General Info

URL

https://linkvertise.com/23610/omegaxexploit/1

Full analysis
https://app.any.run/tasks/63cbcb84-056c-4da3-8a9b-179a61798bdc
Verdict
Malicious activity
Analysis date
15/01/2022, 01:35:17
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • svchost.exe (PID: 924)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • regsvr32.exe (PID: 5972)
  • regsvr32.exe (PID: 5252)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • regsvr32.exe (PID: 6084)
  • chrome.exe (PID: 4156)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • avBugReport.exe (PID: 2788)
  • avBugReport.exe (PID: 4648)
Drops executable file immediately after starts
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • chrome.exe (PID: 4264)
  • setup78263.exe (PID: 4720)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • setup78263.exe (PID: 5940)
Application was dropped or rewritten from another process
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
  • saBSI.exe (PID: 3948)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • sbr.exe (PID: 4340)
  • installer.exe (PID: 6064)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • SetupInf.exe (PID: 4164)
  • SetupInf.exe (PID: 3744)
  • SetupInf.exe (PID: 2636)
  • SetupInf.exe (PID: 6108)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4204)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4104)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 3504)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4124)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
  • setup78263.exe (PID: 4720)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • setup78263.exe (PID: 5940)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • setup78263.exe (PID: 2984)
  • GenericSetup.exe (PID: 5008)
  • overseer.exe (PID: 5432)
  • AvEmUpdate.exe (PID: 5384)
  • avBugReport.exe (PID: 2788)
  • SetupInf.exe (PID: 5968)
  • avBugReport.exe (PID: 4648)
  • SetupInf.exe (PID: 4948)
Changes settings of System certificates
  • saBSI.exe (PID: 3948)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • GenericSetup.exe (PID: 3968)
  • SetupInf.exe (PID: 4948)
Changes the autorun value in the registry
  • instup.exe (PID: 3240)
Registers / Runs the DLL via REGSVR32.EXE
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
Actions looks like stealing of personal data
  • ServiceHost.exe (PID: 1564)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • GenericSetup.exe (PID: 5936)
Steals credentials from Web Browsers
  • ServiceHost.exe (PID: 1564)
Loads the Task Scheduler COM API
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • overseer.exe (PID: 5432)
Creates files in the Windows directory
  • svchost.exe (PID: 924)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
Executable content was dropped or overwritten
  • chrome.exe (PID: 1324)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • saBSI.exe (PID: 3948)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 3884)
  • installer.exe (PID: 6064)
  • chrome.exe (PID: 4264)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • setup78263.exe (PID: 4720)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • setup78263.exe (PID: 5940)
  • AvEmUpdate.exe (PID: 5792)
Reads the computer name
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • saBSI.exe (PID: 3948)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • instup.exe (PID: 2544)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • SetupInf.exe (PID: 2636)
  • SetupInf.exe (PID: 4164)
  • SetupInf.exe (PID: 3744)
  • SetupInf.exe (PID: 6108)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • GenericSetup.exe (PID: 5008)
  • AvEmUpdate.exe (PID: 5384)
  • overseer.exe (PID: 5432)
  • avBugReport.exe (PID: 2788)
