General Info

File name

SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe

Full analysis
https://app.any.run/tasks/eeabf4fb-340a-4bed-a0e0-f228f149b3c1
Verdict
Malicious activity
Analysis date
14/01/2022, 22:25:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

1f2951435ee209e761a9df276023c48f

SHA1

98d306e3248a3cf6fa61d0cd711fbc74f3b85702

SHA256

c3e83b560db63700a60c5d4d8cd562fbc1a0f8bd4b6098a27b3f1ca8338c3d09

SSDEEP

49152:qqe3f6a0zD7+H98AHaCfu6O/HCL+WuTmuKwEP:DSiBD7E9vBuT/HCK5NKXP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Drops executable file immediately after starts
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 2284)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 1256)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • ndp48-web.exe (PID: 3524)
  • instup.exe (PID: 1648)
Changes settings of System certificates
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
Application was dropped or rewritten from another process
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • Setup.exe (PID: 3240)
  • ndp48-web.exe (PID: 3524)
  • SetupUtility.exe (PID: 1548)
  • sbr.exe (PID: 2912)
  • instup.exe (PID: 1648)
  • SetupUtility.exe (PID: 2508)
Loads dropped or rewritten executable
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • instup.exe (PID: 572)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
Changes the autorun value in the registry
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • instup.exe (PID: 1648)
Actions looks like stealing of personal data
  • ndp48-web.exe (PID: 3524)
Checks supported languages
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 3904)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 1256)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 2284)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • ndp48-web.exe (PID: 3524)
  • SetupUtility.exe (PID: 1548)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
  • sbr.exe (PID: 2912)
  • WinRAR.exe (PID: 2768)
  • SetupUtility.exe (PID: 2508)
  • TMP9CCE.tmp.exe (PID: 2744)
Reads the computer name
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 3904)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • ndp48-web.exe (PID: 3524)
  • SetupUtility.exe (PID: 1548)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
  • SetupUtility.exe (PID: 2508)
  • WinRAR.exe (PID: 2768)
  • TMP9CCE.tmp.exe (PID: 2744)
Executable content was dropped or overwritten
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 1256)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe (PID: 2284)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • ndp48-web.exe (PID: 3524)
  • instup.exe (PID: 1648)
  • WinRAR.exe (PID: 2768)
Drops a file with too old compile date
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Reads the Windows organization settings
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Adds / modifies Windows certificates
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
Reads Windows owner or organization settings
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Drops a file that was compiled in debug mode
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • ndp48-web.exe (PID: 3524)
  • instup.exe (PID: 572)
  • instup.exe (PID: 1648)
Creates files in the Windows directory
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 1148)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 3004)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • instup.exe (PID: 1648)
Starts Internet Explorer
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Reads Environment values
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • instup.exe (PID: 572)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
Searches for installed software
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
Starts itself from another location
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • instup.exe (PID: 572)
Creates files in the program directory
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • instup.exe (PID: 1648)
Drops a file with a compile date too recent
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
Removes files from Windows directory
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • instup.exe (PID: 572)
  • instup.exe (PID: 1648)
Creates a software uninstall entry
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 2896)
  • iexplore.exe (PID: 3224)
Reads CPU info
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • instup.exe (PID: 572)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
Creates or modifies windows services
  • instup.exe (PID: 572)
Creates a directory in Program Files
  • instup.exe (PID: 1648)
Uses RUNDLL32.EXE to load library
  • WinRAR.exe (PID: 2768)
Application was dropped or rewritten from another process
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 3904)
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Reads settings of System Certificates
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • iexplore.exe (PID: 1784)
  • iexplore.exe (PID: 2896)
  • instup.exe (PID: 572)
  • avast_free_antivirus_setup_online.exe (PID: 1300)
  • Setup.exe (PID: 3240)
  • instup.exe (PID: 1648)
  • iexplore.exe (PID: 3224)
Loads dropped or rewritten executable
  • SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp (PID: 2616)
Checks Windows Trust Settings
  • HotspotShield-10.22.5-hss-821-siis.exe (PID: 2536)
  • iexplore.exe (PID: 1784)
  • HSS-10.22.5-install-hss-821-siis.exe (PID: 3060)
  • iexplore.exe (PID: 2896)
  • Setup.exe (PID: 3240)
  • iexplore.exe (PID: 3224)
Checks supported languages
  • iexplore.exe (PID: 1784)
  • iexplore.exe (PID: 2896)
  • iexplore.exe (PID: 3224)
  • rundll32.exe (PID: 3684)
Changes internet zones settings
  • iexplore.exe (PID: 1784)
Reads the computer name
  • iexplore.exe (PID: 2896)
  • iexplore.exe (PID: 1784)
  • iexplore.exe (PID: 3224)
Changes settings of System certificates
  • iexplore.exe (PID: 2896)
Reads internet explorer settings
  • iexplore.exe (PID: 2896)
  • iexplore.exe (PID: 3224)
Application launched itself
  • iexplore.exe (PID: 1784)
Modifies the phishing filter of IE
  • iexplore.exe (PID: 1784)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2896)
Reads the hosts file
  • instup.exe (PID: 572)
  • instup.exe (PID: 1648)
Dropped object may contain Bitcoin addresses
  • Setup.exe (PID: 3240)
Creates files in the user directory
  • iexplore.exe (PID: 3224)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (67.7%)
.exe
|   Win32 EXE PECompact compressed (generic) (25.6%)
.exe
|   Win32 Executable (generic) (2.7%)
.exe
|   Win16/32 Executable Delphi generic (1.2%)
.exe
|   Generic Win/DOS Executable (1.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2020:11:15 10:48:30+01:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
741376
InitializedDataSize:
157184
UninitializedDataSize:
null
EntryPoint:
0xb5eec
OSVersion:
6.1
ImageVersion:
6
SubsystemVersion:
6.1
Subsystem:
Windows GUI
FileVersionNumber:
2.0.0.13
ProductVersionNumber:
2.0.0.13
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
FileDescription:
Linkvertise GmbH & Co. KG
FileVersion:
2.0.0.13
LegalCopyright:
OriginalFileName:
ProductName:
Linkvertise GmbH & Co. KG
ProductVersion:
2.0.0.13
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
15-Nov-2020 09:48:30
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
null
FileDescription:
Linkvertise GmbH & Co. KG
FileVersion:
2.0.0.13
LegalCopyright:
null
OriginalFileName:
null
ProductName:
Linkvertise GmbH & Co. KG
ProductVersion:
2.0.0.13
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
10
Time date stamp:
15-Nov-2020 09:48:30
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000B361C 0x000B3800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.35606
.itext 0x000B5000 0x00001688 0x00001800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.97275
.data 0x000B7000 0x000037A4 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.0444
.bss 0x000BB000 0x00006DE8 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x000C2000 0x00000F36 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.8987
.didata 0x000C3000 0x000001A4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75636
.edata 0x000C4000 0x0000009A 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.87222
.tls 0x000C5000 0x00000018 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x000C6000 0x0000005D 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.38389
.rsrc 0x000C7000 0x000216F0 0x00021800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.61597
Resources
1

2

3

4

5

6

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

11111

DVCLAL

PACKAGEINFO

MAINICON

Imports
    kernel32.dll

    comctl32.dll

    version.dll

    user32.dll

    oleaut32.dll

    netapi32.dll

    advapi32.dll

    kernel32.dll (delay-loaded)

