Malware Analysis Report

2025-06-15 21:21

Sample ID 230416-vlk65saf84
Target Ambrosial (1).exe
SHA256 6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
Tags
agilenet bootkit discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a

Threat Level: Likely malicious

The file Ambrosial (1).exe was found to be: Likely malicious.

Malicious Activity Summary

agilenet bootkit discovery persistence spyware stealer

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets file execution options in registry

Loads dropped DLL

Checks computer location settings

Registers COM server for autorun

Reads user/profile data of web browsers

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Checks BIOS information in registry

Checks for any installed AV software in registry

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Script User-Agent

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-16 17:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-16 17:04

Reported

2023-04-16 17:11

Platform

win10v2004-20230220-en

Max time kernel

346s

Max time network

405s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\bitdurtsetup(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoEscape.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\notification_helper.exe\"" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\notification_helper.exe" C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateHelper.msi C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_it.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_sl.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\v8_context_snapshot.bin C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_pwa_launcher.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File opened for modification C:\Program Files\Bit Driver Updater\TAFactory.IconPack.dll C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
File opened for modification C:\Program Files (x86)\GUM2094.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ko.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_tr.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ta.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\hi.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\pl.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\vulkan-1.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_et.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ja.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\ru.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File opened for modification C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hr.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_uk.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_elf.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\AVGBrowser.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Application\master_preferences C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File opened for modification C:\Program Files\Bit Driver Updater\x64\SQLite.Interop.dll C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_da.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hu.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\psuser_64.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\psmachine.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_nl.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\111.0.20716.148\AVGBrowserInstaller.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\111.0.20716.148.manifest C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\vk_swiftshader_icd.json C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_pl.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_en.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_da.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_fil.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File opened for modification C:\Program Files\Bit Driver Updater\Interop.IWshRuntimeLibrary.dll C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
File opened for modification C:\Program Files\Bit Driver Updater\Microsoft.Win32.TaskScheduler.dll C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_lt.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hi.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_sv.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateBroker.exe C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_100_percent.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_am.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_bn.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\SETUP.EX_ C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\fa.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\sl.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File opened for modification C:\Program Files\Bit Driver Updater\System.Threading.dll C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
File created C:\Program Files (x86)\GUM2094.tmp\goopdateres_de.dll C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\bg.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\sv.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\uk.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\acuapi_64.dll C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\nb.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\setup_helper_syslib.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Fonts\Azonix.otf C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe N/A
File opened for modification C:\Windows\Fonts\Azonix.otf C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe N/A
File created C:\Windows\Fonts\OpenSansLight.ttf C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20230416" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\ProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVG.OneClickCtrl.9 C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ = "IPackage" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\AVGBrowserUpdateBroker.exe\"" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\system32\NOTEPAD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ = "IGoogleUpdate" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods\ = "4" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ = "IApp" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}\Elevation C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\goopdate.dll,-1004" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\Elevation C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods\ = "24" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ = "IAppVersionWeb" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\NOTEPAD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\ = "Google Update Legacy On Demand" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A01E2077-A5A9-4229-8BC1-AB2D43564381}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ = "IAppVersion" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.oneclickctrl.9 C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.oneclickctrl.9\CLSID = "{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}" C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\VersionIndependentProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreMachineClass.1\CLSID\ = "{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\VersionIndependentProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A01E2077-A5A9-4229-8BC1-AB2D43564381}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NoEscape.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\bitdurtsetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\bitdurtsetup(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2352 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2124 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2124 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4388 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2436 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4320 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4320 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3804 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1716 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1716 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4568 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4568 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3380 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3380 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4600 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4600 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4300 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4300 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3736 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1272 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4516 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4516 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2504 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2504 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 3488 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 2760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2352 wrote to memory of 1672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe

"C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\8uhgtghgj3g834gizn43nzug43nzg34nzgz3n4gznu43gzn34nzg34znug4znug34u.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Pc fucker.bat" "

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 468 -p 13224 -ip 13224

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 500 -p 13216 -ip 13216

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 516 -p 13148 -ip 13148

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 456 -p 13268 -ip 13268

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 13148 -s 16

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 13216 -s 16

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 13224 -s 16

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 13268 -s 328

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.0.241181287\1744164878" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {186fac75-8ab1-41ea-a303-67cf02e7df8c} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 1952 141ab1e0558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.1.1430784889\2108244523" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b03b6a94-b283-477e-92f5-a3a756c8425a} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 2332 1419e272858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.2.1632285575\875078841" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2988 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f6f9801-e678-4f50-8513-cdb1ee83ad68} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 3152 141aeee2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.3.356530721\2459070" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3528 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcd396f-6613-48bc-b5c9-487bf7d02688} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 3284 1419e265658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.4.413665498\54371291" -childID 3 -isForBrowser -prefsHandle 4004 -prefMapHandle 3992 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9727736-7d8d-4ae1-9eb0-a998090bc0e1} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4016 141aeee4358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.7.1220060327\1230095094" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5720a2d1-36e3-4a13-a5ff-14bee063e81b} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5300 141b1675158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.6.8242633\1725666715" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76626009-7e37-4c3e-9cbe-3bce77481534} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5100 141b1674e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.5.751729697\116971479" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 4960 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {930aa579-f617-4c0b-a721-3a0b5b4b3346} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4920 141b15b6258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.8.1842024341\1349682530" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5860 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2e72924-8404-4197-afcb-d62bec38a9c3} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5872 141b3a78b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.9.1400576076\1064712681" -parentBuildID 20221007134813 -prefsHandle 3288 -prefMapHandle 3772 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea782663-2f3b-4d0e-b338-eac4017d10db} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5864 141afda7d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.10.242816886\1177091943" -childID 8 -isForBrowser -prefsHandle 6192 -prefMapHandle 6176 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c810c4e5-3f66-49c2-beef-26a12940e652} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6204 141b3678b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.11.1661570823\1092914166" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26930 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f7e452-5ab1-490a-8c34-8e9f5fad0530} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6488 141b1bb1258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.12.384145758\44418219" -childID 9 -isForBrowser -prefsHandle 3732 -prefMapHandle 3628 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9025e2b7-0923-4f22-a094-ffb815182660} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5368 141b1e59258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.13.958620288\422729927" -childID 10 -isForBrowser -prefsHandle 5096 -prefMapHandle 5292 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69510970-e9fd-4dde-bf26-dd023381ae70} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5436 141b23acb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.14.882362140\2052576102" -childID 11 -isForBrowser -prefsHandle 10276 -prefMapHandle 10280 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4831f2b8-b2ab-4c02-bdb6-9d8601738f42} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10268 141b4761258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.15.1548590573\1122929064" -childID 12 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c4ed235-e7d9-4550-80a9-71677d053d79} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 8096 141b4e50b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.16.1804915345\560986955" -childID 13 -isForBrowser -prefsHandle 8020 -prefMapHandle 8016 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ae07c-4e45-41ef-b31d-826fca016767} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 8096 141b4957558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.17.632981186\621500426" -childID 14 -isForBrowser -prefsHandle 7944 -prefMapHandle 7952 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0071c89b-7e94-4396-b1b4-8b216cc86f08} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7760 1419e22f358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.18.2136647807\974834944" -childID 15 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5228610-5bb1-4fcb-bb0a-642336b4bd64} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7412 141b65e0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.19.199053630\260785731" -childID 16 -isForBrowser -prefsHandle 7488 -prefMapHandle 7232 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f6c548-0c5a-4320-b942-042d7002aea5} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7228 141b53d5f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.20.1074908763\429463912" -childID 17 -isForBrowser -prefsHandle 7024 -prefMapHandle 6088 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa16db08-b30f-4f8a-ba5e-7fdb34aa85e4} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7220 141b68c2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.21.1287256653\1095289828" -childID 18 -isForBrowser -prefsHandle 10052 -prefMapHandle 10048 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e195e9-c40e-425a-91b0-fb97f31f232c} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10060 141b68c2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.22.1152860695\909266074" -childID 19 -isForBrowser -prefsHandle 10072 -prefMapHandle 10076 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e15afb9-7977-45b8-956f-a11d5452abc7} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9916 141b68c1958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.23.1710709778\226771257" -childID 20 -isForBrowser -prefsHandle 6828 -prefMapHandle 6824 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ac4aa8-cab4-4401-a552-a61767125a13} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6836 141b6c1c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.25.90723462\640575204" -childID 22 -isForBrowser -prefsHandle 9692 -prefMapHandle 9688 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7829009-c09d-446b-a8e7-a868a28002bd} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9700 141b7052b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.26.514691855\1930409046" -childID 23 -isForBrowser -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f98dd34-1290-4592-8b4e-7e8d0fb92c4d} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9608 141b7053a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.24.1886351436\258504468" -childID 21 -isForBrowser -prefsHandle 5900 -prefMapHandle 6756 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {138e6bec-358c-49e9-9736-98beb8f98350} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6752 141b4f45c58 tab

C:\Users\Admin\Downloads\bitdurtsetup(1).exe

"C:\Users\Admin\Downloads\bitdurtsetup(1).exe"

C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp

"C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp" /SL5="$503E6,9361252,1413632,C:\Users\Admin\Downloads\bitdurtsetup(1).exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /delete /tn "Bit Driver Updater_launcher" /f

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im "bitdu.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.27.1356218972\1282576483" -childID 24 -isForBrowser -prefsHandle 9944 -prefMapHandle 4516 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492a56bc-f0b7-40a0-a51e-1652580a1801} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4508 141b3c6bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.28.719288740\667389755" -childID 25 -isForBrowser -prefsHandle 9732 -prefMapHandle 6768 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da918328-93de-4c17-b93f-dfd60219c4bd} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9788 141b361f258 tab

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe" /s /run_source=avg_ads_bg

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing"

C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTU4Mi4zIiBzaGVsbF92ZXJzaW9uPSIxLjguMTU4Mi4zIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc1NDVDREFELUIxMkMtNEJFNy04MzA1LTRGRDAwNEMzMDgzOH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins3Q0IxQjcyOS01OTY3LTQ2ODItQjBDNC1BOTNGMjIwRDQ2RDl9IiB1c2VyaWRfZGF0ZT0iMjAyMzA0MTYiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDQxNiIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins4RjFBNTYzMS1EMDA0LTRBNDEtOTVBRS1FM0ZFRjU2MkU0MkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNTgyLjMiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTE1MyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{7545CDAD-B12C-4BE7-8305-4FD004C30838}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.29.2097294289\495917475" -childID 26 -isForBrowser -prefsHandle 9688 -prefMapHandle 6392 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0d46c6-04d9-4733-aa3c-1cc5a4faf93f} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7304 141b0a94358 tab

C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1 --default-search=google.com --adblock-mode-default=1 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=firefox --import-cookies --auto-launch-chrome --private-browsing --system-level

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.30.770954362\802386835" -childID 27 -isForBrowser -prefsHandle 9896 -prefMapHandle 7220 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc517862-831b-4b50-9366-06bc27b2c0e6} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9780 141b1674b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.31.227162389\921491244" -childID 28 -isForBrowser -prefsHandle 6584 -prefMapHandle 7752 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03f120a-6488-434e-8ab7-5b2f56998a91} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6524 141b3ad4f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.32.635125749\542828747" -childID 29 -isForBrowser -prefsHandle 9408 -prefMapHandle 9404 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e04f7d-b1dc-4d26-9006-f4bb7395ec30} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9544 141b3678258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.33.187695075\1378908626" -childID 30 -isForBrowser -prefsHandle 6340 -prefMapHandle 7304 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07db1ae-8d15-4535-95f8-7ecb46a5cc4d} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9360 141b3ad4058 tab

C:\Users\Admin\Downloads\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape.exe"

C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1 --default-search=google.com --adblock-mode-default=1 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=firefox --import-cookies --auto-launch-chrome --private-browsing --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=111.0.20716.148 --initial-client-data=0x274,0x278,0x27c,0x7c,0x280,0x7ff6f4415800,0x7ff6f4415810,0x7ff6f4415820

C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\master_preferences" --create-shortcuts=0 --install-level=1

C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=111.0.20716.148 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff6f4415800,0x7ff6f4415810,0x7ff6f4415820

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 taskbarpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.34.1613059887\1202749790" -childID 31 -isForBrowser -prefsHandle 4828 -prefMapHandle 6988 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e76a97-f2eb-4fc2-8112-ed7b33c542d5} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10096 141b361ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.35.1692290079\1158244905" -childID 32 -isForBrowser -prefsHandle 7980 -prefMapHandle 9848 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9722a370-a46e-4a0a-ac35-7144fd0e2bae} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6076 141b4da0e58 tab

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Bit Driver Updater skipuac" /TR "'C:\Program Files\Bit Driver Updater\bitdu.exe'"