  • SetupInf.exe (PID: 5968)
  • avBugReport.exe (PID: 4648)
  • SetupInf.exe (PID: 4948)
Checks supported languages
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 2524)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.exe (PID: 1284)
  • saBSI.exe (PID: 3948)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • sbr.exe (PID: 4340)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • cmd.exe (PID: 1400)
  • cmd.exe (PID: 4872)
  • SetupInf.exe (PID: 4164)
  • SetupInf.exe (PID: 2636)
  • SetupInf.exe (PID: 3744)
  • SetupInf.exe (PID: 6108)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
  • setup78263.exe (PID: 4720)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • setup78263.exe (PID: 5940)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • setup78263.exe (PID: 2984)
  • GenericSetup.exe (PID: 5008)
  • AvEmUpdate.exe (PID: 5384)
  • overseer.exe (PID: 5432)
  • avBugReport.exe (PID: 2788)
  • avBugReport.exe (PID: 4648)
  • SetupInf.exe (PID: 4948)
  • SetupInf.exe (PID: 5968)
Reads Windows owner or organization settings
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • GenericSetup.exe (PID: 5936)
Drops a file with too old compile date
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • instup.exe (PID: 3240)
  • setup78263.exe (PID: 4720)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • setup78263.exe (PID: 5940)
Reads the Windows organization settings
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • GenericSetup.exe (PID: 5936)
Adds / modifies Windows certificates
  • saBSI.exe (PID: 3948)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • GenericSetup.exe (PID: 3968)
Drops a file that was compiled in debug mode
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • saBSI.exe (PID: 3948)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2540)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • installer.exe (PID: 3884)
  • chrome.exe (PID: 4264)
  • setup78263.exe (PID: 4720)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • setup78263.exe (PID: 5940)
  • AvEmUpdate.exe (PID: 5792)
Creates files in the program directory
  • saBSI.exe (PID: 3948)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • avBugReport.exe (PID: 2788)
Reads CPU info
  • instup.exe (PID: 2544)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 3240)
  • SetupInf.exe (PID: 2636)
  • SetupInf.exe (PID: 4164)
  • SetupInf.exe (PID: 3744)
  • SetupInf.exe (PID: 6108)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • AvEmUpdate.exe (PID: 4336)
  • AvEmUpdate.exe (PID: 5384)
  • avBugReport.exe (PID: 2788)
  • avBugReport.exe (PID: 4648)
  • SetupInf.exe (PID: 5968)
  • SetupInf.exe (PID: 4948)
Reads Environment values
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • ServiceHost.exe (PID: 1564)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • AvEmUpdate.exe (PID: 6096)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • AvEmUpdate.exe (PID: 5384)
Creates or modifies windows services
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
Starts itself from another location
  • instup.exe (PID: 2544)
Removes files from Windows directory
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
Creates a software uninstall entry
  • instup.exe (PID: 3240)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
Creates a directory in Program Files
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • installer.exe (PID: 3884)
  • AvEmUpdate.exe (PID: 5792)
Changes default file association
  • instup.exe (PID: 3240)
Drops a file with a compile date too recent
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)
  • installer.exe (PID: 3884)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • setup78263.exe (PID: 4720)