Exports
    dbkFCallWrapperAddr

    __dbk_fcall_wrapper

    TMethodImplementationIntercept

Screenshots

Processes

Total processes
62
Monitored processes
22
Malicious processes
9
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start simplicitysniper - linkvertise downloader_yzvq-w1.exe simplicitysniper - linkvertise downloader_yzvq-w1.tmp no specs simplicitysniper - linkvertise downloader_yzvq-w1.exe simplicitysniper - linkvertise downloader_yzvq-w1.tmp cookie_mmm_irs_ppi_005_888_a.exe hotspotshield-10.22.5-hss-821-siis.exe hotspotshield-10.22.5-hss-821-siis.exe hss-10.22.5-install-hss-821-siis.exe iexplore.exe iexplore.exe avast_free_antivirus_setup_online.exe instup.exe ndp48-web.exe setup.exe setuputility.exe no specs instup.exe sbr.exe no specs setuputility.exe no specs winrar.exe rundll32.exe no specs iexplore.exe tmp9cce.tmp.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1256
CMD
"C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe"
Path
C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Linkvertise GmbH & Co. KG
Version
2.0.0.13
Modules
Image
c:\windows\system32\wkscli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\netutils.dll
c:\users\admin\appdata\local\temp\simplicitysniper - linkvertise downloader_yzvq-w1.exe
c:\windows\system32\usp10.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-5vk4k.tmp\simplicitysniper - linkvertise downloader_yzvq-w1.tmp
c:\windows\system32\uxtheme.dll

PID
3904
CMD
"C:\Users\admin\AppData\Local\Temp\is-5VK4K.tmp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp" /SL5="$4017A,1785071,899584,C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-5VK4K.tmp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
Indicators
No indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\webio.dll
c:\windows\system32\advapi32.dll
c:\users\admin\appdata\local\temp\is-5vk4k.tmp\simplicitysniper - linkvertise downloader_yzvq-w1.tmp
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll

PID
2284
CMD
"C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe" /SPAWNWND=$90128 /NOTIFYWND=$4017A
Path
C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe
Indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Linkvertise GmbH & Co. KG
Version
2.0.0.13
Modules
Image
c:\users\admin\appdata\local\temp\simplicitysniper - linkvertise downloader_yzvq-w1.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\users\admin\appdata\local\temp\is-iq6i8.tmp\simplicitysniper - linkvertise downloader_yzvq-w1.tmp
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll

PID
2616
CMD
"C:\Users\admin\AppData\Local\Temp\is-IQ6I8.tmp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp" /SL5="$40186,1785071,899584,C:\Users\admin\AppData\Local\Temp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe" /SPAWNWND=$90128 /NOTIFYWND=$4017A
Path
C:\Users\admin\AppData\Local\Temp\is-IQ6I8.tmp\SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
Indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-iq6i8.tmp\simplicitysniper - linkvertise downloader_yzvq-w1.tmp
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\webio.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\is-9hnic.tmp\zbshieldutils.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wshtcpip.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\is-9hnic.tmp\botva2.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\sxs.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\program files\windows defender\mpoav.dll
c:\users\admin\appdata\local\temp\is-9hnic.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
c:\windows\system32\rpcrtremote.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mssprxy.dll
c:\users\admin\appdata\local\temp\is-9hnic.tmp\prod1_extract\hotspotshield-10.22.5-hss-821-siis.exe
c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\ieframe.dll

PID
1148
CMD
"C:\Users\admin\AppData\Local\Temp\is-9HNIC.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1khOLWOm2S70E4TS0sCBGsjq1bUjV6pOmO6IGxuJsNyMj5fwzAbDRxa5zW5Uzv7qMflOLCtpL8
Path
C:\Users\admin\AppData\Local\Temp\is-9HNIC.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
Indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1286.0
Modules
Image
c:\users\admin\appdata\local\temp\is-9hnic.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\temp\asw.96753c6edc0304d4\avast_free_antivirus_setup_online.exe
c:\windows\system32\apphelp.dll

PID
3004
CMD
"C:\Users\admin\AppData\Local\Temp\is-9HNIC.tmp\prod1_extract\HotspotShield-10.22.5-hss-821-siis.exe" /silent /optin=2
Path
C:\Users\admin\AppData\Local\Temp\is-9HNIC.tmp\prod1_extract\HotspotShield-10.22.5-hss-821-siis.exe
Indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Pango Inc.
Description
Hotspot Shield 10.22.5
Version
10.22.5.12023
Modules
Image
c:\windows\system32\apphelp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\is-9hnic.tmp\prod1_extract\hotspotshield-10.22.5-hss-821-siis.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msi.dll
c:\windows\temp\{7842de94-9793-4972-a558-0192719be5ed}\.cr\hotspotshield-10.22.5-hss-821-siis.exe
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\feclient.dll

PID
2536
CMD
"C:\Windows\Temp\{7842DE94-9793-4972-A558-0192719BE5ED}\.cr\HotspotShield-10.22.5-hss-821-siis.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\is-9HNIC.tmp\prod1_extract\HotspotShield-10.22.5-hss-821-siis.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 /silent /optin=2
Path
C:\Windows\Temp\{7842DE94-9793-4972-A558-0192719BE5ED}\.cr\HotspotShield-10.22.5-hss-821-siis.exe
Indicators
Parent process
HotspotShield-10.22.5-hss-821-siis.exe
User
admin
Integrity Level
HIGH
Version:
Company
Pango Inc.
Description
Hotspot Shield 10.22.5
Version
10.22.5.12023
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\temp\{7842de94-9793-4972-a558-0192719be5ed}\.cr\hotspotshield-10.22.5-hss-821-siis.exe
c:\windows\system32\user32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\feclient.dll
c:\windows\system32\version.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\mbahost.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\bootstrappercore.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\mscoree.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\668bc5e53fd656dc16c9f40ea15e872e\system.xml.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\a40acfa4a0c4bb0dbf824ace588583ba\windowsbase.ni.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\hss.setup.bootstrapper.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\foundation.installer.common.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\7ece7799d670cdfc1393b98b0668a046\system.configuration.ni.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\foundation.installer.ui.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\eed4ad7c1049e7cf47606479d68ec1de\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\613fd0f86fc699adfe3184b2e746aa18\presentationframework.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\hss.setup.common.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\nsi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\945435ba615b8bd1ff688ebfa43fae39\system.management.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\72f5d3ff58e143354c4c48149eba08d9\smdiagnostics.ni.dll
c:\windows\system32\mswsock.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\newtonsoft.json.dll
c:\windows\microsoft.net\assembly\gac_msil\system\v4.0_4.0.0.0__b77a5c561934e089\system.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\6184c7705ab9c508cde1318f284afa33\system.runtime.serialization.ni.dll
c:\windows\system32\rasman.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasapi32.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.ba\foundation.installer.wixsharp.bootstrapper.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\secur32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\add15017f88a7eccb8676d7239297d1c\system.data.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\f246b71bfd9c1537167b7f6d4f18cd01\system.xaml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.numerics\de2a832558f95db343e443c365bd3575\system.numerics.ni.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\devobj.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.be\hss-10.22.5-install-hss-821-siis.exe
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll

PID
3060
CMD
"C:\Windows\Temp\{FE0F6E9C-45C7-45EA-AE52-6A2F8DF7D11E}\.be\HSS-10.22.5-install-hss-821-siis.exe" -q -burn.elevated BurnPipe.{7284319B-1821-42F1-9481-844CFDCEE757} {B1944A24-0760-488A-8722-C51C09FC3D66} 2536
Path
C:\Windows\Temp\{FE0F6E9C-45C7-45EA-AE52-6A2F8DF7D11E}\.be\HSS-10.22.5-install-hss-821-siis.exe
Indicators
Parent process
HotspotShield-10.22.5-hss-821-siis.exe
User
admin
Integrity Level
HIGH
Version:
Company
Pango Inc.
Description
Hotspot Shield 10.22.5
Version
10.22.5.12023
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\temp\{fe0f6e9c-45c7-45ea-ae52-6a2f8df7d11e}\.be\hss-10.22.5-install-hss-821-siis.exe
c:\windows\system32\ole32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wups.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\srclient.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wu.upgrade.ps.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\spp.dll
c:\windows\system32\atl.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\feclient.dll
c:\windows\system32\apphelp.dll
c:\programdata\package cache\3727dc47f12d9ea5eba87145228dff0ce8076e25\redist\ndp48-web.exe