C:\Program Files\Bit Driver Updater\bitdu.exe

"C:\Program Files\Bit Driver Updater\bitdu.exe" drctlnch

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

Network

Country Destination Domain Proto
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.176:443 assets.msn.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 176.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 55.37.195.20.in-addr.arpa udp
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
IE 20.54.89.15:443 tcp
FR 51.11.192.49:443 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 240.232.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
N/A 127.0.0.1:61220 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.211.203.81:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 81.203.211.34.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
N/A 127.0.0.1:61229 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 216.58.214.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 216.58.214.3:443 id.google.com udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 memz-trojan.en.softonic.com udp
US 35.227.233.104:443 memz-trojan.en.softonic.com tcp
US 8.8.8.8:53 memz-trojan.en.softonic.com udp
US 8.8.8.8:53 memz-trojan.en.softonic.com udp
US 8.8.8.8:53 104.233.227.35.in-addr.arpa udp
US 35.227.233.104:443 memz-trojan.en.softonic.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
NL 23.222.47.122:443 images.sftcdn.net tcp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 23.222.47.122:443 images.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 amplify.outbrain.com udp
US 35.227.233.104:443 softonic.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 e10700.dsca.akamaiedge.net udp
US 204.79.197.200:443 bat.bing.com tcp
US 151.101.1.91:443 n.sni.global.fastly.net udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 e10700.dsca.akamaiedge.net udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 static.va1.vip.prod.criteo.net udp
US 8.8.8.8:53 static.va1.vip.prod.criteo.net udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 35.227.233.104:443 softonic.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 e10883.g.akamaiedge.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 e10883.g.akamaiedge.net udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 c.aaxads.com udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 104.22.55.232:443 c.aaxads.com tcp
US 8.8.8.8:53 c.aaxads.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 35.227.233.104:443 softonic.com udp
US 104.18.24.185:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 122.47.222.23.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 34.107.148.139:443 prebid.media.net tcp
US 8.8.8.8:53 htlb.casalemedia.com.cdn.cloudflare.net udp
US 8.8.8.8:53 c.aaxads.com udp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 htlb.casalemedia.com.cdn.cloudflare.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud udp
FR 18.155.121.141:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 104.26.7.139:443 btloader.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 partner46.googleadservices.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 partner46.googleadservices.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 www-alv.google-analytics.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 btloader.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 142.251.36.1:443 afs.googleusercontent.com tcp
NL 142.251.36.1:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 www-alv.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
NL 142.251.36.1:443 googlehosted.l.googleusercontent.com udp
US 104.18.24.185:443 htlb.casalemedia.com.cdn.cloudflare.net udp
US 74.119.119.131:443 static.va1.vip.prod.criteo.net tcp
US 157.240.5.10:443 scontent.xx.fbcdn.net tcp
GB 96.16.109.182:443 e10883.g.akamaiedge.net tcp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net tcp
FR 13.225.30.130:443 d1ykf07e75w7ss.cloudfront.net tcp
DE 18.66.97.49:443 static.hotjar.com tcp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net tcp
NL 142.251.36.2:443 partner46.googleadservices.com tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ampcid.google.com udp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net udp
NL 142.251.36.2:443 partner46.googleadservices.com udp
US 8.8.8.8:53 232.55.22.104.in-addr.arpa udp
US 8.8.8.8:53 185.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 21.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 167.246.157.35.in-addr.arpa udp
US 8.8.8.8:53 141.121.155.18.in-addr.arpa udp
US 8.8.8.8:53 139.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 178.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 49.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 130.30.225.13.in-addr.arpa udp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 131.119.119.74.in-addr.arpa udp
NL 172.217.168.238:443 ampcid.google.com tcp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 157.240.5.10:443 scontent.xx.fbcdn.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 sadc1.outbrain.org udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 sadc1.outbrain.org udp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
NL 172.217.168.238:443 ampcid.google.com udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 storage.googleapis.com udp
NL 172.217.168.208:443 storage.googleapis.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
US 130.211.23.194:443 api.btloader.com udp
NL 172.217.168.208:443 storage.googleapis.com udp
US 8.8.8.8:53 gum.criteo.com udp
FR 18.164.52.95:443 script.hotjar.com tcp
US 66.225.223.191:443 tr.outbrain.com tcp
US 66.225.223.191:443 tr.outbrain.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
SG 182.161.73.136:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc7.sg1.as.criteo.com udp
US 8.8.8.8:53 gbc5.sg1.as.criteo.com udp
US 8.8.8.8:53 66395bbc70971c167e1ede873e416e8d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc7.sg1.as.criteo.com udp
SG 116.213.23.200:443 gbc7.sg1.as.criteo.com tcp
SG 116.213.23.158:443 gbc5.sg1.as.criteo.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
NL 142.250.179.161:443 pagead-googlehosted.l.google.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 208.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 191.223.225.66.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
SG 182.161.73.136:443 dnacdn.net tcp
NL 142.250.179.161:443 pagead-googlehosted.l.google.com udp
SG 116.213.23.200:443 gbc7.sg1.as.criteo.com tcp
SG 116.213.23.158:443 gbc5.sg1.as.criteo.com tcp
DE 157.240.20.35:443 www.facebook.com tcp
DE 157.240.20.35:443 www.facebook.com tcp
DE 157.240.20.35:443 www.facebook.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 18.65.35.220:443 d1jvc9b8z3vcjs.cloudfront.net tcp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 notix.io udp
NL 139.45.240.92:443 notix.io tcp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 18.235.185.19:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 18.235.185.19:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 136.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 158.23.213.116.in-addr.arpa udp
US 8.8.8.8:53 200.23.213.116.in-addr.arpa udp
US 8.8.8.8:53 35.20.240.157.in-addr.arpa udp
US 8.8.8.8:53 220.35.65.18.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 92.240.45.139.in-addr.arpa udp
US 8.8.8.8:53 19.185.235.18.in-addr.arpa udp
US 8.8.8.8:53 sslwidget.criteo.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 widget.va1.vip.prod.criteo.com udp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 www.googletagservices.com udp
DE 141.95.33.111:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn.marphezis.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 widget.va1.vip.prod.criteo.com udp
DE 172.217.23.194:443 www.googletagservices.com tcp
DE 172.217.23.194:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
NL 178.79.208.44:443 cdn.marphezis.com tcp
US 8.8.8.8:53 weendom.s.llnwi.net udp
DE 172.217.23.194:443 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 weendom.s.llnwi.net udp
US 74.119.119.150:443 widget.va1.vip.prod.criteo.com tcp
DE 141.95.33.111:443 id5-sync.com tcp
US 8.8.8.8:53 compass-v2.deliverimp.com udp
US 8.8.8.8:53 compass-v2.deliverimp.com udp
US 18.210.38.255:443 compass-v2.deliverimp.com tcp
US 8.8.8.8:53 compass-v2.deliverimp.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 sync-t1.taboola.com udp
US 8.8.8.8:53 user-data-apac-jp.bidswitch.net udp
US 8.8.8.8:53 criteo-sync.teads.tv udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 adgen.socdm.com udp
US 8.8.8.8:53 tg.socdm.com udp
US 8.8.8.8:53 r.casalemedia.com udp
US 8.8.8.8:53 adx.dable.io udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cs.adingo.jp udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 exchange.mediavine.com udp
JP 124.146.153.150:443 adgen.socdm.com tcp
JP 124.146.215.51:443 tg.socdm.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 contextual.media.net udp
KR 43.200.114.146:443 adx.dable.io tcp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
DE 3.72.243.92:443 exchange.mediavine.com tcp
US 8.8.8.8:53 ade.clmbtech.com udp
US 8.8.8.8:53 sync.aralego.com udp
US 8.8.8.8:53 sync-criteo.ads.yieldmo.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 user-data-apac-jp.bidswitch.net udp
US 8.8.8.8:53 match-ap-southeast-1-ecs.sharethrough.com udp
US 8.8.8.8:53 rtb-csync-itx5.smartadserver.com udp
US 8.8.8.8:53 match-ap-southeast-1-ecs.sharethrough.com udp
FR 18.164.52.4:443 s.ad.smaato.net tcp
US 8.8.8.8:53 rtb-csync-itx5.smartadserver.com udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 111.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 44.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 255.38.210.18.in-addr.arpa udp
US 8.8.8.8:53 92.243.72.3.in-addr.arpa udp
US 8.8.8.8:53 us-east-eb2.3lift.com udp
US 8.8.8.8:53 sg-vip001.taboola.com udp
US 8.8.8.8:53 e9957.e4.akamaiedge.net udp
JP 124.146.153.150:443 adgen.socdm.com tcp
JP 124.146.215.51:443 tg.socdm.com tcp
KR 43.200.114.146:443 adx.dable.io tcp
US 8.8.8.8:53 sg-vip001.taboola.com udp
US 8.8.8.8:53 e9957.e4.akamaiedge.net udp
US 8.8.8.8:53 us-east-eb2.3lift.com udp
US 8.8.8.8:53 compass-viewability.deliverimp.com udp
US 8.8.8.8:53 cdn.topsrvimp.com udp
US 8.8.8.8:53 ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud udp
US 8.8.8.8:53 compass-events.deliverimp.com udp
US 8.8.8.8:53 bid.dr.socdm.com udp
US 8.8.8.8:53 ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud udp
US 44.198.27.179:443 compass-viewability.deliverimp.com tcp
NL 87.248.202.99:443 cdn.topsrvimp.com tcp
US 8.8.8.8:53 tg.dr.socdm.com udp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 54.197.100.119:443 compass-events.deliverimp.com tcp
US 8.8.8.8:53 tg.dr.socdm.com udp
US 8.8.8.8:53 bid.dr.socdm.com udp
US 8.8.8.8:53 fr-xn.lb.indexww.com udp
US 8.8.8.8:53 cookie-matcher-prod.fs6yf3fqvt.ap-northeast-2.elasticbeanstalk.com udp
US 8.8.8.8:53 fr-xn.lb.indexww.com udp
US 8.8.8.8:53 ap-ice.360yield.com udp
US 8.8.8.8:53 cookie-matcher-prod.fs6yf3fqvt.ap-northeast-2.elasticbeanstalk.com udp
US 8.8.8.8:53 a179.b.akamai.net udp
US 8.8.8.8:53 ap-ice.360yield.com udp
US 8.8.8.8:53 exchange.mediavine.com udp
US 8.8.8.8:53 a179.b.akamai.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 exchange.mediavine.com udp
US 8.8.8.8:53 cs.adingo.jp udp
US 8.8.8.8:53 cs.adingo.jp udp
US 8.8.8.8:53 sync.aralego.com udp
US 8.8.8.8:53 syncelb-1292340544.ap-southeast-1.elb.amazonaws.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 sync.aralego.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 syncelb-1292340544.ap-southeast-1.elb.amazonaws.com udp
JP 35.213.12.39:443 user-data-apac-jp.bidswitch.net tcp
NL 172.217.168.194:443 cm.g.doubleclick.net tcp
DE 37.252.171.84:443 secure.adnxs.com tcp
US 8.8.8.8:53 sa-lb.deliverimp.com udp
NL 173.223.112.20:443 contextual.media.net tcp
SG 52.77.109.144:443 match.sharethrough.com tcp
FR 185.86.138.154:443 rtb-csync-itx5.smartadserver.com tcp
US 8.8.8.8:53 e63851.dscj.akamaiedge.net udp
SG 141.226.229.48:443 sg-vip001.taboola.com tcp
NL 173.223.113.34:443 e9957.e4.akamaiedge.net tcp
US 52.223.22.214:443 us-east-eb2.3lift.com tcp
SG 13.228.126.19:443 ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud tcp
CA 185.80.39.216:443 fr-xn.lb.indexww.com tcp
