seederexe.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\buffer
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\fhkbfkkohcdgpckffakhbllifkakihmh
install_parameter
clid=2337023-600&win=385&
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\fhkbfkkohcdgpckffakhbllifkakihmh
update_url
http://clients2.google.com/service/update2/crx
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
DisplayName
Яндекс
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
FaviconURLFallback
https://www.yandex.ru/favicon.ico
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
SuggestionsURL_JSON
https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
SuggestionsURL
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
URL
https://yandex.ru/search/?win=385&clid=2337023-600&text={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
NTURL
https://yandex.ru/search/?win=385&clid=2337025-600&text={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
NTTopResultURL
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
NTLogoURL
http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
YaCreationDate
2019-39-15
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
FaviconPath
C:\Users\admin\AppData\Local\MICROS~1\INTERN~1\Services\YANDEX~1.ICO
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\buffer
SuggestionsURLFallback
http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\buffer
FaviconURLFallback
http://www.bing.com/favicon.ico
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\buffer
DisplayName
Bing
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\buffer
URL
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DisplayName
Яндекс
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconURLFallback
https://www.yandex.ru/favicon.ico
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SuggestionsURL_JSON
https://suggest.yandex.ru/suggest-ff.cgi?uil=ru&part={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SuggestionsURL
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL
https://yandex.ru/search/?win=385&clid=2337023-600&text={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
NTURL
https://yandex.ru/search/?win=385&clid=2337025-600&text={searchTerms}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
NTTopResultURL
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
NTLogoURL
http://downloader.yandex.net/banner/ntpagelogo/{language}/{scalelevel}.png
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
YaCreationDate
2019-39-15
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\Local\MICROS~1\INTERN~1\Services\YANDEX~1.ICO
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
SuggestionsURLFallback
http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
FaviconURLFallback
http://www.bing.com/favicon.ico
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
DisplayName
Bing
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\d39b6c38-7716-11e9-95f4-5254004a04af
URL
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
ShowSearchSuggestionsInAddressGlobal
1
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
https://www.yandex.ru/?win=385&clid=2337022-600
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
Enabled
1
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C0000000100000000000000
2320
seederexe.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C000000010000000200000066000000000000005C0032004C010000AF4EE76C2000393333457E312E55524C0000420008000400EFBEAF4EE76CAF4EE76C2A00000073E500000000030000000000000000000000000000002F043D04340435043A0441042E00750072006C0000001A0000006E0000000100000064003200A0010000AF4EE76C2000343134387E312E55524C00004A0008000400EFBEAF4EE76CAF4EE76C2A00000075E500000000030000000000000000000000000000001004320438043004310438043B04350442044B042E00750072006C0000001A000000
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-731
Internet Explorer
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\AccessibilityCpl.dll,-10
Ease of Access Center
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-737
Internet Explorer (No Add-ons)
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\sud.dll,-1
Default Programs
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\wucltux.dll,-1
Windows Update
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\ehome\ehres.dll,-100
Windows Media Center
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Windows Sidebar\sidebar.exe,-1005
Desktop Gadget Gallery
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1
Windows Anytime Upgrade
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\DVD Maker\DVDMaker.exe,-61403
Windows DVD Maker
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-114
Windows Fax and Scan
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\unregmp2.exe,-4
Windows Media Player
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\XpsRchVw.exe,-102
XPS Viewer
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\displayswitch.exe,-320
Connect to a Projector
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291
Math Input Panel
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\mblctr.exe,-1008
Windows Mobility Center
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\NetProjW.dll,-501
Connect to a Network Projector
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\mstsc.exe,-4000
Remote Desktop Connection
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\SnippingTool.exe,-15051
Snipping Tool
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\SoundRecorder.exe,-100
Sound Recorder
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\SNTSearch.dll,-505
Sticky Notes
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\SyncCenter.dll,-3000
Sync Center
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\OobeFldr.dll,-33056
Getting Started
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555
Windows Speech Recognition
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\dfrgui.exe,-103
Disk Defragmenter
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\wdc.dll,-10030
Resource Monitor
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\msinfo32.exe,-100
System Information
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\rstrui.exe,-100
System Restore
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\miguiresource.dll,-201
Task Scheduler
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\migwiz\wet.dll,-591
Windows Easy Transfer Reports
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\migwiz\wet.dll,-588
Windows Easy Transfer
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298
Personalize Handwriting Recognition
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80
Tablet PC Input Panel
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Windows Journal\Journal.exe,-3074
Windows Journal
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101
Windows PowerShell ISE
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\comres.dll,-3410
Component Services
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\mycomput.dll,-300
Computer Management
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\odbcint.dll,-1310
Data Sources (ODBC)
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\miguiresource.dll,-101
Event Viewer