PID
1784
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://anonfiles.com/V2sfJb5fp5/Simplicity_Sniper_rar
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\cryptsp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\devobj.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\propsys.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ieui.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\duser.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\winshfhc.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\devrtl.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\msisip.dll
c:\program files\windows defender\mpoav.dll
c:\windows\system32\wshext.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mpr.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2896
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1784 CREDAT:275457 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rasadhlp.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\wship6.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\mlang.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\atl.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mshtmlmedia.dll
c:\windows\system32\mf.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\netutils.dll

PID
1300
CMD
"C:\Windows\Temp\asw.96753c6edc0304d4\avast_free_antivirus_setup_online.exe" /silent /ws /psh:2bJ1khOLWOm2S70E4TS0sCBGsjq1bUjV6pOmO6IGxuJsNyMj5fwzAbDRxa5zW5Uzv7qMflOLCtpL8 /cookie:mmm_irs_ppi_005_888_a /ga_clientid:9693eb70-e5f9-43a7-a9b0-65f774ec5e2a /edat_dir:C:\Windows\Temp\asw.96753c6edc0304d4
Path
C:\Windows\Temp\asw.96753c6edc0304d4\avast_free_antivirus_setup_online.exe
Indicators
Parent process
cookie_mmm_irs_ppi_005_888_a.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus
Version
21.11.6809.0
Modules
Image
c:\windows\temp\asw.96753c6edc0304d4\avast_free_antivirus_setup_online.exe
c:\windows\system32\profapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\webio.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\credssp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\crypt32.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\instup.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\gpapi.dll

PID
572
CMD
"C:\Windows\Temp\asw.b18c6c2e800d7e8d\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b18c6c2e800d7e8d /edition:1 /prod:ais /guid:ea2d5749-b1d8-48e4-924c-3d9d364d8843 /ga_clientid:9693eb70-e5f9-43a7-a9b0-65f774ec5e2a /silent /ws /psh:2bJ1khOLWOm2S70E4TS0sCBGsjq1bUjV6pOmO6IGxuJsNyMj5fwzAbDRxa5zW5Uzv7qMflOLCtpL8 /cookie:mmm_irs_ppi_005_888_a /ga_clientid:9693eb70-e5f9-43a7-a9b0-65f774ec5e2a /edat_dir:C:\Windows\Temp\asw.96753c6edc0304d4
Path
C:\Windows\Temp\asw.b18c6c2e800d7e8d\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
21.11.6809.0
Modules
Image
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ole32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\instup.exe
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netutils.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wkscli.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\instup.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\crypt32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\uat_572.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\winrnr.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\asw761366b6207b817e.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\asw7866c6613b7c0720.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\aswe553d7bf425f35f9.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\asw79975e5cdb5be649.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\aswd09fcc42b18fec44.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\asw8dcb7cc43be079cd.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\asw928b01da6c24c62d.tmp
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\instup.exe
c:\windows\system32\apphelp.dll

PID
3524
CMD
"C:\ProgramData\Package Cache\3727DC47F12D9EA5EBA87145228DFF0CE8076E25\redist\ndp48-web.exe" /q /norestart /ChainingPackage "Hotspot Shield 10.22.5" /log "C:\Users\admin\AppData\Local\Temp\Hotspot_Shield_10.22.5_20220114222619_000_NetFx48Web.log.html" /pipe NetFxSection.{DFA475AD-B6B6-4938-956F-6F01C20D7FB7}
Path
C:\ProgramData\Package Cache\3727DC47F12D9EA5EBA87145228DFF0CE8076E25\redist\ndp48-web.exe
Indicators
Parent process
HSS-10.22.5-install-hss-821-siis.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.8 Setup
Version
4.8.04115.00
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\feclient.dll
c:\windows\system32\imm32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clusapi.dll
c:\programdata\package cache\3727dc47f12d9ea5eba87145228dff0ce8076e25\redist\ndp48-web.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\cryptbase.dll
c:\04308d58cbdc8e7ad703895f62\setup.exe
c:\windows\system32\apphelp.dll

PID
3240
CMD
C:\04308d58cbdc8e7ad703895f62\\Setup.exe /q /norestart /ChainingPackage "Hotspot Shield 10.22.5" /log "C:\Users\admin\AppData\Local\Temp\Hotspot_Shield_10.22.5_20220114222619_000_NetFx48Web.log.html" /pipe NetFxSection.{DFA475AD-B6B6-4938-956F-6F01C20D7FB7} /x86 /x64 /web
Path
C:\04308d58cbdc8e7ad703895f62\Setup.exe
Indicators
Parent process
ndp48-web.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Setup Installer
Version
14.8.4110.0 built by: NET48REL1LAST_B
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\04308d58cbdc8e7ad703895f62\setup.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\webio.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel32.dll
c:\04308d58cbdc8e7ad703895f62\setupengine.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msi.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sfc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\samcli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\srvcli.dll
c:\04308d58cbdc8e7ad703895f62\sqmapi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\wu.upgrade.ps.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wups.dll
c:\windows\assembly\gac_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
c:\windows\system32\d3dcompiler_47.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\04308d58cbdc8e7ad703895f62\setuputility.exe
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bitsprx2.dll
c:\04308d58cbdc8e7ad703895f62\tmp9cce.tmp.exe

PID
1548
CMD
SetupUtility.exe /aupause
Path
C:\04308d58cbdc8e7ad703895f62\SetupUtility.exe
Indicators
No indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.5 Setup
Version
14.8.4110.0 built by: NET48REL1LAST_B
Modules
Image
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\usp10.dll
c:\04308d58cbdc8e7ad703895f62\setuputility.exe
c:\windows\system32\rsaenh.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wu.upgrade.ps.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\wups.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll

PID
1648
CMD
"C:\Windows\Temp\asw.b18c6c2e800d7e8d\New_150b09c4\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.b18c6c2e800d7e8d /edition:1 /prod:ais /guid:ea2d5749-b1d8-48e4-924c-3d9d364d8843 /ga_clientid:9693eb70-e5f9-43a7-a9b0-65f774ec5e2a /silent /ws /psh:2bJ1khOLWOm2S70E4TS0sCBGsjq1bUjV6pOmO6IGxuJsNyMj5fwzAbDRxa5zW5Uzv7qMflOLCtpL8 /cookie:mmm_irs_ppi_005_888_a /edat_dir:C:\Windows\Temp\asw.96753c6edc0304d4 /online_installer
Path
C:\Windows\Temp\asw.b18c6c2e800d7e8d\New_150b09c4\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
21.11.6809.0
Modules
Image
c:\windows\temp\asw.b18c6c2e800d7e8d\uat_1648.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\nsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\lpk.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\instup.exe
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\webio.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winmm.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\instup.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\sbr.exe

PID
2912
CMD
"C:\Windows\Temp\asw.b18c6c2e800d7e8d\New_150b09c4\sbr.exe" 1648 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Path
C:\Windows\Temp\asw.b18c6c2e800d7e8d\New_150b09c4\sbr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Shutdown blocker
Version
21.11.6809.0
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\temp\asw.b18c6c2e800d7e8d\new_150b09c4\sbr.exe
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll

PID
2508
CMD
SetupUtility.exe /screboot
Path
C:\04308d58cbdc8e7ad703895f62\SetupUtility.exe
Indicators
No indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.5 Setup
Version
14.8.4110.0 built by: NET48REL1LAST_B
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\04308d58cbdc8e7ad703895f62\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msi.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\userenv.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernel32.dll

PID
2768
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Simplicity Sniper.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cscui.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\slc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ntshrui.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\comdlg32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\winsta.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\drprov.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\duser.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\dui70.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\version.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll

PID
3684
CMD
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIa2768.37063\Config.yaml
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iertutil.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

PID
3224
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1784 CREDAT:1192976 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wininet.dll
c:\windows\system32\devobj.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mlang.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\oleaut32.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\ieui.dll
c:\windows\system32\schannel.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\winmm.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\uianimation.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\icm32.dll
c:\windows\system32\mscms.dll