JP 54.64.172.71:443 cs.adingo.jp tcp
NL 23.72.252.161:443 a179.b.akamai.net tcp
SG 18.142.198.177:443 ad.360yield.com tcp
US 8.8.8.8:53 pug-sgc.pubmnet.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 35.190.60.146:443 idsync.rlcdn.com tcp
US 38.133.127.191:443 sync.outbrain.com tcp
SG 103.231.98.194:443 pug-sgc.pubmnet.com tcp
NL 95.101.74.134:443 e63851.dscj.akamaiedge.net tcp
SG 209.58.168.56:443 sync.aralego.com tcp
US 8.8.8.8:53 pug-sgc.pubmnet.com udp
US 8.8.8.8:53 e63851.dscj.akamaiedge.net udp
US 8.8.8.8:53 compass-viewability.deliverimp.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.2.111.196:443 sa-lb.deliverimp.com tcp
SG 3.0.23.195:443 syncelb-1292340544.ap-southeast-1.elb.amazonaws.com tcp
US 8.8.8.8:53 compass-events.deliverimp.com udp
NL 172.217.168.194:443 cm.g.doubleclick.net udp
JP 35.213.12.39:443 user-data-apac-jp.bidswitch.net tcp
SG 52.77.109.144:443 match.sharethrough.com tcp
SG 141.226.229.48:443 sg-vip001.taboola.com tcp
SG 13.228.126.19:443 ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud tcp
US 8.8.8.8:53 brightcom-d.openx.net udp
US 8.8.8.8:53 compass-events.deliverimp.com udp
US 8.8.8.8:53 compass-viewability.deliverimp.com udp
SG 3.1.166.226:443 ads.yieldmo.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
US 147.28.129.37:443 prebid.a-mo.net tcp
JP 54.64.172.71:443 cs.adingo.jp tcp
US 8.8.8.8:53 rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sa-lb.deliverimp.com udp
US 35.190.60.146:443 idsync.rlcdn.com udp
US 34.98.64.218:443 brightcom-d.openx.net tcp
SG 103.231.98.194:443 pug-sgc.pubmnet.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 brightcom-d.openx.net udp
US 8.8.8.8:53 4.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 51.215.146.124.in-addr.arpa udp
US 8.8.8.8:53 150.153.146.124.in-addr.arpa udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 146.114.200.43.in-addr.arpa udp
US 8.8.8.8:53 99.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 179.27.198.44.in-addr.arpa udp
US 8.8.8.8:53 119.100.197.54.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 34.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 214.22.223.52.in-addr.arpa udp
US 8.8.8.8:53 84.171.252.37.in-addr.arpa udp
NL 81.17.55.99:443 prg.smartadserver.com tcp
US 8.8.8.8:53 154.138.86.185.in-addr.arpa udp
NL 104.80.224.197:443 ads.pubmatic.com tcp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 134.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 191.127.133.38.in-addr.arpa udp
US 8.8.8.8:53 196.111.2.8.in-addr.arpa udp
US 8.8.8.8:53 19.126.228.13.in-addr.arpa udp
US 8.8.8.8:53 144.109.77.52.in-addr.arpa udp
US 8.8.8.8:53 177.198.142.18.in-addr.arpa udp
US 8.8.8.8:53 56.168.58.209.in-addr.arpa udp
US 8.8.8.8:53 48.229.226.141.in-addr.arpa udp
US 8.8.8.8:53 71.172.64.54.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 194.98.231.103.in-addr.arpa udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 brightcom-d.openx.net udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 74.119.119.129:443 bidder.criteo.com tcp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 bidder.va1.vip.prod.criteo.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 bidder.va1.vip.prod.criteo.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 104.18.11.47:443 js-sec.indexww.com tcp
SG 3.1.166.226:443 rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com tcp
FR 178.250.7.11:443 dis.criteo.com tcp
US 34.98.64.218:443 brightcom-d.openx.net udp
US 8.8.8.8:53 js-sec.indexww.com.cdn.cloudflare.net udp
US 8.8.8.8:53 widget.fr3.vip.prod.criteo.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 js-sec.indexww.com.cdn.cloudflare.net udp
US 8.8.8.8:53 widget.fr3.vip.prod.criteo.com udp
FR 178.250.7.11:443 widget.fr3.vip.prod.criteo.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 pugmaster-sg4c.pubmnet.com udp
SG 67.199.150.81:443 pugmaster-sg4c.pubmnet.com tcp
US 8.8.8.8:53 widget.as.criteo.com udp
US 8.8.8.8:53 pugmaster-sg4c.pubmnet.com udp
SG 182.161.73.146:443 widget.as.criteo.com tcp
US 8.8.8.8:53 widget.sg1.vip.prod.criteo.com udp
SG 182.161.73.146:443 widget.sg1.vip.prod.criteo.com tcp
US 8.8.8.8:53 cdn.aralego.net udp
US 172.67.71.254:443 cdn.aralego.net tcp
US 8.8.8.8:53 cdn.aralego.net udp
SG 67.199.150.81:443 pugmaster-sg4c.pubmnet.com tcp
US 8.8.8.8:53 widget.sg1.vip.prod.criteo.com udp
US 8.8.8.8:53 cdn.aralego.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.67.71.254:443 cdn.aralego.net udp
US 8.8.8.8:53 compass-allbids.deliverimp.com udp
CA 185.80.39.216:443 ssum-sec.casalemedia.com tcp
SG 182.161.73.146:443 widget.sg1.vip.prod.criteo.com tcp
SG 182.161.73.146:443 widget.sg1.vip.prod.criteo.com tcp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 195.23.0.3.in-addr.arpa udp
US 8.8.8.8:53 37.129.28.147.in-addr.arpa udp
US 8.8.8.8:53 99.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 197.224.80.104.in-addr.arpa udp
US 8.8.8.8:53 209.125.126.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 226.166.1.3.in-addr.arpa udp
US 8.8.8.8:53 129.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 47.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 254.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 81.150.199.67.in-addr.arpa udp
US 8.8.8.8:53 compass-allbids.deliverimp.com udp
US 3.216.221.121:443 compass-allbids.deliverimp.com tcp
US 8.8.8.8:53 compass-allbids.deliverimp.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
SG 67.199.150.85:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 spug-sg4c.pubmnet.com udp
US 104.18.11.47:443 cdn.indexww.com tcp
US 8.8.8.8:53 cdn.indexww.com.cdn.cloudflare.net udp
US 8.8.8.8:53 spug-sg4c.pubmnet.com udp
US 8.8.8.8:53 cdn.indexww.com.cdn.cloudflare.net udp
US 8.8.8.8:53 146.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 121.221.216.3.in-addr.arpa udp
SG 67.199.150.85:443 spug-sg4c.pubmnet.com tcp
US 8.8.8.8:53 compass-events.deliverimp.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.210.82:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 151.101.1.108:443 cdn.adnxs.com tcp
NL 185.89.210.82:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
DE 172.217.23.194:443 www.googletagservices.com udp
US 8.8.8.8:53 gumi.criteo.com udp
US 8.8.8.8:53 85.150.199.67.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
SG 182.161.73.136:443 gumi.criteo.com tcp
US 8.8.8.8:53 gum.sg1.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.sg1.vip.prod.criteo.com udp
SG 182.161.73.136:443 gum.sg1.vip.prod.criteo.com tcp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 sa-cs.deliverimp.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 34.98.64.218:443 eu-u.openx.net tcp
US 8.8.8.8:53 eu-u.openx.net udp
US 34.98.64.218:443 eu-u.openx.net tcp
US 8.2.108.116:443 sa-cs.deliverimp.com tcp
US 8.2.108.116:443 sa-cs.deliverimp.com tcp
US 8.2.108.116:443 sa-cs.deliverimp.com tcp
US 8.8.8.8:53 sa-cs.deliverimp.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 sa-cs.deliverimp.com udp
US 34.98.64.218:443 eu-u.openx.net udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 bdu.bitdriverupdater.com udp
US 8.8.8.8:53 bdu.bitdriverupdater.com udp
US 154.27.69.115:443 bdu.bitdriverupdater.com tcp
US 8.8.8.8:53 bdu.bitdriverupdater.com udp
US 8.8.8.8:53 116.108.2.8.in-addr.arpa udp
US 8.8.8.8:53 115.69.27.154.in-addr.arpa udp
US 154.27.69.115:443 bdu.bitdriverupdater.com tcp
US 8.8.8.8:53 d3jk1lxf0mko9y.cloudfront.net udp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
US 8.8.8.8:53 d3jk1lxf0mko9y.cloudfront.net udp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
FR 99.86.91.57:443 d3jk1lxf0mko9y.cloudfront.net tcp
US 8.8.8.8:53 d3jk1lxf0mko9y.cloudfront.net udp
US 154.27.69.115:443 bdu.bitdriverupdater.com tcp
US 154.27.69.115:443 bdu.bitdriverupdater.com tcp
US 154.27.69.115:443 bdu.bitdriverupdater.com tcp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 57.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.sg1.as.criteo.net udp
US 8.8.8.8:53 csm.sg1.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.sg1.vip.prod.criteo.net udp
US 8.8.8.8:53 www.bitdriverupdater.com udp
US 154.27.69.115:443 www.bitdriverupdater.com tcp
US 8.8.8.8:53 bitdriverupdater.com udp
US 8.8.8.8:53 bitdriverupdater.com udp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
SG 182.161.73.142:443 csm.sg1.vip.prod.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
SG 182.161.73.142:443 csm.sg1.vip.prod.criteo.net tcp
US 8.8.8.8:53 142.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 bdu.bitdriverupdater.com udp
US 8.8.8.8:53 webcf.bitdriverupdater.com udp
FR 99.86.91.7:443 webcf.bitdriverupdater.com tcp
FR 99.86.91.7:443 webcf.bitdriverupdater.com tcp
US 8.8.8.8:53 7.91.86.99.in-addr.arpa udp
FR 99.86.91.7:443 webcf.bitdriverupdater.com tcp
US 8.8.8.8:53 144.128.155.18.in-addr.arpa udp
US 8.8.8.8:53 60.12.249.13.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 13.249.14.129:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 177.12.249.13.in-addr.arpa udp
US 8.8.8.8:53 129.14.249.13.in-addr.arpa udp
US 8.8.8.8:53 cc.bitdriverupdater.com udp
US 154.27.69.115:80 cc.bitdriverupdater.com tcp
US 8.8.8.8:53 trkr.bitdriverupdater.com udp
FR 13.32.145.106:80 trkr.bitdriverupdater.com tcp
US 8.8.8.8:53 106.145.32.13.in-addr.arpa udp
FR 99.86.91.7:80 webcf.bitdriverupdater.com tcp
NL 216.58.214.3:443 id.google.com udp
DE 172.217.23.214:443 i.ytimg.com udp
DE 172.217.23.206:443 youtube-ui.l.google.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net udp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 cdn-download.avastbrowser.com udp
US 172.67.15.96:443 cdn-download.avastbrowser.com tcp
US 8.8.8.8:53 96.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 stats.avgbrowser.com udp
US 104.22.62.125:443 stats.avgbrowser.com tcp
US 8.8.8.8:53 125.62.22.104.in-addr.arpa udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 104.22.62.125:443 update.avgbrowser.com tcp
US 104.22.62.125:443 update.avgbrowser.com tcp
US 8.8.8.8:53 browser-update.avg.com udp
DE 23.32.238.146:80 browser-update.avg.com tcp
US 8.8.8.8:53 146.238.32.23.in-addr.arpa udp
NL 216.58.214.3:443 id.google.com udp
DE 172.217.23.214:443 i.ytimg.com udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net udp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 173.255.250.29:443 allllllen.itch.io tcp
US 8.8.8.8:53 itch.io udp
US 8.8.8.8:53 itch.io udp
US 8.8.8.8:53 29.250.255.173.in-addr.arpa udp
US 8.8.8.8:53 static.itch.io udp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 static.itch.io udp
US 8.8.8.8:53 static.itch.io udp
US 69.16.175.10:443 img.itch.zone tcp
US 8.8.8.8:53 cds.j9q8r6t7.hwcdn.net udp
US 8.8.8.8:53 cds.j9q8r6t7.hwcdn.net udp
US 173.255.250.29:443 itch.io tcp
US 173.255.250.29:443 itch.io tcp
US 173.255.250.29:443 itch.io tcp
US 8.8.8.8:53 99.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.175.16.69.in-addr.arpa udp
US 8.8.8.8:53 itch.io udp
US 8.8.8.8:53 w3g3a5v6.ssl.hwcdn.net udp
US 69.16.175.42:443 w3g3a5v6.ssl.hwcdn.net tcp
US 8.8.8.8:53 w3g3a5v6.ssl.hwcdn.net udp
US 8.8.8.8:53 w3g3a5v6.ssl.hwcdn.net udp
US 8.8.8.8:53 itch.io udp
US 173.255.250.29:443 itch.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 42.175.16.69.in-addr.arpa udp
NL 142.251.36.2:443 cm.g.doubleclick.net tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.2:443 cm.g.doubleclick.net udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
DE 172.217.23.194:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
DE 172.217.23.194:443 www.googletagservices.com udp
DE 172.217.23.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 offsetprovider-search-sites.svc.avast.com udp
DE 34.159.167.110:443 offsetprovider-search-sites.svc.avast.com tcp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 110.167.159.34.in-addr.arpa udp
US 8.8.8.8:53 lens.google.com udp
NL 172.217.168.206:443 lens.google.com tcp
US 8.8.8.8:53 lens.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 lens.google.com udp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 85.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 104.22.62.125:443 update.avgbrowser.com tcp
US 8.8.8.8:53 evntr.bitdriverupdater.com udp
US 191.101.166.8:80 evntr.bitdriverupdater.com tcp
US 8.8.8.8:53 8.166.101.191.in-addr.arpa udp
US 8.8.8.8:53 68.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp

Files

memory/4912-133-0x000001D09F5A0000-0x000001D0A058A000-memory.dmp

memory/4912-134-0x000001D0BA950000-0x000001D0BA96A000-memory.dmp

memory/4912-135-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Azonix.otf

MD5 cdfe47b31e9184a55cf02eef1baf7240
SHA1 b8825c605434d572f5277be0283d5a9b2cde59e4
SHA256 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9
SHA512 a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5

C:\Windows\Fonts\OpenSansLight.ttf

MD5 1bf71be111189e76987a4bb9b3115cb7
SHA1 40442c189568184b6e6c27a25d69f14d91b65039
SHA256 cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512 cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

memory/4912-164-0x000001D0BC450000-0x000001D0BC472000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 55146e6ee37f253333c9a19218b533b3
SHA1 eae5322bddbe03d3fb2030cfd70b414fdacd5a04
SHA256 c9b46ee315bb0a68ea051b5b1af03e1519b0a45619486b6111bebdb72b1e44d7
SHA512 bc694af114d89e6c51780180d514169d3b1d69e39a5f0b3927dff096309ba8134dee4042485bbd7536c97922f3b7ad907e0e968a26e36a8b9af749008492aaa2

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 f87e9baa2650b0db949823922e120439
SHA1 4795eb7dc1f34b2c4478f7cc31fc6cf968ebf19f
SHA256 d64f22fe749e9836f1c9f95a11ac88254233cf48bd5533cae0532a995afd71fa
SHA512 c2d7b038a2e728efc409fa1c2c0a1337d4c3d30ab71885c058fc3e228f01473fd773b162636d7855c72a8ee69efe75b847182c1b469e89fca6c83c569d193985

C:\Users\Admin\AppData\Local\Ambrosial\log.txt

MD5 acdcc33dad3e2e931da9f5d8014796d1
SHA1 184cce281a830de664ef10803db1c8559572eb2d
SHA256 14bf2758dc5b86d058efd01a11da5cc8a2480b9405090102ddb1baf219c4dbcd
SHA512 1805cee4a4975bd3111a841ba299456b812e5d94a628c8fd8e550bc2e2b9059f9f57983a86217bacf4567cceed2758ea0510d007fb795a5613d701a035351b65

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png

MD5 bd127f237b3f4a794308fc3576b495ad
SHA1 0a2ff256aa76a0deb134315e4a72844dabb37041
SHA256 59b60c0cd0e2f058fd06054fc3b546151c73930dfe605a2fb08dfd21086e6351
SHA512 2ac6ddd8e824017291c0b145434c06fbc2329135794eb6427915873ce940537055565c25cee03f531f862c931f58fc217d475ee8027e26a736e3f8ce46f4d8b6

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/4912-372-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-371-0x00007FF992520000-0x00007FF99266E000-memory.dmp

memory/4912-373-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-375-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-377-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-379-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-381-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-383-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-386-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-385-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp

memory/4912-388-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-390-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-392-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-394-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-396-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-398-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-400-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-402-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-404-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-406-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-408-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-410-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-412-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-414-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-416-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-418-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-420-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-422-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-424-0x000001D0BBA40000-0x000001D0BBBE9000-memory.dmp

memory/4912-425-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-427-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-429-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-431-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-433-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-435-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp

memory/4912-440-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-1091-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp

C:\Users\Admin\Desktop\BlockMerge.bin

MD5 e43444c9463ef9868ef89c2a227cf4f9
SHA1 88238b4f223476e8cabcd87645aadd41c6728139
SHA256 6e71f928b09d8d298072ab877c73a295f62bb5883499e4eacca20100c3e21166
SHA512 3260ac0565a19b676f660c7f5e965f8d084a07ad346b1ce02d00c381492c6d9d6db5e83ef6a28f4e64a5d227e3dbdec39c2aee56289f989c32b349beddea71b6

C:\Users\Admin\Desktop\JoinConvertTo.odp

MD5 1b41b825afdb6e5827cc6c86a2bda82b
SHA1 6c438f98a12efbeebd6f4388cfe40a08425c272f
SHA256 e4e93fd1d44e869379c6c7e838544899e6a8c8f84dcaa39baf3c6a6df4382c0f
SHA512 89ffa1ee14e97c12333ffc0d08efbdef23d79ea7f98388220fc3c13a84db0c2e83b1f1cd00bb8b55d84d53a91bf07fef59d4810fe3c3dcc0d3aed786910f7454

C:\Users\Admin\Desktop\UseEnter.jpg

MD5 34d9d4b3bdc86cff89fba633435023d5
SHA1 c24b43c41880cbc2856c783667ba9398a423ae13
SHA256 251046bc147bfeafbf89e417109643e15c3042f1372adc5bb423bfeef4f960fd
SHA512 25f756f8164322399dcae1e8f3fa0604d97b38369abce68815e6c137679df10db481ceb2a7c00bb1b26db8389bee4d28a8bb3136897aa18caf0fd3aa4eff23ca

C:\Users\Admin\Desktop\UseConnect.jpg

MD5 a655e5a1138337ea2ca307bba9db0425
SHA1 b8b6354c82498cd5be34a105812c5502dd40b401
SHA256 bdb8d655efd5e10e0fe9b1e30a5c78d7d7815354c77970f1b5d23a338120329e
SHA512 52e956f2162268e5dceaf9c2b1ae39886a66b3598e669fefa0db8a0d314ab3ce98ef73f1202c98977c3b08c1310a6917f0074cffde6d5bdcbf40dd7d194ecaf3

C:\Users\Admin\Desktop\UndoRedo.rmi

MD5 27448b614a5aa9eb2b5b240e8c55df98
SHA1 71bbcb44c09a8e17a796e47f179bec39157f74db
SHA256 4af8163a442f0620745bb6cb4cb1cd97753d561afb7042225dff2830a53a76b4
SHA512 26c068b5160bb5be4abe1089213f1199cd632dc4c881b2cc106b95e9c0b311d6c76c89775d4d6bc8210cd1340e920cd0cd14afc809d8cef9c2e4f877dbb01894

C:\Users\Admin\Desktop\TraceRegister.asf

MD5 85b7ca72885fbdb1fbb0564e9c7fce7d
SHA1 dd530cf190fa3bf7a6ae5b315893bfcc0298daec
SHA256 06ab15c798a7df80446f8392f3fb735bec1b6c10808a451524d9572cfad195a8
SHA512 613c71557bde172367d61744b23f65ed09013d41d50cfeadead4ef605d2bfd9dbdb9a7cc04d50e015e8fdf494b475cac035a732b60d0b9d5080e4eb0d28e80b3

C:\Users\Admin\Desktop\SwitchDismount.dotm

MD5 a3171d9abd887e37b935cd77059e940f
SHA1 674e62b9a0868ba3a55aa0c27a3fde49400a7e8f
SHA256 77bbc42c53ca9edb0ed09fe588ecf9f01b290cae35ffb73080f4bcfcdf348286
SHA512 eb8556c6b347ad0ed7cfcde6b844e683b3c2fcb27f7e438da066cf0efe24e89053ffde81b8397e1b07438997d4074b861c373ede670d6a1d77a570787e84867e

C:\Users\Admin\Desktop\ShowUnpublish.vsdm

MD5 2220530099ded132241957d53f3e6d88
SHA1 443d945cd0d04447782d0730d0f6b49fc06176c6
SHA256 c8a31cec2de6c0dee4169013b8297b5d322a1e94009719f409834cfbb55b0977
SHA512 6643b76f6f05faf9f25d8bf7b36328b9e8d331379b34fc0c0cc56941c7fd0797b760bfa9b6c8923be3caebc26fc799bd111b30bcce6c7093bec5db57b42ee759

C:\Users\Admin\Desktop\SearchUnprotect.svgz

MD5 5b7fb32006e1da26af4b8f2cf3df8e1c
SHA1 1b5a65504e56ec91f9ce5ce9721b93f74ebe9274
SHA256 faf39c5616580a0801e7773283395b8e89d0d8bbc4d8d57f4066a8e05e289cf8
SHA512 d77319bd4ec3150cc6d587f92ab6f75d0c5b24f8febdad9451151e48aa1bea4798b036ccb14abfe9b32365a16daf1bad65f5a3b25ab5ad6f01fb2dcd6ff45bbc

C:\Users\Admin\Desktop\RedoReset.docx

MD5 1f41d67a461dd51083b6e242a4336946
SHA1 d9f183b90f438c29d8c7a1a30c7df64fd9d74921
SHA256 bdfda60c7ec8fceedafcb24eb883e3906593aaa4e2dad341727964e3798931bd
SHA512 c24d1fa76f14e1f2d3c9feb60545339f2e57a037b34d74240a814db6c3371a5cce8df7d38fbc675e82aecefef6e693614c2bac91fc7efb70c09541a4ef2d44a6

C:\Users\Admin\Desktop\RedoDismount.jfif

MD5 aa02d974b1a7df6f9b9361b1c0d08593
SHA1 59acc21101dee894c19cfabf1d0db26c6ceb65d1
SHA256 7e920b69b4deb06dce7332c9c023f53f37cd1255cb9d77744c1b2d78f77daafd
SHA512 ee3d287b0de1f745a9db014f6ae410e8f1233a1712e851492cc9ec7c2215f42bd7e50f8d5b34b570971b8b2992771e4e83c52d7e6efdb517692f7b897994e4b5

C:\Users\Admin\Desktop\NewCompress.jpeg

MD5 ff0a4c0526cba27f958608200182845a
SHA1 811ef95d1ac490386328ec24e86b7014b2e007b9
SHA256 98f7fa1094b54bfb0127a4a4d2c305dee047739baa6d2cc7cf87d53ea532772c
SHA512 9828d591809119620401d667d50257bbc6a440a98e476a9d676fa00da49defb1f914ddacf58e4355db5839229e57c66f3441bc24b7d3811a0a101c5bbe253d4c

C:\Users\Admin\Desktop\MountEnter.wmf

MD5 18fb19a22c218d29703cba13f3708869
SHA1 b52de8ce207a5640ddbccca0c6966281addb807d
SHA256 cf42394d4be050fad0cdd2620414842d2ccbe1835aa192c2e9f0a95044b04bcf
SHA512 be8ac811f7198929d1db1cd2110c5cf0f8a3f2f78886bf6e1afe794d9142e1f36456d0079f84438059622416231087bc9b9af3c0d6ded5d91ec5886e65a314e8

C:\Users\Admin\Desktop\GroupExit.otf

MD5 09279a6e57a15378b4410edd15484c69
SHA1 bcdf46c53fbc60910ebd51a91a586b12bf5fd7dd
SHA256 e507dd9e5894b9677bf2dcd55f01dd1591fa1d6300a3c65a0fde433017f9cded
SHA512 bcb9777fbf38a803cc78fb30deae14adf68930b7f021d931f51b59dd2a05c7ef721e2be34c56acc8b9bd27a41ac58a1c7cc2d8aedaec5f405a1a3fca53ba61b8

C:\Users\Admin\Desktop\CopyStep.sql

MD5 edccb93ea6a29d7dc960d0da26147a3e
SHA1 5ec24e24f1b43c180044b794988c68c3e30e9f02
SHA256 813797375fa69ce9f2751f94cd2df74eb1b2e30359e436557d367a87b98b495a
SHA512 b5cc0a49541ac2692605992a8918da9f2d3b4cb344f26d2819ed3a6467d82bc3f6cf5a4e31438a7eb2a8414b244583cd15ffe06d56ec87289e84bf4faad2cdff

C:\Users\Admin\Desktop\ConvertFromDebug.dotx

MD5 7adde9cee4c62cdcbb28bcb2c25ae45b
SHA1 cc30fed07f1d641c43dd235393d75d895dc0eecb
SHA256 151586e9abf3b0518e5ca93a172696bdcecf72691120dffdb27fdac9edbaf852
SHA512 c19ae7526c6fed25a9dd4b9aaecd52c7f52ed8e3d78e1eff270c213dcdf6976c819a63251dcfb9e25b639650fd9d1621d96a0fb2e34ccb0c73adfb934e00a4c3

C:\Users\Admin\Desktop\BackupImport.mpp

MD5 53e81062d6d0313b54d2623c099a0f7f
SHA1 02a14bf4ac34e47f010a0a89559de2ce71be08f9
SHA256 0b94890950725b115bd06d3491194280a37d7ae812b0d4a22f1565c9127d96b5
SHA512 f79291193dc9534bf64e858e0f209d6e298a45291c987f723ef71b3a216599db48e2726a7a0af60e230ea65996df3602262d055ea669996f0203ce849dbad4ec

C:\Users\Admin\Desktop\ApproveSwitch.mpeg2

MD5 2c1213babdff4afe7f0f6bf04b64df4b
SHA1 b6573d73b2158de32552bc4365c84c64c1f7c67e
SHA256 548294397665f3fce5538ec5403bb2ffb22efb8ad02002069743cbcab45a3d3a
SHA512 fede4cc90303cbe85f391a6e06e100a6b995d480e84f85e2e27c3def57953a8491b0e219483078f4d8e775192ed9297ed2620977aebd8143590ac0d371e857a0