  • setup78263.exe (PID: 684)
  • setup78263.exe (PID: 4104)
  • setup78263.exe (PID: 5940)
Creates files in the driver directory
  • instup.exe (PID: 3240)
Creates/Modifies COM task schedule object
  • instup.exe (PID: 3240)
  • regsvr32.exe (PID: 5972)
  • regsvr32.exe (PID: 5252)
  • regsvr32.exe (PID: 6084)
Starts SC.EXE for service management
  • installer.exe (PID: 3884)
Executed as Windows Service
  • ServiceHost.exe (PID: 1564)
Searches for installed software
  • updater.exe (PID: 4512)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • GenericSetup.exe (PID: 5936)
  • overseer.exe (PID: 5432)
  • GenericSetup.exe (PID: 3968)
Starts CMD.EXE for commands execution
  • updater.exe (PID: 4512)
Application launched itself
  • AvEmUpdate.exe (PID: 5792)
Executed via COM
  • DrvInst.exe (PID: 6096)
Checks supported languages
  • svchost.exe (PID: 924)
  • chrome.exe (PID: 1324)
  • chrome.exe (PID: 3016)
  • chrome.exe (PID: 2400)
  • chrome.exe (PID: 3380)
  • chrome.exe (PID: 1948)
  • chrome.exe (PID: 3100)
  • chrome.exe (PID: 1564)
  • chrome.exe (PID: 1556)
  • chrome.exe (PID: 2460)
  • chrome.exe (PID: 2220)
  • chrome.exe (PID: 3684)
  • chrome.exe (PID: 4024)
  • chrome.exe (PID: 3136)
  • chrome.exe (PID: 3848)
  • chrome.exe (PID: 868)
  • chrome.exe (PID: 3272)
  • chrome.exe (PID: 2420)
  • chrome.exe (PID: 2956)
  • chrome.exe (PID: 3404)
  • chrome.exe (PID: 3120)
  • chrome.exe (PID: 3372)
  • chrome.exe (PID: 3232)
  • chrome.exe (PID: 2564)
  • chrome.exe (PID: 496)
  • chrome.exe (PID: 1548)
  • chrome.exe (PID: 188)
  • chrome.exe (PID: 3956)
  • chrome.exe (PID: 3628)
  • chrome.exe (PID: 3208)
  • chrome.exe (PID: 3568)
  • chrome.exe (PID: 2744)
  • chrome.exe (PID: 3736)
  • chrome.exe (PID: 1500)
  • chrome.exe (PID: 2704)
  • chrome.exe (PID: 3904)
  • chrome.exe (PID: 3804)
  • chrome.exe (PID: 3704)
  • chrome.exe (PID: 4068)
  • NOTEPAD.EXE (PID: 2044)
  • chrome.exe (PID: 3640)
  • chrome.exe (PID: 1536)
  • chrome.exe (PID: 2252)
  • chrome.exe (PID: 1112)
  • chrome.exe (PID: 2204)
  • chrome.exe (PID: 3064)
  • chrome.exe (PID: 2128)
  • chrome.exe (PID: 3900)
  • chrome.exe (PID: 3164)
  • chrome.exe (PID: 1852)
  • chrome.exe (PID: 4936)
  • chrome.exe (PID: 5216)
  • chrome.exe (PID: 5436)
  • chrome.exe (PID: 4600)
  • chrome.exe (PID: 5008)
  • chrome.exe (PID: 5604)
  • chrome.exe (PID: 5712)
  • chrome.exe (PID: 4572)
  • chrome.exe (PID: 5584)
  • chrome.exe (PID: 5888)
  • chrome.exe (PID: 2572)
  • chrome.exe (PID: 5004)
  • chrome.exe (PID: 4616)
  • regsvr32.exe (PID: 5972)
  • sc.exe (PID: 4300)
  • sc.exe (PID: 5980)
  • chrome.exe (PID: 5252)
  • regsvr32.exe (PID: 5252)
  • sc.exe (PID: 4596)
  • sc.exe (PID: 5624)
  • chrome.exe (PID: 4444)
  • chrome.exe (PID: 5464)
  • chrome.exe (PID: 4452)
  • chrome.exe (PID: 4196)
  • chrome.exe (PID: 5704)
  • chrome.exe (PID: 4228)
  • regsvr32.exe (PID: 6084)
  • chrome.exe (PID: 5700)
  • chrome.exe (PID: 5576)
  • chrome.exe (PID: 5016)
  • chrome.exe (PID: 4900)
  • chrome.exe (PID: 4576)
  • chrome.exe (PID: 6056)
  • chrome.exe (PID: 1968)
  • chrome.exe (PID: 4264)
  • chrome.exe (PID: 5440)
  • chrome.exe (PID: 6036)
  • chrome.exe (PID: 6140)
  • chrome.exe (PID: 888)
  • chrome.exe (PID: 2188)
  • chrome.exe (PID: 4156)
  • chrome.exe (PID: 3572)
  • chrome.exe (PID: 4316)
  • consent.exe (PID: 1160)
  • consent.exe (PID: 3276)
  • consent.exe (PID: 688)
  • chrome.exe (PID: 900)
Creates files in the user directory
  • chrome.exe (PID: 1324)
Reads settings of System Certificates
  • chrome.exe (PID: 1324)
  • chrome.exe (PID: 3016)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
  • saBSI.exe (PID: 3948)
  • instup.exe (PID: 2544)