PID
2744
CMD
TMP9CCE.tmp.exe /Q /X:C:\04308d58cbdc8e7ad703895f62\TMP9CCE.tmp.exe.tmp
Path
C:\04308d58cbdc8e7ad703895f62\TMP9CCE.tmp.exe
Indicators
No indicators
Parent process
Setup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Framework 4.8 Setup
Version
4.8.03761.00
Modules
Image
c:\windows\system32\bcrypt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\nsi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\feclient.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\04308d58cbdc8e7ad703895f62\tmp9cce.tmp.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\dnsapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll

Registry activity

Total events
65128
Read events
0
Write events
2547
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
(default)
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
D0D3001C4D1CE263F9A1EB7A8B77189A625D0A90AE5B5FBB66A3130EC33B3BE8
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
380A0000BA9264AD9509D801
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010005000E0016001A0011004C03010000001E768127E028094199FEB9D127C57AFE
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
01000000000000004044B6BF9509D801
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Blob
0400000001000000100000001BFE69D191B71933A372A80FE155E5B5090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD9796254830300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0B00000001000000100000005300650063007400690067006F0000001D0000000100000010000000885010358D29A38F059B028559C95F901400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2190000000100000010000000EA6089055218053DD01E37E1D806EEDF53000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
040000000100000010000000497904B0EB8719AC47B0BC11519B74D0090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3491D00000001000000100000002E0D6875874A44C820912E85E964CFDB140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF41900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA253000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Blob
5C00000001000000040000000010000053000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000EA6089055218053DD01E37E1D806EEDF620000000100000020000000E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD21400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB1D0000000100000010000000885010358D29A38F059B028559C95F900B00000001000000100000005300650063007400690067006F0000000300000001000000140000002B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E0F000000010000003000000066B764A96581128168CF208E374DDA479D54E311F32457F4AEE0DBD2A6C8D171D531289E1CD22BFDBBD4CFD979625483090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080400000001000000100000001BFE69D191B71933A372A80FE155E5B52000000001000000E2050000308205DE308203C6A003020102021001FD6D30FCA3CA51A81BBC640E35032D300D06092A864886F70D01010C0500308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F72697479301E170D3130303230313030303030305A170D3338303131383233353935395A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A3423040301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF300D06092A864886F70D01010C050003820201005CD47C0DCFF7017D4199650C73C5529FCBF8CF99067F1BDA43159F9E0255579614F1523C27879428ED1F3A0137A276FC5350C0849BC66B4EBA8C214FA28E556291F36915D8BC88E3C4AA0BFDEFA8E94B552A06206D55782919EE5F305C4B241155FF249A6E5E2A2BEE0B4D9F7FF70138941495430709FB60A9EE1CAB128CA09A5EA7986A596D8B3F08FBC8D145AF18156490120F73282EC5E2244EFC58ECF0F445FE22B3EB2F8ED2D9456105C1976FA876728F8B8C36AFBF0D05CE718DE6A66F1F6CA67162C5D8D083720CF16711890C9C134C7234DFBCD571DFAA71DDE1B96C8C3C125D65DABD5712B6436BFFE5DE4D661151CF99AEEC17B6E871918CDE49FEDD3571A21527941CCF61E326BB6FA36725215DE6DD1D0B2E681B3B82AFEC836785D4985174B1B9998089FF7F78195C794A602E9240AE4C372A2CC9C762C80E5DF7365BCAE0252501B4DD1A079C77003FD0DCD5EC3DD4FABB3FCC85D66F7FA92DDFB902F7F5979AB535DAC367B0874AA9289E238EFF5C276BE1B04FF307EE002ED45987CB524195EAF447D7EE6441557C8D590295DD629DC2B9EE5A287484A59BB790C70C07DFF589367432D628C1B0B00BE09C4CC31CD6FCE369B54746812FA282ABD3634470C48DFF2D33BAAD8F7BB57088AE3E19CF4028D8FCC890BB5D9922F552E658C51F883143EE881DD7C68E3C436A1DA718DE7D3D16F162F9CA90A8FD
2616
SimplicitySniper - Linkvertise Downloader_YzvQ-w1.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
5C00000001000000040000000008000053000000010000004300000030413022060C2B06010401B231010201050130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C01900000001000000100000002AA1C05E2AE606F198C2C5E937C97AA2620000000100000020000000D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF40B000000010000001C0000005300650063007400690067006F002000280041004100410029000000140000000100000014000000A0110A233E96F107ECE2AF29EF82A57FD030A4B41D00000001000000100000002E0D6875874A44C820912E85E964CFDB030000000100000014000000D1EB23A46D17D68FD92564C2F1F1601764D8E3490F00000001000000140000003E8E6487F8FD27D322A269A71EDAAC5D57811286090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B06010505070308040000000100000010000000497904B0EB8719AC47B0BC11519B74D0200000000100000036040000308204323082031AA003020102020101300D06092A864886F70D0101050500307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C18414141204365727469666963617465205365727669636573301E170D3034303130313030303030305A170D3238313233313233353935395A307B310B3009060355040613024742311B301906035504080C1247726561746572204D616E636865737465723110300E06035504070C0753616C666F7264311A3018060355040A0C11436F6D6F646F204341204C696D697465643121301F06035504030C1841414120436572746966696361746520536572766963657330820122300D06092A864886F70D01010105000382010F003082010A0282010100BE409DF46EE1EA76871C4D45448EBE46C883069DC12AFE181F8EE402FAF3AB5D508A16310B9A06D0C57022CD492D5463CCB66E68460B53EACB4C24C0BC724EEAF115AEF4549A120AC37AB23360E2DA8955F32258F3DEDCCFEF8386A28C944F9F68F29890468427C776BFE3CC352C8B5E07646582C048B0A891F9619F762050A891C766B5EB78620356F08A1A13EA31A31EA099FD38F6F62732586F07F56BB8FB142BAFB7AACCD6635F738CDA0599A838A8CB17783651ACE99EF4783A8DCF0FD942E2980CAB2F9F0E01DEEF9F9949F12DDFAC744D1B98B547C5E529D1F99018C7629CBE83C7267B3E8A25C7C0DD9DE6356810209D8FD8DED2C3849C0D5EE82FC90203010001A381C03081BD301D0603551D0E04160414A0110A233E96F107ECE2AF29EF82A57FD030A4B4300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF307B0603551D1F047430723038A036A0348632687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F414141436572746966696361746553657276696365732E63726C3036A034A0328630687474703A2F2F63726C2E636F6D6F646F2E6E65742F414141436572746966696361746553657276696365732E63726C300D06092A864886F70D010105050003820101000856FC02F09BE8FFA4FAD67BC64480CE4FC4C5F60058CCA6B6BC1449680476E8E6EE5DEC020F60D68D50184F264E01E3E6B0A5EEBFBC745441BFFDFC12B8C74F5AF48960057F60B7054AF3F6F1C2BFC4B97486B62D7D6BCCD2F346DD2FC6E06AC3C334032C7D96DD5AC20EA70A99C1058BAB0C2FF35C3ACF6C37550987DE53406C58EFFCB6AB656E04F61BDC3CE05A15C69ED9F15948302165036CECE92173EC9B03A1E037ADA015188FFABA02CEA72CA910132CD4E50826AB229760F8905E74D4A29A53BDF2A968E0A26EC2D76CB1A30F9EBFEB68E756F2AEF2E32B383A0981B56B85D7BE2DED3F1AB7B263E2F5622C82D46A004150F139839F95E93696986E
1148
cookie_mmm_irs_ppi_005_888_a.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.96753c6edc0304d4
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
MaxFileSize
1048576
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
FileTracingMask
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
FileTracingMask
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
MaxFileSize
1048576
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
FileDirectory
%windir%\tracing
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
EnableConsoleTracing
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
EnableConsoleTracing
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
ConsoleTracingMask
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
EnableFileTracing
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
FileDirectory
%windir%\tracing
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASAPI32
ConsoleTracingMask
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HotspotShield-10_RASMANCS
EnableFileTracing
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\HotspotShield
EVENTS_PATH
C:\Users\admin\AppData\Local\Temp\rep_events
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\HotspotShield
SENDCRASHREPORTREQUEST_PATH
C:\Users\admin\AppData\Local\Temp\bw1j3ybu.kgt
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
5C0000000100000004000000001000001900000001000000100000002FE1F70BB05D7C92335BC5E05B984DA662000000010000002000000096BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C60B000000010000001A0000004900530052004700200052006F006F007400200058003100000014000000010000001400000079B459E67BB6E5E40173800888C81A58F6E99B6E1D000000010000001000000073B6876195F5D18E048510422AEF04E309000000010000000C000000300A06082B06010505070301030000000100000014000000CABD2A79A1076A31F21D253635CB039D4329A5E80F00000001000000200000003F0411EDE9C4477057D57E57883B1F205B20CDC0F3263129B1EE0269A2678F630400000001000000100000000CD2F9E0DA1773E9ED864DA5E370E74E20000000010000006F0500003082056B30820353A0030201020211008210CFB0D240E3594463E0BB63828B00300D06092A864886F70D01010B0500304F310B300906035504061302555331293027060355040A1320496E7465726E65742053656375726974792052657365617263682047726F7570311530130603550403130C4953524720526F6F74205831301E170D3135303630343131303433385A170D3335303630343131303433385A304F310B300906035504061302555331293027060355040A1320496E7465726E65742053656375726974792052657365617263682047726F7570311530130603550403130C4953524720526F6F7420583130820222300D06092A864886F70D01010105000382020F003082020A0282020100ADE82473F41437F39B9E2B57281C87BEDCB7DF38908C6E3CE657A078F775C2A2FEF56A6EF6004F28DBDE68866C4493B6B163FD14126BBF1FD2EA319B217ED1333CBA48F5DD79DFB3B8FF12F1219A4BC18A8671694A66666C8F7E3C70BFAD292206F3E4C0E680AEE24B8FB7997E94039FD347977C99482353E838AE4F0A6F832ED149578C8074B6DA2FD0388D7B0370211B75F2303CFA8FAEDDDA63ABEB164FC28E114B7ECF0BE8FFB5772EF4B27B4AE04C12250C708D0329A0E15324EC13D9EE19BF10B34A8C3F89A36151DEAC870794F46371EC2EE26F5B9881E1895C34796C76EF3B906279E6DBA49A2F26C5D010E10EDED9108E16FBB7F7A8F7C7E50207988F360895E7E237960D36759EFB0E72B11D9BBC03F94905D881DD05B42AD641E9AC0176950A0FD8DFD5BD121F352F28176CD298C1A80964776E4737BACEAC595E689D7F72D689C50641293E593EDD26F524C911A75AA34C401F46A199B5A73A516E863B9E7D72A712057859ED3E5178150B038F8DD02F05B23E7B4A1C4B730512FCC6EAE050137C439374B3CA74E78E1F0108D030D45B7136B407BAC130305C48B7823B98A67D608AA2A32982CCBABD83041BA2830341A1D605F11BC2B6F0A87C863B46A8482A88DC769A76BF1F6AA53D198FEB38F364DEC82B0D0A28FFF7DBE21542D422D0275DE179FE18E77088AD4EE6D98B3AC6DD27516EFFBC64F533434F0203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041479B459E67BB6E5E40173800888C81A58F6E99B6E300D06092A864886F70D01010B05000382020100551F58A9BCB2A850D00CB1D81A6920272908AC61755C8A6EF882E5692FD5F6564BB9B8731059D321977EE74C71FBB2D260AD39A80BEA17215685F1500E59EBCEE059E9BAC915EF869D8F8480F6E4E99190DC179B621B45F06695D27C6FC2EA3BEF1FCFCBD6AE27F1A9B0C8AEFD7D7E9AFA2204EBFFD97FEA912B22B1170E8FF28A345B58D8FC01C954B9B826CC8A8833894C2D843C82DFEE965705BA2CBBF7C4B7C74E3B82BE31C822737392D1C280A43939103323824C3C9F86B255981DBE29868C229B9EE26B3B573A82704DDC09C789CB0A074D6CE85D8EC9EFCEABC7BBB52B4E45D64AD026CCE572CA086AA595E315A1F7A4EDC92C5FA5FBFFAC28022EBED77BBBE3717B9016D3075E46537C3707428CD3C4969CD599B52AE0951A8048AE4C3907CECC47A452952BBAB8FBADD233537DE51D4D6DD5A1B1C7426FE64027355CA328B7078DE78D3390E7239FFB509C796C46D5B415B3966E7E9B0C963AB8522D3FD65BE1FB08C284FE24A8A389DAAC6AE1182AB1A843615BD31FDC3B8D76F22DE88D75DF17336C3D53FB7BCB415FFFDCA2D06138E196B8AC5D8B37D775D533C09911AE9D41C1727584BE0241425F67244894D19B27BE073FB9B84F817451E17AB7ED9D23E2BEE0D52804133C31039EDD7A6C8FC60718C67FDE478E3F289E0406CFA5543477BDEC899BE91743DF5BDB5FFE8E1E57A2CD409D7E6222DADE1827
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
0400000001000000100000000CD2F9E0DA1773E9ED864DA5E370E74E0F00000001000000200000003F0411EDE9C4477057D57E57883B1F205B20CDC0F3263129B1EE0269A2678F63030000000100000014000000CABD2A79A1076A31F21D253635CB039D4329A5E809000000010000000C000000300A06082B060105050703011D000000010000001000000073B6876195F5D18E048510422AEF04E314000000010000001400000079B459E67BB6E5E40173800888C81A58F6E99B6E0B000000010000001A0000004900530052004700200052006F006F007400200058003100000062000000010000002000000096BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C61900000001000000100000002FE1F70BB05D7C92335BC5E05B984DA620000000010000006F0500003082056B30820353A0030201020211008210CFB0D240E3594463E0BB63828B00300D06092A864886F70D01010B0500304F310B300906035504061302555331293027060355040A1320496E7465726E65742053656375726974792052657365617263682047726F7570311530130603550403130C4953524720526F6F74205831301E170D3135303630343131303433385A170D3335303630343131303433385A304F310B300906035504061302555331293027060355040A1320496E7465726E65742053656375726974792052657365617263682047726F7570311530130603550403130C4953524720526F6F7420583130820222300D06092A864886F70D01010105000382020F003082020A0282020100ADE82473F41437F39B9E2B57281C87BEDCB7DF38908C6E3CE657A078F775C2A2FEF56A6EF6004F28DBDE68866C4493B6B163FD14126BBF1FD2EA319B217ED1333CBA48F5DD79DFB3B8FF12F1219A4BC18A8671694A66666C8F7E3C70BFAD292206F3E4C0E680AEE24B8FB7997E94039FD347977C99482353E838AE4F0A6F832ED149578C8074B6DA2FD0388D7B0370211B75F2303CFA8FAEDDDA63ABEB164FC28E114B7ECF0BE8FFB5772EF4B27B4AE04C12250C708D0329A0E15324EC13D9EE19BF10B34A8C3F89A36151DEAC870794F46371EC2EE26F5B9881E1895C34796C76EF3B906279E6DBA49A2F26C5D010E10EDED9108E16FBB7F7A8F7C7E50207988F360895E7E237960D36759EFB0E72B11D9BBC03F94905D881DD05B42AD641E9AC0176950A0FD8DFD5BD121F352F28176CD298C1A80964776E4737BACEAC595E689D7F72D689C50641293E593EDD26F524C911A75AA34C401F46A199B5A73A516E863B9E7D72A712057859ED3E5178150B038F8DD02F05B23E7B4A1C4B730512FCC6EAE050137C439374B3CA74E78E1F0108D030D45B7136B407BAC130305C48B7823B98A67D608AA2A32982CCBABD83041BA2830341A1D605F11BC2B6F0A87C863B46A8482A88DC769A76BF1F6AA53D198FEB38F364DEC82B0D0A28FFF7DBE21542D422D0275DE179FE18E77088AD4EE6D98B3AC6DD27516EFFBC64F533434F0203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041479B459E67BB6E5E40173800888C81A58F6E99B6E300D06092A864886F70D01010B05000382020100551F58A9BCB2A850D00CB1D81A6920272908AC61755C8A6EF882E5692FD5F6564BB9B8731059D321977EE74C71FBB2D260AD39A80BEA17215685F1500E59EBCEE059E9BAC915EF869D8F8480F6E4E99190DC179B621B45F06695D27C6FC2EA3BEF1FCFCBD6AE27F1A9B0C8AEFD7D7E9AFA2204EBFFD97FEA912B22B1170E8FF28A345B58D8FC01C954B9B826CC8A8833894C2D843C82DFEE965705BA2CBBF7C4B7C74E3B82BE31C822737392D1C280A43939103323824C3C9F86B255981DBE29868C229B9EE26B3B573A82704DDC09C789CB0A074D6CE85D8EC9EFCEABC7BBB52B4E45D64AD026CCE572CA086AA595E315A1F7A4EDC92C5FA5FBFFAC28022EBED77BBBE3717B9016D3075E46537C3707428CD3C4969CD599B52AE0951A8048AE4C3907CECC47A452952BBAB8FBADD233537DE51D4D6DD5A1B1C7426FE64027355CA328B7078DE78D3390E7239FFB509C796C46D5B415B3966E7E9B0C963AB8522D3FD65BE1FB08C284FE24A8A389DAAC6AE1182AB1A843615BD31FDC3B8D76F22DE88D75DF17336C3D53FB7BCB415FFFDCA2D06138E196B8AC5D8B37D775D533C09911AE9D41C1727584BE0241425F67244894D19B27BE073FB9B84F817451E17AB7ED9D23E2BEE0D52804133C31039EDD7A6C8FC60718C67FDE478E3F289E0406CFA5543477BDEC899BE91743DF5BDB5FFE8E1E57A2CD409D7E6222DADE1827
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
BCC600C29509D801
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864CF000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
A209ADC49509D801
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
A209ADC49509D801
2536
HotspotShield-10.22.5-hss-821-siis.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleCachePath
C:\ProgramData\Package Cache\{ede4f15f-3450-4250-8e82-3de128939172}\HSS-10.22.5-install-hss-821-siis.exe
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
DisplayIcon
C:\ProgramData\Package Cache\{ede4f15f-3450-4250-8e82-3de128939172}\HSS-10.22.5-install-hss-821-siis.exe,0
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
Publisher
Pango Inc.
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleAddonCode
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
NoModify
1
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundlePatchCode
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleDetectCode
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
DisplayName
Hotspot Shield 10.22.5
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleVersion
10.22.5.12023
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
VersionMajor
10
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
EngineVersion
3.11.2.4516
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleUpgradeCode
{AF937FB3-3094-4DAA-837B-F6B4F1DB989D}
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleTag
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
UninstallString
"C:\ProgramData\Package Cache\{ede4f15f-3450-4250-8e82-3de128939172}\HSS-10.22.5-install-hss-821-siis.exe" /uninstall
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ede4f15f-3450-4250-8e82-3de128939172}
(default)
{ede4f15f-3450-4250-8e82-3de128939172}
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
DisplayVersion
10.22.5.12023
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
EstimatedSize
63641
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ede4f15f-3450-4250-8e82-3de128939172}
Version
10.22.5.12023
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{ede4f15f-3450-4250-8e82-3de128939172}
DisplayName
Hotspot Shield 10.22.5
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleProviderKey
{ede4f15f-3450-4250-8e82-3de128939172}
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
{ede4f15f-3450-4250-8e82-3de128939172}
"C:\ProgramData\Package Cache\{ede4f15f-3450-4250-8e82-3de128939172}\HSS-10.22.5-install-hss-821-siis.exe" /burn.runonce
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
Resume
1
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
BundleResumeCommandLine
/quiet /burn.log.append "C:\Users\admin\AppData\Local\Temp\Hotspot_Shield_10.22.5_20220114222619.log" /optin=2
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
QuietUninstallString
"C:\ProgramData\Package Cache\{ede4f15f-3450-4250-8e82-3de128939172}\HSS-10.22.5-install-hss-821-siis.exe" /uninstall /quiet
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ede4f15f-3450-4250-8e82-3de128939172}
VersionMinor
22
3060
HSS-10.22.5-install-hss-821-siis.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935445
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935445
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0016001A0015005202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
BCC600C29509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0016001A0015005202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
DE8CE6C19509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0016001A0015005202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{FF6A90BF-7588-11EC-A20C-12A9866C77DE}
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
BCC600C29509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
AdminActive
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0016001A0015005202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0016001A0018001D0301000000644EA2EF78B0D01189E400C04FC9E26E
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0016001A001800D90300000000
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000AECF6027B96738B09C8B352212A66275D3365FD447C20E729ECB14DC41AB00383619F0E121ABDBC060614319D7FAD55EAAFA86DA1A96309353F03B6D205E5BF8DC9FB35EE73758D5065CA7F1242AA167CD0BB9827C8321DA05C9293910F2648E6883851592AC7E1BF09BBC67F38A0A96EA89611335290171877746CEE207EB2FF7E32AC274AB81458F4053B2ADBC7F4CC6942F4BDF272565D11AFE1EFF3D4EB810E1C8C184D2606EB46A5EE9755FE01BC24C14ECE71FC10E77D3CC4C8A346740D59BE7472DC37081493926B9E712C3A706D2A412BCB0060681C03BC71B8D3CCBAE334A5B831C213E42CC0C67FB77DC987E44D95C9F7A74ACFB02F6B737E6F4FEC0C72EA8907E4BC4BF457526582D459D7FC373E4FC1D644071BA0DBC41E0A5EE0579B220198ABBB2D1C308BC86D3F17D636FB1070E3921840106B3F6E51BECF89667C66CACDE7AD60566E775F60BF33D4F6838002F6E42F7C9076667823785ABEAB3562A5F1CA667454E92685474C45057CE9E4D285C5C988CDDC8988ED4D3C67A7C29FFA4E204DB919AC70DE1AD3DD953C18BEB7AA35B3F58A9199F6793F83EB0E1A0786ED22C3EA86CBB1EEA58C9FE5261535D28E34A82ED8944630D12A75B710454BC218A4A25E1E3F1D043141E4D3FCEE2818EBB022CAF9EA13C36F258E4C803B506B4AB702B371F9853A780AA2A3128784180CDBE4467099DE2E4D3975447002F0057D6B4FF7D40ABAB1C3E4656268FD801EBB87BA313E8B8A5E2550F2DFF191AD