C:\Users\Admin\Desktop\AddInstall.pub

MD5 9a4e59c459c241a6eb483912b8e1be74
SHA1 fe863c1e5703f3bae0dbd1c1e51acd01c5349cea
SHA256 e76e3ba8da354a14f4a7c8d756eecd3970ad68ed598bec0bfceaaad5d84f3be2
SHA512 3e90e5306f71bdfd1c139cdeaec6adede6a1c60921acfdefbf51aa817367010cce9462e033f47aa76244993af5c2cd0c1b095643a947ac29bfcdbf00cd1caeda

C:\Users\Admin\Desktop\AddExit.jpg

MD5 63acbb9d523371e31f5655170e0e8060
SHA1 b95fc8ed2243cb64a7a67753ba4cef7577491d5f
SHA256 b9100c3796140b27e6d4025568705bafad9e7802e9e2a18586d036a5d4946c72
SHA512 92f8ebaffe65d766993656b6b11f76fde7b29304b86e4e2d061fed6035f8d33532259164bf8a1d1c2c6b702ab8f2f5ae3d5332826b4a25ae9ccc822545c1ed8a

C:\Users\Admin\Desktop\8uhgtghgj3g834gizn43nzug43nzg34nzgz3n4gznu43gzn34nzg34znug4znug34u.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 99c64202a82b95d1f0f0c1bb8e32590f
SHA1 dd134bf660c199dc64b3392d3e45022186f94a81
SHA256 5cb19e8387e817db33da3a1febd93dffcd4407ccbd996650e202ab6e8a07bd8a
SHA512 c141120ca899380c38ae95be69e166c22802af5456939f30dd2b2b92959c82ed07b37b444e0a1f26322459ec1f6cd29e3228b825a4ac0af633edc49c74e642c6

C:\Users\Admin\Desktop\WaitSelect.3gp2

MD5 9716ab5ba45e6cf456aea1490d06f46b
SHA1 1b55fe851d07618de27bdbe626ae57bc6a6aba0a
SHA256 55a6e7525eab46d8bc076e90d24abfe3ce647e2e4dcfb28f69839bf307f2ab8f
SHA512 f0d207622b014f3ef2fe8bc2751d247b36ac9ec98a7cf3112ddd9bec4e274c89cc2f17da2d8485674f0fab641fa92a933ae36f8958ecaa65298cb3f3aeb26860

C:\Users\Admin\Desktop\StartTest.png

MD5 867641c0b68de2eff22b8cb34f763ad8
SHA1 c19933fa016d2a43ea44a696048b0b44ae9bc3b1
SHA256 fa4aae8f76761022ee802349bdf7b6fd151d54e72284ce6f2798cf44e41fccb7
SHA512 58ccb725b0681bd9484d112e26e193bfb26b9d790521bc29021397d3dbd78b9f9fc8a309d48f37527a9349aade50b899352e14151c717e23167b5cd1a722e168

C:\Users\Admin\Desktop\MoveFormat.search-ms

MD5 bad438bb5b9934aac9a16d0e015c1273
SHA1 5306040b7a06fa933b9a2f2466e06b7ca4c7e95a
SHA256 94c3138ddb565f04a47cdde6df020abd665058ae23ea9c929501333bc9502a17
SHA512 4464691766b79eec5b8c95c30bbe8de6588e69a36e9c7985ab97cb128120d828ea30f9b10fcf9daae9ef8fbcf483254d5b539f946c64142ace33208931ec4adc

C:\Users\Admin\Desktop\CompleteImport.mht

MD5 6a88da2d3763ce5d784c195ca1cd2ae6
SHA1 c620745cb8afb19b6c6d4ea099f8450a74292fce
SHA256 2d93fe53488146b5e67aa9e242d589117b2a7582c287dfd6090538582d93ea8b
SHA512 ae15b14f7d3627557d9f8b0501292745dc2731d35af38e23d6f414a41c07e1e68b485c3eb04203ca560ec48d637ca9aa86298e545969440eff4b9fd0e295349d

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 c3150b24d32b05dd438288e34c58133d
SHA1 1898d86f227969712d89c89688159d9e869f2858
SHA256 3c38bc3ef9702824c36c8ae8b56948ced94425ea8d3064318be55e065c812198
SHA512 13ee18a1d1ef53a4935e5b3d4e038588281425e3cb2578fba92e70c2db29890eaf65f4218b247ec9a18e55565aec2c81c3a242fe93c3ce14463142df3922a021

C:\Users\Public\Desktop\Firefox.lnk

MD5 2a95aa4bf5f33b4b64da24ddb38a44d1
SHA1 456775523e3ee3848c287233c885b8ebe523aa88
SHA256 065d7612c168e525047c78bd9dc1d72ad8603ed4ed9ca1c4cd166539ce254f59
SHA512 198a474b75bd5c88d45cbde9f3f546c0742d8697299c47e09bd4c84ef386a7f263ffa564c576a0dc3e15a628dfc5755a125cd08f6f8896f72aa81bcfd6d18baa

C:\Users\Public\Desktop\VLC media player.lnk

MD5 3238c410c2b7a16f3741f50dbb22e8f1
SHA1 70cc81d5df03c13517f70b674ceaa2ba5bd00f4b
SHA256 7fb95ebff254bb0f94bacc4a4e3109201263803307e5cca51b792d505aef5111
SHA512 063e87dd589e15771d6d54ae67d1b967fe9b1f8ac3db44d0dadf1ed50c612bb7f315c429be06ba00e69c64c41e82252e7bd2b2ca679f47364ead1e5b8d51ff20

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 6a3acf7402f24690ce39397854b94a7e
SHA1 4b5f5981b771b2eede6342ef7603fa76f01da8b8
SHA256 8518868a0b81566e363f8b24d2a155b265099af99d34145abf7c530a83444712
SHA512 c26ac25be35c5dd01141978b7e71fe1f30a6dc44e06bf8b34f6601bec2286d1691480a51b9470ff89fcaf087c4949c9531d04a10804b1fb4fe904c913eb2cf94

C:\Users\Admin\Desktop\Pc fucker.bat

MD5 0745b02931d69fcdfb01a50a8c1d1cca
SHA1 4e96af16a85b6dc4161918a552d9f0306b5dc666
SHA256 9225694471ee8194a14d664970c91fc0ec19d626e12754d3f7dd7ed64da2a8bc
SHA512 c7b60f2c8fd7d65d9e013f5bcdc039c98a8cb85b3c9644456387675f0c4506b4269f45a53e7f7d01b7a5ba0448225e1cd7733575143b53360ef7da039f170375

memory/4912-11356-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11357-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.17.201.0\Zephyr Classic\launcherAssets\yeeee.png

MD5 8a377c03e02f15ef0397d89f0506ac8b
SHA1 ed85c391fe70e991d2abb24bbecb0eaaf0d75552
SHA256 464d8afaf7dfa366b71049d4a3c8273cdc6e70a2062a7d23d58481d1f47b3006
SHA512 349e088683abf61918d74b897cdf7516e07e4b301402aab9c2d6295b0100883e0f66b32634cc25a1e1ea378b9994084f3dac652457a72887b7169dbeab1e6d90

C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.16.220\Atani Classic\launcherAssets\ataniclassic.png

MD5 136ad703ba27f07a2140a419078b4cac
SHA1 8c020948fa0e2e7eba3a0fdbeb916d219dc225fd
SHA256 0663de9371c6be579e7e7cfa4c053b3de3c00d3de1c73778f0d5756a69eec77e
SHA512 7e3ca0bd104c7068c3f12b55f62b98719f4b20757f924ab7034436abe9f905c8aca169b81c21085e5dddfc57c8887df02dc4b767ac65796e836a80041dda7e9c

memory/4912-11483-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11485-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11484-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11487-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11488-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11489-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11490-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11491-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp

memory/4912-11522-0x000001D0C8390000-0x000001D0C8490000-memory.dmp

memory/4912-11524-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp

C:\WINDOWS\FONTS\OPENSANSLIGHT.TTF

MD5 1bf71be111189e76987a4bb9b3115cb7
SHA1 40442c189568184b6e6c27a25d69f14d91b65039
SHA256 cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512 cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

C:\WINDOWS\FONTS\AZONIX.OTF

MD5 cdfe47b31e9184a55cf02eef1baf7240
SHA1 b8825c605434d572f5277be0283d5a9b2cde59e4
SHA256 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9
SHA512 a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp

MD5 a3646d896ff1918e70cc1bdf8c87869e
SHA1 c14ae8cce9fa0ebea70ab7b5566ad5a7b6ab2c93
SHA256 7b681367f2b831e5cdc069c915aff9c647f3bc3b565304dc17694d2313393678
SHA512 31a51abd43a164518c9c97e02705c10d5043b00db9c0d97da9e3c05a9511b3736bfd1ac424f4d63d3fcd4f9308e5e393382e6b6c49276fec2d87d095e9e21fba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js

MD5 1984b45f201f1fd79d2154406648433b
SHA1 42f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256 000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512 e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 87222f4352c9a66aac4473d16ebdc70a
SHA1 4cd6bb25c6b020a20f65ddbea7361ce1a66a101e
SHA256 872b35e939a8a81f2a83190cbfa90d3b72e5fc9d106a00ca6a35a626096b226a
SHA512 8d4eff29acef6308c0d7981b934118ef34a956c5358b4d00c6d218fe6f3fc488accc38b13d2c9bf4e56cf829f09961948a672068fad62a5e054b66163e1cd7f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee8a10c2201ba6379e1f3cf39efffcfd
SHA1 aa563f05e9b6ce06b12a3ed883c01ee946a9ce04
SHA256 e633cff6aac45cd8fdd842a1b808b0b4b413dad89f44b498d6925355ea4713ea
SHA512 2453f4a5d1e366d9d4068a511029e934ac8bb48d91fcf1e840c2f01059f972d590f60a088b3988971ad98a52a51cfd7d3e6c7a9c650ecdd8b2f3643504d6bd93

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19359

MD5 9f6fe0fe0a95c8be7b13ed5328978ab6
SHA1 c7ce16876aef41d7021187d196b2b680e435ff9b
SHA256 d9848a58802f2c6b74fa2cb7ebe4193a23d7ff3449a1ab3ae520ab0b5e267ea7
SHA512 f1930359a9b6eb2f288556605b714a1e0fc80a016861ce98c4654fbe2a1220d596b9cad99020308d413b2afef59c0b8e3719f59b9a25f405e0e0fc6c7dde176a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\15028

MD5 13017e5c7b5fc8feaf6263e7d2721047
SHA1 6e27df87467963bc39abfc31158dc5852695d264
SHA256 da3db9bcfd314f4564f0b5d9a2f0e8a782141b60c3e69befa8db35e4f110f09f
SHA512 f728686291fbecd9ba96ee08ee1d18ba1b264b4416760ba61c280dee8e340c4c81b277e27c1e134c1ed3245a6dd1a801d32ef81e1437d939f49797134ec79f6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 d0c3bd97aac8fac0033c55ae1a7249cc
SHA1 afc06514f3b77977a9a3fb6f9dd3a0aacb147c15
SHA256 b14437cb5a75336f26ba5d9f471baf225eb567f234c8b2f25a7404958054c5ae
SHA512 ac113e8114d5b918fd5021f480717ba6e91d8c0a827ff5b1d53d2e0b7dd6c0ffc3ef6785c930865e24941e31f6ded1b9ec5e1018ed8ed1d6408fbaed4794d719

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\9104

MD5 b1d0b5c0453694541f53b52dc9d23c62
SHA1 dd0fcf39c1f8a8a3b156e210f8960762151f94fd
SHA256 0f5e8d17ea73de0e148cc7004a526181d23e476514556e40ea65642b6ea9e818
SHA512 b25f860150d82e66f72e635af0a102d9b34f761afa3d2393c083bb6d85ed6ffe80a76f26308b8efeaa94b6e6780ec995ddacd0593688e5212e13ebd259178783

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\2573

MD5 bd81189c881d034b8b35ec1d1ce45fe4
SHA1 c59a4161f109035026ad7fcd569dbc94d4e4e3aa
SHA256 4c5a5299e68119161c44983a220b762699839e73480ab7abfe84f4cb6c98a824
SHA512 d3dd8fa1553ec53ae2272ca74424f94e28118e43d88a2dcea88a00f68d1a91079102bcb956a0e773af71956cf15633a265143927b6df4eb8a5ce635f516519fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\12551

MD5 750ebe747605002f70de788b0aea1598
SHA1 90961227f4bfb5c4aaade640e4b690be8ffe08b8
SHA256 893475b988eb4616d0844f0e817b25d53ecac3b1e579e5a9f261f72f4d4b8f72
SHA512 430d84bf0fecdacc4c34d601680a8259751b00c191f76f9dc87f64fe22cc451391c597eb1e0b467a6cb9dfac481d01bb6187ba877dbec95f082898011d6d8cfc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\31146

MD5 f54e8ee24f45e863940614d69d52a00f
SHA1 4e47b87016d0675885cce016d4d723435b380809
SHA256 6efe6f0f37567b7a0ed783ea4febf9471120cbc3627b421f37a4c45f6b296d6a
SHA512 56e1cd436c672c08ddfe9930f82fdcdbe6d4bd0a0a89777b5160218b15012fdaf802f907f266f11a33159b4e064691df8d92d5deb55052266271b41fa63fad1a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\25334