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\iscsicpl.dll,-5001
iSCSI Initiator
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\MdSched.exe,-4001
Windows Memory Diagnostic
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\wdc.dll,-10021
Performance Monitor
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\pmcsnap.dll,-700
Print Management
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\wsecedit.dll,-718
Local Security Policy
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\filemgmt.dll,-2204
Services
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\msconfig.exe,-126
System Configuration
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\AuthFWGP.dll,-20
Windows Firewall with Advanced Security
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\gameux.dll,-10082
Games Explorer
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\sdcpl.dll,-101
Backup and Restore
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\recdisc.exe,-2000
Create a System Repair Disc
2560
Yandex.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\msra.exe,-100
Windows Remote Assistance
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Favorites
007C01000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016001401320085050000454B864A2000494E5445524E7E312E4C4E4B0000A60008000400EFBE454B864A454B864A2A000000613E000000000400000000000000000056000000000049006E007400650072006E006500740020004500780070006C006F007200650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C00690065003400750069006E00690074002E006500780065002C002D0037003300310000001C00520000001D00EFBE02004D006900630072006F0073006F00660074002E0049006E007400650072006E00650074004500780070006C006F007200650072002E00440065006600610075006C00740000001C000000007601000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016000E013200CC040000EE3AB624200057494E444F577E312E4C4E4B00007E0008000400EFBE454B864A454B864A2A000000673E0000000005000000000000000000540000000000570069006E0064006F007700730020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00740000001D00EFBE02007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000001C000000007801000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B004200610072000000160010013200EB050000743D33AD200057494E444F577E322E4C4E4B0000A80008000400EFBE454B864A454B864A2A0000006B3E00000000050000000000000000005C0000000000570069006E0064006F007700730020004D006500640069006100200050006C0061007900650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C0075006E007200650067006D00700032002E006500780065002C002D00340000001C004C0000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004D00650064006900610050006C0061007900650072003300320000001C00000000EE00000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4D7D5911005461736B426172003C0008000400EFBE454B864A1C4D7D592A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600860032007A0800001C4D59592000474F4F474C457E312E4C4E4B0000500008000400EFBE1C4D7D591C4D7D592A00000097C0000000000100000000000000000000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B0000001C001A0000001D00EFBE02004300680072006F006D00650000001C000000005201000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4DD15D11005461736B426172003C0008000400EFBE454B864A1C4DD15D2A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA003200FB0600001C4DD05D20004F50455241317E312E4C4E4B0000540008000400EFBE1C4DD15D1C4DD15D2A000000E6C600000000010000000000000000000000000000004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C000000004801000014001F80C827341F105C1042AA032EE45287D6685200310000000000AF4EE46C11005461736B426172003C0008000400EFBE454B864AAF4EE46C2A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600E0003200AF070000AF4EE46C200059616E6465782E6C6E6B0000420008000400EFBEAF4EE46CAF4EE46C2A0000005AE50000000003000000000000000000000000000000590061006E006400650078002E006C006E006B0000001A00840000001D00EFBE020043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00590061006E006400650078005C0059006100500069006E005C00590061006E0064006500780057006F0072006B0069006E0067002E0065007800650000001A000000FF
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesChanges
10
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesVersion
2
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
DisplayName
Yandex taskbar button
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
DisplayVersion
2.0.5.0038
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
Publisher
Yandex
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
NoModify
1
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
NoRepair
1
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
DisplayIcon
C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
UninstallString
C:\Users\admin\AppData\Local\Yandex\YaPin\YandexWorking.exe --uninstall --nopinned
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
URLInfoAbout
http://legal.yandex.ru/desktop_software_agreement/
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
HelpLink
http://help.yandex.ru/
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
Contact
http://feedback.yandex.ru
2560
Yandex.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YaPinLancher
URLUpdateInfo
http://soft.yandex.ru/distribution/
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
100
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
17
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2428
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
AvRepair
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /wait
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Installing the product
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
0
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
1
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
3
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
5
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
6
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
7
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
8
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
9
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
10
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
11
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
12
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
13
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
14
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
15
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
16
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
18
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
20
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
21
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
22
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
23
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
24
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
25
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
26
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
27
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
28
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
29
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
30
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
31
2428
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
33