8F2A9AC06D0652BD105EDF97D3923D2F1E01C8E19955CB4FCD7182E493E70413909C66485DCB0C127BB2CD0DD4D048020EA991E289B85A0609DBCB84BA82385095FCB315F1F40E6425C9D81F60F521B65F7CFBA445C84787B56E2341A3554E3F8BC59A5694A3521F873DF7E4D172D4819005E93B00177C7A13C28C164B52192E10811DD452DAFE2C7AC910E3C28B5CE9E26E6B0E0A87F76A2512F1D4311AC47FDE491F5CF81CD3D8C3F55EFDAB20AD2BA1B07A7716FBD79DECA97F6DED7131FDF117B841F90B1EC8313CA72EAFE4CC8BD5561DEB07B4F99BAB000652B197854491B6D9714367ACD9E958FCDDBFD9B147A2294B1B0F95638599D0A93B29EF935CB900870775B484D2B064695E1E81746109D3F9EF081F2D1A67A56187103B821313AEDF8A38B3A55C4428E0E138FE04C82B80439935E4463B6578287BC69D453C797BA40CBFF72EE98FE06459CE316DA2096821E24446A7E6E412F9440ED6C7B684C1196C1490FB3FE5B503203B2D98BC1AD59E4EFC8852E86FFFDEA0939A2955EF690315D37311658610B3A78D44944C7BB29E3E76BB61DD1988C4A9EFB949E149BD8186260F83449DAD6C13AB98645FC1892F51B3E1BAADBB77CBB29436452963C8AA204AD8344392053000AA9B0D7382C34FFBEB9D542D7626E09B8DC305FDED14428F4F7F42B2BDD20ADA89DE74ADD00AFD8BD9504A8D661006A7F651A54FB07A8DCFC036A11DFF6DF476EEB4B5E1835A39BE624C9D05D57D3C538CA4031FCF954F9320705C3473C2F4EE995FCC5027FB05D9D0242C03751877A8E29C439B4DEE96FB495E4A74F81AF1294821A58857476E823CF907DAAC2BCE792BCC4C0483108B8F4DD29D7ECF60107968FC52E129E9404709FD325ED86125A4D7B626692A44FC69EF2F3C1842BC42995951DB62CF3ACE6930B2CFEF9BA298D5397BC654E6760DDFE1C62C2A2CD971899614335C4E85DA5AEBDB992A51FA23E7566F4421F91D97804649605FAE31CE4FE2555F358C447367BBD9B6410251B4E748028A258D75BE3CFB7AE93BD14F252796174AEF7E10AC95F7DF3965E1F3524D1497AE1AA14873BD0D2CC5A41DEB88E2469C06F011446291807DF42C9C3904DA68C08B785BAFB88734E0FECEEEA1081AA495936C1299B02EBD780AFF5DECC638FE1F4E9635059B2635597978B159972724B5F6ADA32A9DD7090F6B9A68F890CA6755D81D3FC3F7554958389CEA3F235E25BF2747A5910B7E841627AB67D68B28DE162375E644F9362A7F55E41F7BD35B74132856570705D22F6E29B624007B78A7B25D0320E275905FC0C3B750D993361273FF6D0896893F0A3977FEC1707CDAFCFC427A9B968E6866DE8C28ABA25FB7A7039A203809AAB3360A2C97EE808E0156661309350B3E71770A99E020603BF471440F6D89FA54B6C6121CD71EAAAC428E21AB95BF2A6846B906E07E51ED2594A1F740B0085296DE3B23512D25B8D1B017D113CF855E337E8DB590234B931CAE33EF5F41BF9C6D56285FEFA40A351A3CEB66434A735081163048906B12FC28D0805E383A4E41C4678789DA51C5097785303353D84BAB64E71571EFEF174244802065ED8A724CB6B4E083000023DFD256BB3A20CE5618E3A43783844C2AFF606400886D8482773481197D8EF95052410AB37CD6B8DCC2EC01794F66CDD7CDAC43D507B1D2055B456E778B6259FA5AC8B08C9D488A97E38B835FD7A12EE706F8070E55D7A604A2EE77520E87D7AA435B29303D903A81F4ADC7D34E33EE6D554E14FBD4C05CE4181EDF7F28F6CCFA65F4D44CBFA66D1D1058A8718511BA0552BAE60F6685C8C9B4C62E591CB07A070CBA3D0435972BD250A2B5186E3B9D57E93AA5EC5D196AFA031C6285FBD38A85E17BB9C6315B691CAF75F7CD3BB1C64DF2BFD6BC6A777ACB3CF10E71883390441E4FCB0E14D49146D6E861C19F8A1E02F952851C90AC088C2C644D5C83E0131EED2D9C46223BC89810D010000000E000000385835324E41646D516B412533640200000000000000
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D0730000000000200000000001066000000010000200000004C2021E7B00044FC5E4AD42D70891A7F3D387753700828EC482250C5F082727C000000000E8000000002000020000000ECB5AA1B6373B55BA40CD02B1EF57A725E5ABD7ECC7672DEEFE383E249417104500000000DA7ACA16A999DA97D5F0E91814BA169BB86FF063BFCF6C2108C511837078FB4D04C20FAC0832EEBD23A29A147DC61E8408B106EDE07F177DA3CE19CB410E98B2D0BFDD5AD21B04AD33EBE4C6A30D2E74000000070F4547C629EC50D7D2440C402C6D8D3E5C9734EB5BFA7F8356FE5E5E286A0BE3882E4E5C3306ACD8D8E6FA3D1587A689DAD763C2BCD92224F6E080DF5A7871C
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D07300000000002000000000010660000000100002000000050E776CABB297A6A79813EEB80ACAB2401759B819DF87C9CE43019F3F9798EBB000000000E800000000200002000000075BB0140E837729E22C4D62B8B3244A706D97D311B4F2D83D80B5BA397A600E81000000046510550EC5518B4B9542904A79F11A940000000E2C06C19E8CC376793F3466A750979B64CE7993E4E0836BA1B4E9D395712DB4AEA772649C82715E01339E3E65D7F11F2CD961D3A863E86199651729ADCFBBAAA
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D0730000000000200000000001066000000010000200000001FB2102077F62E56F1EFC17992ED55BB0FAA392C8E43444507600E75EDF6BE9A000000000E8000000002000020000000DA41CC6BA0637D7FE02BF1B82C2AF2340E846622522AA4A16928827056A68670500000002354551574D373EAE10424B36649C8CE9EFE605501CDF0A16C7C3FD1C9E3898C5D33BA6EE7495817D866680E11FB7E75AE42E52143A876921F1DB788DBD0FAD22722278083CACE910D0112717ED111664000000059EA063E2343E82A46494CDF110064600CEA92D2AB3497005DEC726B9B0C72BBB2BCE752C0E3FDD5BD63357A67F73C195F82F7D7E998505DBA9CAEBF9B8EC389
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D073000000000020000000000106600000001000020000000CFD97532C5A98E2235E555E2718A6514C0D5DBCB789A9F99E29DC699E709E720000000000E8000000002000020000000D8D0D07A2A365EE8CDCF97050F029D4EF6A5DA120E7CF755C2880D832430AB8910000000F0BEC2DC558B9151296806A6E80B9739400000004F884A6AF76FEBB2931B869288AFC04AFB564D340F3756F346CD837FCF8146922CB0CF89E389E3A6FC7D7A58C5D613E934FE859E66BC65FA862BF5D47B1DB76D
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C0800000DE3C29F9C69548EEBD10AFE1F59965BE00716E02A4B9F51213DF43CF432A1C6F5EE16E9E4E5AB19177D52F744432D371C4C493A8D1DE4B278E55122C3DB90F9B013ECAF421729867E0903CC763FBB44D0798CBAD135FF3CFFBDE045C9F19296A9F135DC1B1D37A43B16D873E7B7EC826B308CCB0BB2E1853D673E6EEE9485AEC3282209D9188B40E14464B262CD250EC40FA9C730B4385F6C82BB7EDFE42990C958516661291477C1338C37FD9F3DD59AB700E97B5BC00CCAAD0ED7A101BBA02221102F7C6E774BEC83A1CA634F561768C957C9FDC620C5648A00C9FC0B1A04512336B6A608DF952AD5BF7E9EFB92B2FFE3A66DDD171A8BCFB78017E422A31575FE7AF4EE17AA411CC702044BC5FE4948A7DBE60F6DC44DA6D6068C9A66FEB05D527FB550BC09D96DFA31FE91CB3A2FFEB3E27F06E8D25F2286589785F721497EBF1B4A0115CC60190E136F302F4E2992A87E7B9EA78A3A9A66C70485F56AD20DE5F5D3FA432984DCA3F234F80F7F006A279A62FDCC3E94A818B5BCB6808F7ADA632515D1660A13F859888E308D12E180CEC4E5C67630C16E3BF896CBB84131E4DBE3DB069FB0CEB5D094BC9BC7AB8C683F704748C54B6DEB6EA73C02BE7200BDEC45F78C0C66831FA9F8A666DF8F579118235B10D9229A93532C1C0AB00535A53668BEA0CEEC783782F299C1F313FC98FA7418B1D182FB59890C6A7CAF7D55A359EE247306822A40FC3D0F0525F73A0D8683B2C1CF819293AF2C3525DBF8EE00F56C6416D2E359AAB71F8A8D93E448A85A994D0BF2B4AADF674E875054AB282EAAEF308A53AB62DE536381ED5F0B124518F0384B5AD318525003984D3AB0302418AF7F91A972F0C17095566FA8974BEE5E4CBD9C26D6D1B309BF1249ADA67048DF74DF51F569F377AFB467FF8D4C5075CE627EBD78E7CEF1345A624DCD6A99709F265BE355D0F143AE7D22653039D20C066266FA6F62425C707E1A27BAA6779AF79EF4B8EA6AA3790ED231C3AF525EA5A742273F2BC41A9B5CFC6523941CA28D8981A829D5EEDBEE6F5FB9142CDFA85C520B466CCC06D9149A3B8A1A7BFAEDA4F498053434E0C9D271409EF0C57DB0F3A579BDDD7123B566C9957B098F98B587D86853D4288A81EAB477E37B9C7DAD39427B26A73C5A106B882C7D0AF023F7E9D56E47D6D171DCD0D8E710B1CF63D35FC7087D194C5D3B147904D409BE2D38E88B1F4D475056A0467E04B12D80D2DFE6D5846B05C1E68A683B2D8B1319203F0E9A205D28C3FD003D44D0DCA5CD7D7D670D202972BB16BBFE6D38443F216E9D01A2C061B44B676912CB81CF2BD8D270DD0D5BE88E5904A739B1381BBFF66F057843E62D5E09939AADB3EE9996BF3C9D2C77E7D6D5BDD34823A688989AB8E274851D21043C1B8416B39CE4D454A44DD256E982A92F06C31095EBA3B2FB87C12D6AD0FEADFFA271DE8226FF7085A5BF6C8004FCBF435403895C22ECE2A783E17C86FB7C2085BED67A74F2F08F2AE48BC73B69E8CA9BC6154C2DEA0A44D0CC6753E04010B36990C15D6C9E556D6780287DD2B64212F27E2F46CBE23DCBEC826CAF973E22E949369D8C22CB2F5BDC98DC752B8DB640089B594B66AC7F82F7C54ED49D9540C4AFD12D9C2F1987CC7E4E7CCAF58C7DC17A3DFCFB2CE7C6E0CDB50154BBE557AC6D8251FDD028D36CFDC04B72845493AE7B845FF9CA32D32BA172D1E642CECAE67167389AAC98D54E47103FC732869352848FB169212F21E8B91CB01143F0B19CE6A184C23A0A5E23EB5C8DD3EAC08833F980CBCD987C825E90D3E5A335EB19719A5081687D1C87850BC6987264A4B7B234766623F1BB312DAAB7FCF9085FFEA761953CAC676F0757AA6CA84229D0493B40913C5B3F8B23E8D8E8231A32ECF6DA1B8ED8B751A352262F70116396E5620093F0491E9E8BAED09986C29B6432B641D75C5AEE98583AACF3F0BE082A84504CD9B5CADFF85D0192A6B1FD5E9FD01B898F1F7566E92EF256240E1CD9FC4B335EC5FF344410A0531A9B89AF14B6684A3806F879B68FC5B9E098E88E207BDC18DA75EE53D4AEF3B675562F939AEF9975A5FC055A1222BECDFF23A008CEA1D546C505A2BF01C1F923C862C10E1FD1036B80EE6793B768B7601C9E54CC46D7D7ED15B13AAE7C5C4E214A71601E1DE046A2E56D3F90A90251F81C582639041283C7D0D8D837D79294035E7F2C8A220C027E071FAB10BEF22CCF408C34DA07A1775CBA0D9B4B79E66C8AB35F45966A30D7B961DECC8CF9DAE8A40ABBA0B8175D5570915EA341E74675FA774DCB6B443865498399C2EC3C9F25553B6789E2D2EDBB4CE0C50F2354B24E219708DEB14B4C4C53626BAE0E3E6B849FD9FE0ED88D274BAB5AAF01FD88EB995A14539ED0747D2CC142B9AE80DB5EA37F522451A40606A3FECCC098491442F5DB652A2BE4DF80A49F2EBFE3A6B23C23B59BCF700AE4BF649C9635F48AD4B40138EB3EA516849E5600FB716E940DF4A4F1764D8DC505502F73C0763540CA1E5F196F352CCBA9B9E185DF7A6DDB21E0C63CB4FBC690A3E8A24292AE7A713970AEAAB97CE0932ED6E51D9CF101A299E629FD933E3D7741095F8DC8A8E53822F18DF73237E15DA3F802EC2E9F4A89749E6D352AAB100E6C1F04E44D31950F05039EED930B4FED2EE4D8EC1B78694930443320DF2261224DB632E98D64AA15F5728098AB004AE34A1E07F1431A7CF84513194FF6B84ECE08248A184F6E4406FDB7D22C323FF23C4A252F4249ABA45FF712C0DF2802F9F2EECCAAE526BE82C6D5083648A6F16708B33DF03A880C02F66C9FC801529280647C6134DE70BF86AEE7744B7F45A4C972664CEA8E9B26B4921CB4D1602A0805712B57C6B1E4376FBCA194B02B0AE5380C9664BDAC75F7DB1390D07BD50C9FA67C138A0163B0645DF61D5707D1C2A9D49A93C008B303C297BB667667CAD719859559288613268D6F721370EFC52FC3BDA661BA6D64664D09DFB85A338FD320C1DA73D2F3E1FFDCC7141D8E079737D913E421A48BA4B7114F50C102809EAFEB79D13364EAC7251B84954E35F1BA2BC0F68748DE027B63818ACDDBECEE7F8A78CF8AACF3090F1533C691167E4CDE16010000000E000000385835324E41646D516B412533640200000000000000
1784
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
ClientSupported_MigrationTime
2F43B9C79509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0016001A0025004300
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0016001A0025004300
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0016001A0025004300
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0016001A0025004300
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010005000E0016001A0033003702010000001E768127E028094199FEB9D127C57AFE
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935445
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935496
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
517475247
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
E057CCD79509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D073000000000020000000000106600000001000020000000D5B43F98138B1F945D26A67FFCEDA180A0BBD8B738AE5DF38964B89AC0BFBEF0000000000E8000000002000020000000314F87E76267A3AECAB07B8C31C679664ACD62E3E89CF3CBAD4CF9467380B888200000001381B1D73C3504D9663C742B36284F7B32EA6DD9643DA86054968D956F55012C40000000A7E388C4303CAC335DA46FF120D7DFFE0882E7A6D9964D2D57C6EA4FB445C34900D4455D547795B034EAB71BE5C8545E8FBB074D0D202E0846755B262FE0A57F
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0016001B000D00E202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0016001B000D00E202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0016001B000D00E202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0016001B000D00E202
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
27
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB010000005FA4FF0BEB505C4FA091E7932A4D073000000000020000000000106600000001000020000000A00F95F204A94C31D8DB07AD875660BF03731584CEB193D4B379FD53E077BA45000000000E8000000002000020000000287E7A848DFEBA421DA284E99085267781BC2A3CF2A3511440CA565BF1EEF985200000008DA446DA1CE21826716426294A3FEE6106062872A7303B48CBAB98781885186340000000A1D0C8482F0391EFF1F3D33F34F1EA17A9FEF173080B218C4F537407A351C259EA271D2385A1178DB871ED15EE18161D0C9C582980476EDA79F6CD243346139B
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
E0D8B9E19509D801
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0016001B000F000D03
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0016001B000F000D03
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0016001B000F000D03
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
28
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0016001B000F000D03
1784
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
28
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2896
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2896
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB028090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA9531400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B0B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D002000520033000000190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
2896
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
5C000000010000000400000000080000530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F0B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D002000520033000000620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B1400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA953030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD0F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B06010505070308040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB0282000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\anonfiles.com
NumberOfSubdomains
1
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935445
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935445
2896
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
1300
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
1300
avast_free_antivirus_setup_online.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast
SetupLog
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
572
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr
EnableCounterForIoctl
1
572
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
572
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85