MD5 f53c5998b1cced98c105716cdee75cf8
SHA1 b00fd7681d812836d3cb46bf50699cd1164cbdfe
SHA256 23a0880fe0d1132e272734c076d0e8d895daba02454c069e695fef0c6badb6fe
SHA512 6f116e3f9a07d1d42cfc5e13c6e31e6a962f449730ca398996ead3c87cd08b406979efe8d5e5a45ec45d9e5d56424d8296eedcbc1efcdc1466b1b14a2bbc38bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ec1fad3625d765d2ec1d0afba2c96236
SHA1 7dbf6d926db2b8345f035f00dde6806d19ab85a5
SHA256 8554458772524ba48d43bd719767a0d8da1b36bf2c81fa3d9be08aac0026d1e1
SHA512 ca8d6895e9e9a026158fdd7647060ad0f944744546e891b95aa582b5d959e0d3c7ec1911a8b5245897dbc46e119b03e064da9b14d0a4481327a1462ae42844b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

MD5 d9f79827fbea7965691660145d77ea18
SHA1 bc01d53a4525cbebfb848d57094aa608c4ad4748
SHA256 b1a56e21651a04daf8ec85033e4a1919ce8a1b4dde896100dbde762b47c12d5a
SHA512 63f16053c096c98a165b5433507586a360340731a689a50208b4a42c3ab71f1ddcb9310b58ea82b06cd437fb8be34c44767aea2410b7dd730ad8d829d0955bc7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 f532567154cafbab872382b9c07acf63
SHA1 204d4bbd14420f3bae347a20bcd47199b595efd6
SHA256 b52e10cf6f60e35733e860e70e88b108b9ad4afa419dcc31cdd81e811e0f86be
SHA512 06e1e38d1149534fb46795bddfc8ba15ff9bdd2835cadbf07621edecc0e915edb3e66ed5e718438be61dd72b586d5af9cdcc36e6ae94faa7bb52ee43461be712

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\10048

MD5 d9394c05678a8d1ac78bfa50ff299736
SHA1 ce5af960e1db3be42d48373f266ff1c0cf6fb39f
SHA256 31a896d27f5be5721d2f43c166bc9583ebf98eecc0ebe7c3606c0717bc3893a1
SHA512 fa7db9297dce0a6b61de935172ed15bb87f8cbb7ec4e229e9c5dc116428d00584bae0b00e327adbe261e422f9e398354c48e9ea93531f88f053da4f9c8971e12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19003

MD5 025f216aa5cf1de8e04640667944c7c9
SHA1 c4d36cc7de4313ebe8bb5b6f6728aefc15fac01d
SHA256 a26c1bf434a59abe08c2eeb0890e064fb9f9c57ba2cbe4db7f4a50f86dc5f652
SHA512 4bf34d548cfe65e04ab78b735e445def664dba6c68711b59989e84b40f751ca9ba1075a8518265a4ba7796c53f21c25a48d12ce1651047105b2c6f009e9c98bf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\11126

MD5 7014326953634d52652a757cd900ba88
SHA1 9b07cedf0eb337c80920d224ef2816c0339970be
SHA256 c5b050977463dc1b97c7675ffbc305c31fefc90f685c9e1be3fec91539f17753
SHA512 4ecb9af4c4a2434a489d88fb532787ff2ed53214d746329e43240e14774e8184c73f474fdecc5f4c052c8be4df08b5152954aaa3b929cc3f112c19a9ab165783

C:\Users\Admin\Downloads\bitdurtsetup.9soBDGVW.exe.part

MD5 97c85c57ffdc0bc652bb9ed8d494824d
SHA1 94dee39299f76d86ad7fe8f27cb440301fc9f54d
SHA256 1fcf2e00c9ae12d47c1c58a51b08ad32026422fee479c2e6af7305aa140ae35c
SHA512 89d068f61541e2645500846f7bdbabcdba0d79f8f1ed07a1166c85d1f35c181ba74a2fd80f4c7b0b16e0fe636ff8011ca9a62c166d34deea6eb79357f65d37a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 9e5fa8a40e2bac5d0811229ca3472a24
SHA1 c201564d5a2e3f8b9c787d674e5135d01b6fab4d
SHA256 8601b2f5cb216dcc638009884dfa3ba2f6b807489674d724a30e0e5afb55bb4a
SHA512 0cc8279ac9c63902ba3a5ab847a4a8468098bf17821bde356eb34462b96468179b6cc6c4fd453432100337da6c2e9a2881948922abadc2d06fc4a22fc7707954

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 6f98668d90519f684e7d82b198a66c20
SHA1 56d9d94a562061cb495776d5732edaa8b6d402a8
SHA256 db2362307fd66112d8986bf82813e556715dcc6172524b22c461fce0aaea8adc
SHA512 3227ade1cba96b3635ad39109f086e4a08c2bdeb5532fad5fe15b592c4bc6fd6685234ea46414014dde14a7a1ab3c8423c8e77aeac03788841912e6d88d778f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 68e4f72a931585db74553bf31722603d
SHA1 df8302fc3fc4672e87a9a6954f0e871e97c29884
SHA256 ae6ce12b71126436e04ebc3bb914691ee914952eb9ce407a0e7a4c4822c0f311
SHA512 c0709eb5bcf1af7a8496fd5bb2bd2335eea2e21a323e2414f135cc3e84a457f02747dc9fd9bc44391db9becbf1e95eecfb43c639561703b2b5084fe15282c324

C:\Users\Admin\Downloads\bitdurtsetup(1).exe

MD5 b87fa95f852231008727e857ae71bfcd
SHA1 493ba777bc8bc6b10816ffef668d1a88e94a3e68
SHA256 6c7aeacd1744feb85b196077fbf4cf80d7b2cbc60c58b33452c93b696658713f
SHA512 35cdd6089b700c45f203ea6b6fd011c4d77a68a81d9de93b66abc7b789e1eae772da55e49f3d9c60045538f219facf76d15e4654c344076cb5f45ea1e1e97e88

C:\Users\Admin\Downloads\bitdurtsetup(1).exe

MD5 b87fa95f852231008727e857ae71bfcd
SHA1 493ba777bc8bc6b10816ffef668d1a88e94a3e68
SHA256 6c7aeacd1744feb85b196077fbf4cf80d7b2cbc60c58b33452c93b696658713f
SHA512 35cdd6089b700c45f203ea6b6fd011c4d77a68a81d9de93b66abc7b789e1eae772da55e49f3d9c60045538f219facf76d15e4654c344076cb5f45ea1e1e97e88

C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp

MD5 5f87b09f2d406385c943236fdd0c1dd7
SHA1 3373304e61f4eb3b35e20569d9faf27763d8d4c2
SHA256 e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3
SHA512 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063

C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp

MD5 5f87b09f2d406385c943236fdd0c1dd7
SHA1 3373304e61f4eb3b35e20569d9faf27763d8d4c2
SHA256 e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3
SHA512 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll

MD5 9806a1edcaa83c90ae83f6fb325a73a7
SHA1 7c309e62b1c1450c9eaa394b531f428f1289bb2e
SHA256 c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67
SHA512 abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll

MD5 9806a1edcaa83c90ae83f6fb325a73a7
SHA1 7c309e62b1c1450c9eaa394b531f428f1289bb2e
SHA256 c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67
SHA512 abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d

memory/5696-12948-0x0000000000C50000-0x0000000000C51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Apps876\promoapps.xml

MD5 3ef759854b196c3caa0e6efccfb72766
SHA1 c74bb5befe9ef463c8a2b34d14088c6cea811cc4
SHA256 b2ed68fdb361d57ba5540016f860e1cc2ca4aab26456564fba98e94df8027da0
SHA512 7f3df8d646453583cd6b433e9bafdcc66b07d92723e95917ae820efa59bf0491d48b4fbffd3c1d8954c987ef29710012321c76b882687be2a207d8d24970a7b5

C:\Users\Admin\AppData\Local\Temp\Apps876\gtipinfo.json

MD5 0f75fea7da573d1ebd8a6994dde3cc8c
SHA1 22eef46ac33c93bf46ae2282a84ada6df82899be
SHA256 07241f32aed63734011637aa9c5448e87df0d1fe11ad82fffcab643a5f85813b
SHA512 4c688013f47a53fa9b444303bb16220a61696d7eec42f40212554b29dbdae010a04cdc0ac32c30acf441ba7e08b57a96fd42d7d54cd399862e9e2241be0f6782

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 0288810df402213c844ddcc566efef10
SHA1 364a0dbc7a3e46cb384f2a9fc32a6d6dbba5b11f
SHA256 edd61b6e2a026430535647484967d1a5becab1ec90b4214d3aaea89e6144d6aa
SHA512 3d451f15c58f630fc64a9735b689964caa9a7ddc62e64c7bcfdff04591fbd143e39f01dc03e31e68032eaaa3836eb4dee8f34803841bcda5c1103dbd8ab69f08

C:\Users\Admin\AppData\Local\Temp\Apps876\154_61_71_13.txt

MD5 1d7c386b632293d33f53f305f910fdcd
SHA1 5a0297a254200417c32c714f677e09b55e7cf47e
SHA256 81f2bcef1011d9c68bce30b5994d4d511c11b6aa7d84a192b83ab6a3a8246907
SHA512 682004d48a9270f32b0a7184dbd3c9a84314988d7eadc8c21d8505a5450848d77f8a55187e8b6c444b34c772e684796d240e1d3f0d9f856f5566ce7c584c8060

C:\Users\Admin\AppData\Local\Temp\Apps876\en_avg.bmp

MD5 e26e5fe9660082d9579bd032cd7a6e7a
SHA1 61dd028a58f532e125bbdda7f27ca9a03336d388
SHA256 c8e53c45b5972e8b0ffee4fa89d181238747212759ebdde7b497903e78ce7191
SHA512 2de019b8011276079e1c6b69919031a77c56d541cab34bf1bf386b7b41d30898994cc9ae05b7e7ba39aacd1a22b6ad81ab63641c5e33768e4170ef7a006acc9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19038

MD5 86e3704c24451a284dc68c6238815138
SHA1 d0b9424ce141e073903eeda2680b56208fdb6ea6
SHA256 a5b49f6273151c48778ed15e1f4c74ea9d450b99206f43c24fa4aea9cbb00446
SHA512 6ede48c76bf8b7db60532a7d82194fa387162f72b89c31d7c5b01f8535bc2dadf8518e2e31e4643565934b98cbcace359db17ed59bfc66a3dac79050766d188d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\32247

MD5 09cee3e14051f1eb993edb362f1f5213
SHA1 da7f32608977df4a55ee44c6ff074a4477a3af59
SHA256 08acf846cb0d2ce24ef0d0222c79e3d1286965ba9c2c0a4dfe35af292d57f371
SHA512 6414e4b92ba361b2c800cedcc0c13673105f7a68262d91738affa806c4ebadb695a62b571a2f7a3435ad17f27db27f31038313e4a9e0623c51ca002c7077fb26

memory/5696-13228-0x0000000000C50000-0x0000000000C51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaNextAPI.dll

MD5 4c93aeb01da51a5613762a11551e71a9
SHA1 3642d36fcaadc796a4b16380577450d81afff431
SHA256 a98f6a7928b84616043af2691490829aa108be46a08bd209e086422716d2142f
SHA512 4ded40e5a45825decd9f182ecbea17eeef5600b483920d5e3e010f54aafdd049a4e3eeb8ca02502837cd89076b274ffa4bdde2bcca9518776c866503adeebffa

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaSDK.dll

MD5 c0767bf3e9d776ac14d4a7690751c87c
SHA1 1b67a3b025abed3ef6ccbd64143e0a8517a62dd0
SHA256 8e343f727b78a4e706836eaf2525021ddb8567bf86d8ef2a209f719f93443267
SHA512 38e2c8729719d3ea0a833c638666995c3a889d778f032034002395bae6d92c905846099d0b98a6b42dfeac9692ef086f097d43cfb068d5ecd4d441de7544b381

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe

MD5 d4357824e6504254c9a15c72859b87a9
SHA1 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5
SHA256 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee
SHA512 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe

MD5 d4357824e6504254c9a15c72859b87a9
SHA1 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5
SHA256 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee
SHA512 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe

MD5 d4357824e6504254c9a15c72859b87a9
SHA1 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5
SHA256 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee
SHA512 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\jsis.dll

MD5 465d5265bfe5b90f821235f0e13ba5e4
SHA1 da4d81c230b3aaa1e0dc891df8650e3a777da263
SHA256 ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d
SHA512 bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\nsJSON.dll

MD5 18662c1acb667a9db5fb9e90aa0f5dc8
SHA1 d332202bad869e5c71f30bd816940b262cf24603
SHA256 608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66
SHA512 751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\JsisPlugins.dll

MD5 3f4f65c3551435aa4f70b23db238e027
SHA1 10a50d1003a2da42b869527098758bbd0c5a0b93
SHA256 3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f
SHA512 15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\JsisPlugins.dll

MD5 3f4f65c3551435aa4f70b23db238e027
SHA1 10a50d1003a2da42b869527098758bbd0c5a0b93
SHA256 3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f
SHA512 15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\StdUtils.dll

MD5 9a44ba9a6e36099d8058fed7feb1ca5a
SHA1 457679105484f604606db9b7cfc809240620747d
SHA256 445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d
SHA512 34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\thirdparty.dll

MD5 080eea7a54aeb7ea3d016645dec05bd6
SHA1 771e1b0fe952ace3d2af3985b0b8d06c65f4d902
SHA256 84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4
SHA512 a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\StdUtils.dll

MD5 9a44ba9a6e36099d8058fed7feb1ca5a
SHA1 457679105484f604606db9b7cfc809240620747d
SHA256 445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d
SHA512 34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll

MD5 00fd199d6b8d08446f4862c31b191ca7
SHA1 b6ff09243cb10e34ed8efbdd822add98585008d4
SHA256 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24
SHA512 fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll

MD5 00fd199d6b8d08446f4862c31b191ca7
SHA1 b6ff09243cb10e34ed8efbdd822add98585008d4
SHA256 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24
SHA512 fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll

MD5 00fd199d6b8d08446f4862c31b191ca7
SHA1 b6ff09243cb10e34ed8efbdd822add98585008d4
SHA256 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24
SHA512 fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\CR.History.tmp

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\places.sqlite

MD5 d94f8ef7b0c89e7924e4cc8436e5b389
SHA1 a4fea46f9bdca50c381a89be9a0f4706d20abcf0
SHA256 089ff6f933bbdc42c44eade063823a87d6d750eb9d06ab2466a7472fd08067b3
SHA512 2dcb2b419231dcee54d08be3d338151347bf66b485c9a397a11b7418d75dedab64956512869743b6cea57ac27bdb57879fd3b29433b622ded6dabdc86d091fcd

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\FF.places.tmp

MD5 d94f8ef7b0c89e7924e4cc8436e5b389
SHA1 a4fea46f9bdca50c381a89be9a0f4706d20abcf0
SHA256 089ff6f933bbdc42c44eade063823a87d6d750eb9d06ab2466a7472fd08067b3
SHA512 2dcb2b419231dcee54d08be3d338151347bf66b485c9a397a11b7418d75dedab64956512869743b6cea57ac27bdb57879fd3b29433b622ded6dabdc86d091fcd

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\CR.History.tmp

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\search.json.mozlz4

MD5 033eb0645837c8b618a593f7b9a72642
SHA1 cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA256 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA512 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe

MD5 34a8f08f336cc90a6746e954252074d5
SHA1 6e15049f46b7d84f72f5fd29b5763092101ffab0
SHA256 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7
SHA512 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe

MD5 34a8f08f336cc90a6746e954252074d5
SHA1 6e15049f46b7d84f72f5fd29b5763092101ffab0
SHA256 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7
SHA512 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe

MD5 34a8f08f336cc90a6746e954252074d5
SHA1 6e15049f46b7d84f72f5fd29b5763092101ffab0
SHA256 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7
SHA512 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

C:\Program Files (x86)\GUM2094.tmp\@PaxHeader

MD5 de9bfd204320e798e214b64ecf475500
SHA1 2f999b22940ea6180ed195866135d07735d6093c
SHA256 6890e99d8001fe1b3d9cb1e1217f260427bae76b6b670a75255ecc1d8ba17eb8
SHA512 27a5818a9d20307e532e03cc8a2af85206caecf524d347a1beb9f75a4c915317cc5b599247521633f325fe25ed53a8c1bcbff553947ee333158a625e12434a6a

C:\Program Files (x86)\GUM2094.tmp\@PaxHeader

MD5 e73c502b6f61fea0e09a7343d159211f
SHA1 de886c8fd0f2b9305375c7f7e1b60ace4e0db736
SHA256 142ac02343c8d890bcd1c948a849c9824cabc90a21f3cd666608ed14be8e4a99
SHA512 c886d71efb6d67ad902293756776842f0647895fd25c857b8008389e6b4bde3acfa3678039f39c29dee2496562c07399ab373b0bc813ccb068896fa63dff41dc

C:\Program Files (x86)\GUM2094.tmp\@PaxHeader

MD5 7a20cd9f5231872c3176a64d84f26c97
SHA1 f808dfa43a5f72d77222b368db501708acd3f956
SHA256 0547a95421b6d8ae6b6f3c71503eda478e490579b8705814c74130fce5177120
SHA512 07b032a78088a726c80ebf8e366810ffbf18bfda7f3845b5ad305b5c139b672978f5595609b480cb9623268e6f51b89cce02f1be80abe6e72c65d1335769f8f8

C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe

MD5 a2e0e8ff0bb8068d6e06db4b5da75806
SHA1 8ff63d9d3c7879f40070851e464241ab5ce82273
SHA256 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964
SHA512 dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe

MD5 a2e0e8ff0bb8068d6e06db4b5da75806
SHA1 8ff63d9d3c7879f40070851e464241ab5ce82273
SHA256 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964
SHA512 dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

C:\Program Files (x86)\GUM2094.tmp\goopdate.dll

MD5 0fb0c73e4ea6f96f77b6767c8a144c33
SHA1 cfe4a43b70b5e7fe07caac28b508830d273cf1ab
SHA256 a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f
SHA512 0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

C:\Program Files (x86)\GUM2094.tmp\goopdate.dll

MD5 0fb0c73e4ea6f96f77b6767c8a144c33
SHA1 cfe4a43b70b5e7fe07caac28b508830d273cf1ab
SHA256 a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f
SHA512 0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

C:\Program Files (x86)\GUM2094.tmp\goopdateres_en.dll

MD5 2d104154df1390915432d09a15494d1d
SHA1 c71ddbf257e3cc823436e470b16faf95256b104d
SHA256 8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c
SHA512 92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31

C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateCore.exe

MD5 0eaf12bb06501a62df52d3ff488d009e
SHA1 217b8e7b39d9698f134a2ee91efc6c07957b2503
SHA256 b9e37578debabb533b5ad30b31a20c1275f12eb5b1778386c2ee086b09512c37
SHA512 d418cc64bdc84217d98b1d7ae9f55d51873070372418cb88b1720e48f0fa744dc60b72c053cb8ce42be488b581eef60b93ed6d1d797520796f52f5c3b551acd9

C:\Program Files (x86)\GUM2094.tmp\AVGBrowserCrashHandler.exe

MD5 ad2e402663cf92613e1ffd1d04bcdeb2
SHA1 cea9b5d96b47cf9c82254593ba12b50b97fa59f0
SHA256 c72b63a6b690352af20405cb0e9ab84951ee116f417a2b6462859242bac4137b
SHA512 94a86ab826c969af54c9be213e1bb282f0125d645bc865a014d3421caf93467f01ae01cc9fcac3c79c05b1e60f18c1024ec1f0c7717056164a8e5d7cf1336bc0

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

MD5 a2e0e8ff0bb8068d6e06db4b5da75806
SHA1 8ff63d9d3c7879f40070851e464241ab5ce82273
SHA256 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964
SHA512 dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\npAvgBrowserUpdate3.dll

MD5 c46c52976d49246aa050c868d7ecb412
SHA1 2257221d881d874f18f7f7e3cc966b79420672c9
SHA256 872cdd1cd854d0973be3f6e5d3f361b9d85c7ce035a380e5f313dd7eb26b43b6
SHA512 24801e16dbc32fd389583c62ab4157b25318e645fe2b911bf8b859a72a3c38c103e86ef514a7a9ce3da6dc76f1c076253930657aecb955d56b94593d24a26cb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\9D1B9071715C88213C449C8FD6B03BD9B2B2DEAF

MD5 d95fe4172e7d5bb527d0561d596c180d
SHA1 25cebd71153dce6780580a654b63d72f6f70c16a
SHA256 4641e37d0194748ceda9af9e2b93958ef891dc80742092063745047a84d7ed15
SHA512 808e885cc13b873c1828798f9175c4384fd456bf40162df5287748662eddfb96972109980c930da1d26cbb58957aecda6039a65dd40e87b8e14bb934ba8dc687

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\30434

MD5 e66357558ec1823e88e52619c6b70952
SHA1 4fa9c308593c464c548a91c8000222bed9bf3981
SHA256 efaeb4f01e3c4796b0418dc11b86c34c51f9f7f4f6b7d2ac5477edcdecaa3172
SHA512 122ef95d15097f9f9c5595a010a76a580fb1e5095d1204f3dc50590ae155f1cf46df7cf602765b5bd1bf2c1ad8ea14ba5e21f29ae099c35edd4a8b4e97cb5d35

C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\111.0.20716.148\AVGBrowserInstaller.exe

MD5 58fe6cfd35eef6261af2212dd1031b13
SHA1 8ac9fcc31f9debfafa1d518a68b6d9a7cf539609
SHA256 1e572415a647a8f4e30df09b26f47e5edf5744c1f6555825d6cf08fd631a1c55
SHA512 778b5cedcd2579cc5c30bfa31581707ce02cd78edcf353a2fcfce4e1d1eee21bdbbb91f613e49da32e4ee722d134a7d1b8fa476b45a32f9881fd0619f3b5c938

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19585

MD5 bf46fd0a002b290a5862efda25a17ff6
SHA1 d4abd476690e85cb7a8213ea86e4d5e907ff929b
SHA256 3a5a91349b5121316923ab101ec0dd29504a975198f214086f86b386db87898a
SHA512 dc82d9e14e91017d72e6ef2cb6c6aa21f075f1bb388eabd648cc25b3decc671aa8f3d3f2305c1bd9b799751518d5f3c9cf5efb0423481ec94f6fc547a1ff432c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

MD5 8466106ffd3409fef5f542bc80160586
SHA1 cc395a1a0c4cecdffbc4e4b7a0672cf773234eed
SHA256 02fce008da5e3571dca0b966c7c4ffe8dcf85d424ceefce9adb7eee4bb2c9b9e
SHA512 3cc96bab0efc36ce9b1579d4e9b7a52e1389815526aa403204179c21dd4d00c4845a020f5b2a69d6be7789f9fd82242ef30b10401224bde83cf3933950589d95

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\C70E94FEF8BDC55C26EA1A771B3B99AD46C49195

MD5 51257a26a28119e64cb3e68decb2157f
SHA1 deb2b6581f6c42c0c9a0ae1a801c04d8191eaf14
SHA256 ed10ebe61c5f26ccba9f3c501d74d36e8c4d1bc8d9516a6b7863a5db54d0f36e
SHA512 bf116996375ac6ec7a4c1430f8c3e2933d546cf67b779678469d937134f4b5844f4078ed539a3d8fc2d38eb9ac88e02716ffb3203414bdb1d7c365d0ddbf07e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\8B4FBBAA9033A93F0B81CAE921AD59CCCF42C12C

MD5 a76e60aed07e9cbceace371f79d684d9
SHA1 cd86d080f59688db4a368b81e87db5ab2bf5495f
SHA256 6aff771ba3c5e05838fa5fa68d2dfb673cb7b299cdfebf868ce589c8070e9f34
SHA512 29d9393ebcf80c450ce40d1e67770dd5cbebb891cc8ef2b4e82c9105edada6e2a483beae31240c391180430c24b9c437d540387a5ee076d827b036dae93b5fa4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\A3D6A16A26B1D7399736688127F90A7DF9933EEE

MD5 73d4fd9be7eb38eabae20ced508324dc
SHA1 66de5707d07f4954d9ec1f1c7d60dcf1a18b3eb6
SHA256 0a621eeddac2ea61c0b0c45a5a6acf2682e4f45d0586f30cc7e0c5d09dcd827a
SHA512 e0cca329580b5715634a2c3954b86d375a7a3d7b0482e9d17118e1fb4e5db26406cda7fe4c1d92a73c4323dcbf532ea5e62ea1f9d10d97aaf07910468c039824

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\EBB29891A8756468BA9CAAD7866A8BB655A35251

MD5 8d7c8bcdbc6d24d2f8f934cbd22a3136
SHA1 556d361c33f8f42748cae9283163d00616b6655f
SHA256 77ffb80b68d5c544aa7279aba946276e1a388acff73ba9ce5a7e7b139e2bef00
SHA512 6e08cfe967501163e9406710a07a0ee378d3fc1956acd280497828d63efcb688352cdcde46614f2f243af13f53c2766a8e4837d0938c915224fb2fade55d70dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\14210

MD5 c093eb0c014ad6116565a8ef12f0ec2b
SHA1 12a1081ef9aeeff34c64972bd4a89550d2022ad4
SHA256 ac146412a6d77116a3be45e7bf832abe7fee65c7e11e79a3b804b54552082cb0
SHA512 d70a620b604c68df912a2751ac7dd6bcd607465f846f7d9d75de1f24ec022d68289a00e3e59fc517e986f9cd9d27f36827219018b4e6eb4fc8e331fd007d87f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\7F42FE94851B64C0E4D94EC04171C776F1AB30FB

MD5 c391037552daffb57a98b41eb2acd608
SHA1 6c6b03c67ee583761ddb7f9790beed9a8c245460
SHA256 21ac77d2b33a0a049b36dab2a46b15d9085d62137dc7190ccac4c3ce8822b897
SHA512 5e407fcd71f183d286da5eff795c9ea7ff8d0a578bad3aa92736150ab118cf7cdd5b8bccf515dfb18ef8822bf6b110a5206eb855f8b43b87de1e87bf63194160

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FFD89C047463AC2E0D4762A9B5A942050BDACF14

MD5 d6e7a82c7a00ec12248fe1d31d17dc5d
SHA1 9bedfcf0d16860986305bc4d7d976bb4216994fb
SHA256 dd5ed88b17d96471f37005abbad4908840718de43ef75251d750c1326c8b1306
SHA512 41a5804c348728cb778f6278651effac3a63300210c338ceb4200371adffef54816f4dd187a110b31719c1dae0b696d6b74a04b46877d32965300b1a254a3a0a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\4DC1135366EC68B043CEA58A6D9E4651AE97239B

MD5 81e8b9d2343a675ab9ea4ea2cf56cec6
SHA1 f159d35e33f7b22432361dedcf0d23983f4ab76b
SHA256 996214df185e219aca10d9abd6ece5fe57ffd4bb1c419cda969d7fbb7a3621d1
SHA512 60b44a5ccd10bbc439e0371ce0f663bd3cea22aad79437bec5f8e2d5d271c3492d90494346b9abc5beefa0cdb6c9cd0dedb29a96fab3b21c57216d8bea00fccc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\86D907A7A02E68DF27AB8DD8BE09BAF3E01176DA

MD5 cbb6ea60f763af73dcd31fb4d0146bd7
SHA1 d622c02b306072a1333269a5641a29615a30354e
SHA256 83246087d1a1a74724a2017171d819f14265eed2d992f8f6d1ee826469699b70
SHA512 eb843f854f713ac8ef3e9afbd27c09f09d3303f5e1da24975c66bdf71297f0e7ee3979b54959a4cf4e2add1fa947a544d079e787a768016115b99c31a18fd2e0

C:\Users\Admin\Downloads\NoEscape.exe

MD5 47340a3629094c6e83926c447aaa1ec6
SHA1 051205421dfe943bda589005c82e520bf0599660
SHA256 719aa1929865aacde378eb158415e6bb54b5020fa47799d98445b211a3d84613
SHA512 623b0cbf5d6f8c2d64b51394ca35552a4c90490a53f968903e553d210072ae6c235ace54a8e7968ba33e9b7d27037daab6c7f3df3932b8989db27e5b126a25df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\6315

MD5 62ed82271ba4c4c94d1acffd1f805728
SHA1 30dc2ab94d7427270bcffafccdbb89279b086860
SHA256 c678d2a74f987998ed664524a6692d00d24ceb73f2f3b9f02a33c55abf5222fd
SHA512 c5cef2c5a6cd3c0e12bec5c77c714bc733c04c2684bbdef44fae6186cee57e6342ddf472219d801a64dd5d575e953be37e7b6c98ac057431fd93dea9ed84f8de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\7D038D819C43A3424FEABAE44418A58AAF3A5DF0

MD5 e714bf6f3f0ad133fcb071dfbe7a846c
SHA1 4c70212306fea44ffc0234cc0de12acf89659dff
SHA256 5cea86960c0ccc0dc47f0fdac25d2a8f216a440784c06d7a291de368d9496b18
SHA512 99a2142be1e06fa8133ff706c0f7a0ed0e5ae42e67b0e91f2735d6a5ef937d13f36cc15a6b5d6e83db9a75431fc6a9f0babde801e3872c65f8f7adf57d9d2312

C:\Program Files (x86)\AVG\Browser\Application\111.0.20716.148\Installer\setup.exe

MD5 a8cfb220ea1468012e372efa0b389e52
SHA1 c7e35e62593fe08ad3cc31e1a0336d16779cbe73
SHA256 a316e751dae40110cfc587f87c9f882be1ccd184ed86544e2fd1cf23f4fd6c04
SHA512 f8b56d3cbef09c009124511e88c84617b59c2dccc4b61487d7ef21ae5a5170e846af27b3ec177c327cac3fc1be1f6cfaea260082cd5e7a854233d6e0e1458dc8

memory/11432-14612-0x00007FF9B0630000-0x00007FF9B0640000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk

MD5 f379c052eac62da5fa29e4bda3b68b1e
SHA1 0c3cfeb9e5ba62bc146cbb6b54f289c391b95d28
SHA256 20314ae177a284674bb2fd2b68fbaf6d4707c3b11867d256c04044a34a3402fe
SHA512 a3d2afd65c4b486ac0dcf7f8949127b12756867985807dd1840d9f4b0c85b07c61fb27b57b7ae143ff215466abc1aa1c232a2c3d2c73713d9af97a90d44334a3

memory/7672-14659-0x00007FF9B0630000-0x00007FF9B0640000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\E46918910165508D39CEBA92855F5E88363EC242

MD5 22725d6ea3b533a640396ef24533b2a9
SHA1 0f33269cf3751d3dd0546e4e3b4c10d90bbafa4c
SHA256 fad8f1a8bbbe1bf0890f8eb478e95fcd59347e499b1139b289d05b1630101e0f
SHA512 be7c843bbd5a45396d70716f961e4651de7016847dc672ffd8a0f3bada66a1652a9e16ee6fff5925efd9413990d34fda144ccefc535b2166e6c0e8ec757fcc1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\5345

MD5 9c076416c66140fc8cc1eee931332d4b
SHA1 722206243082782ece1bfe16434a430c704de9ab
SHA256 b6213df8b77f8266517b8eeee134be2018f4b4b77f687744941daae545b9107e
SHA512 f2fe3dae1c0d050950fad955364c9b220f8807258484b72b3b82495769849c239b99527b8cc30989c71cc288118b0526c042bbb7ab391bbd406a81f6e91311b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FC3CD48C76DE937109E22152098456855A3FCB6E

MD5 006b6b39476d77ef4fd8a721924edf1c
SHA1 9671e4fd7cb3767db4a27b7f6b316679ccd84ce7
SHA256 d8b55f2e4b7b74f40d8e1a19f1c353818bed401dcf637c219619534f3dc4e4ec
SHA512 dba41b4a4ac1c4f92f9efc8621f208460cde0955747d51d60b81c5bc4ee59f770decb68f47cc3b498fe73682cfb100154ae80d90a6e142a15a28d69f29a3868f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\0670CE4D19DC348AAD008AD9A5D5936C62B64D02

MD5 beb79608b200e22178dd58d5dd302489
SHA1 a00f3896102f54b1ac4aeb110defe9519b82cdaa
SHA256 767e5c33788ee7079c373ba56dadc6ba9709c90bc9251025d876dc3f9245a07e
SHA512 105702f44b1bed5a6a702a922cf9a2008b8d28775552c55b3e2765864ddc23c48e2cf81a7587eaf10b635c75cd993d2899b9dc850fb3c30991b1dc698f6c31d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\9CC2EA39F67F72F30D975C6BFCD2AF3B88DBC79F

MD5 6fe7d6fb631b9bdabb8004a6d11ffccd
SHA1 b08b2ea790dc84e277196d09ab63633b32ee7bfc
SHA256 e90705e41d911f26fb8d99104cccfb070b99e2c370f9165506884d4ece0e87c1
SHA512 61613167e13494a6a4604679f2fee8361b0360961fcab8eaf93f18622802c5398e19446b6f5e413c89f0c10bfc5469bc2e28d84e08e5944682f26f9e8ae3a19f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FDE8B9D575D981F51FB165FC50C428F5159ABABD

MD5 619d4d4a22eef41a9a6758ac2e7fb5f3
SHA1 b10d64dabe2839fee137a06ec184dd892a8e7e04
SHA256 4bd641379847a9a0c539d8deca414ec6c650e9701152d241f0a801e9cc5e6001
SHA512 80ffec3f958e2c9af1f708fb3bce08fdcc588c4f9c567441e19404427a75c5cdd0f4381e2fd2ea599b7d8525f2cb30fa5486ef21c3bfe71b1a12e9ecbc2a40f5

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 146157cb7116d7803bc3a57a7717a51e
SHA1 0d4179152208085e3e6b10a59d95949ef713a7cf
SHA256 41f555480398d239cebad34827714c12d40f65556032f272a9b1f97ba3a8e473
SHA512 bc26b096afc1ac32244bf8595377adf4c7b67bfc384ff5e127f47f4905723ad381e95c82953659ba1889e7ab7d39166bbfed662a0547c8c648848e60ffbce038

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\thirdparty.dll

MD5 080eea7a54aeb7ea3d016645dec05bd6
SHA1 771e1b0fe952ace3d2af3985b0b8d06c65f4d902
SHA256 84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4
SHA512 a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\nsJSON.dll

MD5 18662c1acb667a9db5fb9e90aa0f5dc8
SHA1 d332202bad869e5c71f30bd816940b262cf24603
SHA256 608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66
SHA512 751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\jsis.dll

MD5 465d5265bfe5b90f821235f0e13ba5e4
SHA1 da4d81c230b3aaa1e0dc891df8650e3a777da263
SHA256 ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d
SHA512 bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac

C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AccessControl.dll

MD5 604a2e2ae485971e2fa3c87381c34fa7
SHA1 47cf889e2337bb226d3cc91b30384a8898c001ea
SHA256 5c5299d0b5ec902d6e17c81ba429094d943c38f6852a76292bb6bcbbf44aa163
SHA512 c4eec8ad90c476f3fea8b3f5f5b5bf0b0e347d764d04e8d6cbdd5e0cc9a55f5458442c9234f9542c56656974846920ba53bc797fbd187735c32746d7c0c52cda

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaSDK.dll

MD5 c0767bf3e9d776ac14d4a7690751c87c
SHA1 1b67a3b025abed3ef6ccbd64143e0a8517a62dd0
SHA256 8e343f727b78a4e706836eaf2525021ddb8567bf86d8ef2a209f719f93443267
SHA512 38e2c8729719d3ea0a833c638666995c3a889d778f032034002395bae6d92c905846099d0b98a6b42dfeac9692ef086f097d43cfb068d5ecd4d441de7544b381

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaNextAPI.dll

MD5 4c93aeb01da51a5613762a11551e71a9
SHA1 3642d36fcaadc796a4b16380577450d81afff431
SHA256 a98f6a7928b84616043af2691490829aa108be46a08bd209e086422716d2142f
SHA512 4ded40e5a45825decd9f182ecbea17eeef5600b483920d5e3e010f54aafdd049a4e3eeb8ca02502837cd89076b274ffa4bdde2bcca9518776c866503adeebffa

C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll

MD5 9806a1edcaa83c90ae83f6fb325a73a7
SHA1 7c309e62b1c1450c9eaa394b531f428f1289bb2e
SHA256 c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67
SHA512 abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d

C:\Program Files\Bit Driver Updater\bitdu.exe

MD5 73c9d7510bfedc20d89b774851acc8bc
SHA1 b8a7e2bc1adba5f8a18028c6668f6c79fe810f56
SHA256 4c0fd107a9276ecde6727ecd7477fd9b26f69f8b259a1e627875c180186d88d5
SHA512 894743f916f9421c63066dee54c56913c26b175a2acadf4042b14441e753836ae5849f92eb1a418f44b099c35aa54afc7456a27b66a17ef38e493fbe949ec14e

C:\Program Files\Bit Driver Updater\unins000.exe

MD5 5f87b09f2d406385c943236fdd0c1dd7
SHA1 3373304e61f4eb3b35e20569d9faf27763d8d4c2
SHA256 e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3
SHA512 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063

memory/10360-15438-0x0000000000DF0000-0x0000000000E00000-memory.dmp

memory/10360-15448-0x0000000000660000-0x0000000000CD0000-memory.dmp

memory/10360-15454-0x000000001CB70000-0x000000001D07E000-memory.dmp

memory/10360-15455-0x000000001D1C0000-0x000000001D2F6000-memory.dmp

memory/10360-15461-0x000000001D740000-0x000000001DB14000-memory.dmp

memory/10360-15496-0x000000001E5B0000-0x000000001E5FC000-memory.dmp

memory/10360-15510-0x000000001EAF0000-0x000000001EB8C000-memory.dmp

memory/10360-15511-0x000000001F710000-0x000000001FBDE000-memory.dmp

memory/10360-15517-0x000000001ECA0000-0x000000001ED02000-memory.dmp

memory/10360-15533-0x000000001FF40000-0x000000001FFE6000-memory.dmp