  • avast_free_antivirus_setup_online.exe (PID: 3400)
  • instup.exe (PID: 3240)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • consent.exe (PID: 1160)
  • consent.exe (PID: 3276)
  • consent.exe (PID: 688)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • AvEmUpdate.exe (PID: 5792)
  • GenericSetup.exe (PID: 5936)
  • AvEmUpdate.exe (PID: 4336)
  • AvEmUpdate.exe (PID: 5384)
  • avBugReport.exe (PID: 2788)
  • avBugReport.exe (PID: 4648)
Reads the computer name
  • chrome.exe (PID: 1948)
  • chrome.exe (PID: 3016)
  • chrome.exe (PID: 1324)
  • chrome.exe (PID: 3100)
  • chrome.exe (PID: 3136)
  • chrome.exe (PID: 2420)
  • chrome.exe (PID: 3404)
  • chrome.exe (PID: 1548)
  • chrome.exe (PID: 3568)
  • chrome.exe (PID: 1500)
  • chrome.exe (PID: 3904)
  • chrome.exe (PID: 4068)
  • sc.exe (PID: 4300)
  • sc.exe (PID: 4596)
  • sc.exe (PID: 5980)
  • sc.exe (PID: 5624)
  • regsvr32.exe (PID: 5252)
  • regsvr32.exe (PID: 6084)
  • chrome.exe (PID: 5704)
  • chrome.exe (PID: 4156)
  • consent.exe (PID: 1160)
  • consent.exe (PID: 3276)
  • consent.exe (PID: 688)
Changes default file association
  • chrome.exe (PID: 1324)
Checks Windows Trust Settings
  • chrome.exe (PID: 1324)
  • saBSI.exe (PID: 3948)
  • installer.exe (PID: 3884)
  • ServiceHost.exe (PID: 1564)
  • UIHost.exe (PID: 1260)
  • updater.exe (PID: 4512)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4500)
  • consent.exe (PID: 1160)
  • consent.exe (PID: 3276)
  • consent.exe (PID: 688)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 6016)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4820)
  • Download OmegaX Executor From RobloxHack_78263.exe (PID: 4844)
  • GenericSetup.exe (PID: 3968)
  • GenericSetup.exe (PID: 3204)
  • GenericSetup.exe (PID: 2788)
  • GenericSetup.exe (PID: 5936)
Reads the hosts file
  • chrome.exe (PID: 3016)
  • chrome.exe (PID: 1324)
  • instup.exe (PID: 2544)
  • instup.exe (PID: 3240)
  • overseer.exe (PID: 5432)
Application launched itself
  • chrome.exe (PID: 1324)
  • chrome.exe (PID: 1500)
Reads the date of Windows installation
  • chrome.exe (PID: 3100)
Application was dropped or rewritten from another process
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2912)
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
Loads dropped or rewritten executable
  • Omega X Exploit Here - Linkvertise Downloader_U-mzVz1.tmp (PID: 2532)
Dropped object may contain Bitcoin addresses
  • instup.exe (PID: 3240)
  • installer.exe (PID: 6064)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
198
Monitored processes
146
Malicious processes
34
Suspicious processes
11

Behavior graph

+
drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs omega x exploit here - linkvertise downloader_u-mzvz1.exe omega x exploit here - linkvertise downloader_u-mzvz1.tmp no specs omega x exploit here - linkvertise downloader_u-mzvz1.exe omega x exploit here - linkvertise downloader_u-mzvz1.tmp sabsi.exe cookie_mmm_irs_ppi_005_888_a.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs avast_free_antivirus_setup_online.exe instup.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs notepad.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs instup.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sbr.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs installer.exe installer.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs regsvr32.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs chrome.exe no specs chrome.exe no specs regsvr32.exe no specs sc.exe no specs servicehost.exe uihost.exe no specs regsvr32.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe cmd.exe no specs cmd.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs