Analysis Overview
SHA256
6ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
Threat Level: Likely malicious
The file Ambrosial (1).exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Modifies Installed Components in the registry
Sets file execution options in registry
Loads dropped DLL
Checks computer location settings
Registers COM server for autorun
Reads user/profile data of web browsers
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Checks BIOS information in registry
Checks for any installed AV software in registry
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Script User-Agent
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-16 17:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-16 17:04
Reported
2023-04-16 17:11
Platform
win10v2004-20230220-en
Max time kernel
346s
Max time network
405s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32 | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\notification_helper.exe\"" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\AVG\\Browser\\Application\\111.0.20716.148\\notification_helper.exe" | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateHelper.msi | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_en-GB.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_it.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_sl.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\v8_context_snapshot.bin | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_pwa_launcher.exe | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\Bit Driver Updater\TAFactory.IconPack.dll | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| File opened for modification | C:\Program Files (x86)\GUM2094.tmp\@PaxHeader | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ko.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_tr.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateSetup.exe | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ta.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\hi.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\pl.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\vulkan-1.dll | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_ms.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_et.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_ja.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\ru.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_ar.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdate.exe | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hr.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_uk.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_elf.dll | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\AVGBrowser.exe | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Application\master_preferences | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\Bit Driver Updater\x64\SQLite.Interop.dll | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_da.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hu.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\psuser_64.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\psmachine.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_lv.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_nl.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\111.0.20716.148\AVGBrowserInstaller.exe | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\111.0.20716.148.manifest | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\vk_swiftshader_icd.json | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_pl.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_en.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_hi.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_da.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_fil.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File opened for modification | C:\Program Files\Bit Driver Updater\Interop.IWshRuntimeLibrary.dll | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| File opened for modification | C:\Program Files\Bit Driver Updater\Microsoft.Win32.TaskScheduler.dll | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_lt.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_tr.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_hi.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_sv.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateBroker.exe | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\chrome_100_percent.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_am.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\goopdateres_bn.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\SETUP.EX_ | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\fa.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\sl.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\Bit Driver Updater\System.Threading.dll | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| File created | C:\Program Files (x86)\GUM2094.tmp\goopdateres_de.dll | C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\bg.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\sv.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\uk.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\acuapi_64.dll | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\Locales\nb.pak | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\111.0.20716.148\setup_helper_syslib.dll | C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe | N/A |
| File opened for modification | C:\Windows\Fonts\Azonix.otf | C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe | N/A |
| File created | C:\Windows\Fonts\OpenSansLight.ttf | C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | |
| N/A | N/A | C:\Windows\system32\WerFault.exe | |
| N/A | N/A | C:\Windows\system32\WerFault.exe | |
| N/A | N/A | C:\Windows\system32\WerFault.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AVG | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20230416" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\ProgID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVG.OneClickCtrl.9 | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ = "IPackage" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\NumMethods\ = "10" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\AVGBrowserUpdateBroker.exe\"" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Windows\system32\NOTEPAD.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ = "IGoogleUpdate" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods\ = "4" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ = "IApp" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}\Elevation | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\goopdate.dll,-1004" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\Elevation | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods\ = "24" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ = "IAppVersionWeb" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\NOTEPAD.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\ = "Google Update Legacy On Demand" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A01E2077-A5A9-4229-8BC1-AB2D43564381}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85E3A60D-9214-46A6-A266-312981649DC1}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ = "IAppVersion" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.oneclickctrl.9 | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avgbrowser.com.oneclickctrl.9\CLSID = "{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}" | C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\VersionIndependentProgID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreMachineClass.1\CLSID\ = "{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\VersionIndependentProgID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A01E2077-A5A9-4229-8BC1-AB2D43564381}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1582.3\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{85E3A60D-9214-46A6-A266-312981649DC1}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\NoEscape.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\bitdurtsetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\bitdurtsetup(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe
"C:\Users\Admin\AppData\Local\Temp\Ambrosial (1).exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\8uhgtghgj3g834gizn43nzug43nzg34nzgz3n4gznu43gzn34nzg34znug4znug34u.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Pc fucker.bat" "
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 13224 -ip 13224
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 13216 -ip 13216
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 13148 -ip 13148
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 13268 -ip 13268
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13148 -s 16
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13216 -s 16
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13224 -s 16
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13268 -s 328
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.0.241181287\1744164878" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {186fac75-8ab1-41ea-a303-67cf02e7df8c} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 1952 141ab1e0558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.1.1430784889\2108244523" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b03b6a94-b283-477e-92f5-a3a756c8425a} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 2332 1419e272858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.2.1632285575\875078841" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2988 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f6f9801-e678-4f50-8513-cdb1ee83ad68} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 3152 141aeee2258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.3.356530721\2459070" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3528 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcd396f-6613-48bc-b5c9-487bf7d02688} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 3284 1419e265658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.4.413665498\54371291" -childID 3 -isForBrowser -prefsHandle 4004 -prefMapHandle 3992 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9727736-7d8d-4ae1-9eb0-a998090bc0e1} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4016 141aeee4358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.7.1220060327\1230095094" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5720a2d1-36e3-4a13-a5ff-14bee063e81b} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5300 141b1675158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.6.8242633\1725666715" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76626009-7e37-4c3e-9cbe-3bce77481534} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5100 141b1674e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.5.751729697\116971479" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 4960 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {930aa579-f617-4c0b-a721-3a0b5b4b3346} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4920 141b15b6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.8.1842024341\1349682530" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5860 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2e72924-8404-4197-afcb-d62bec38a9c3} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5872 141b3a78b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.9.1400576076\1064712681" -parentBuildID 20221007134813 -prefsHandle 3288 -prefMapHandle 3772 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea782663-2f3b-4d0e-b338-eac4017d10db} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5864 141afda7d58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.10.242816886\1177091943" -childID 8 -isForBrowser -prefsHandle 6192 -prefMapHandle 6176 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c810c4e5-3f66-49c2-beef-26a12940e652} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6204 141b3678b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.11.1661570823\1092914166" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26930 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f7e452-5ab1-490a-8c34-8e9f5fad0530} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6488 141b1bb1258 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.12.384145758\44418219" -childID 9 -isForBrowser -prefsHandle 3732 -prefMapHandle 3628 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9025e2b7-0923-4f22-a094-ffb815182660} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5368 141b1e59258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.13.958620288\422729927" -childID 10 -isForBrowser -prefsHandle 5096 -prefMapHandle 5292 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69510970-e9fd-4dde-bf26-dd023381ae70} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 5436 141b23acb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.14.882362140\2052576102" -childID 11 -isForBrowser -prefsHandle 10276 -prefMapHandle 10280 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4831f2b8-b2ab-4c02-bdb6-9d8601738f42} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10268 141b4761258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.15.1548590573\1122929064" -childID 12 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c4ed235-e7d9-4550-80a9-71677d053d79} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 8096 141b4e50b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.16.1804915345\560986955" -childID 13 -isForBrowser -prefsHandle 8020 -prefMapHandle 8016 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0ae07c-4e45-41ef-b31d-826fca016767} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 8096 141b4957558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.17.632981186\621500426" -childID 14 -isForBrowser -prefsHandle 7944 -prefMapHandle 7952 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0071c89b-7e94-4396-b1b4-8b216cc86f08} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7760 1419e22f358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.18.2136647807\974834944" -childID 15 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5228610-5bb1-4fcb-bb0a-642336b4bd64} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7412 141b65e0558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.19.199053630\260785731" -childID 16 -isForBrowser -prefsHandle 7488 -prefMapHandle 7232 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f6c548-0c5a-4320-b942-042d7002aea5} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7228 141b53d5f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.20.1074908763\429463912" -childID 17 -isForBrowser -prefsHandle 7024 -prefMapHandle 6088 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa16db08-b30f-4f8a-ba5e-7fdb34aa85e4} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7220 141b68c2b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.21.1287256653\1095289828" -childID 18 -isForBrowser -prefsHandle 10052 -prefMapHandle 10048 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e195e9-c40e-425a-91b0-fb97f31f232c} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10060 141b68c2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.22.1152860695\909266074" -childID 19 -isForBrowser -prefsHandle 10072 -prefMapHandle 10076 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e15afb9-7977-45b8-956f-a11d5452abc7} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9916 141b68c1958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.23.1710709778\226771257" -childID 20 -isForBrowser -prefsHandle 6828 -prefMapHandle 6824 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ac4aa8-cab4-4401-a552-a61767125a13} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6836 141b6c1c758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.25.90723462\640575204" -childID 22 -isForBrowser -prefsHandle 9692 -prefMapHandle 9688 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7829009-c09d-446b-a8e7-a868a28002bd} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9700 141b7052b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.26.514691855\1930409046" -childID 23 -isForBrowser -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f98dd34-1290-4592-8b4e-7e8d0fb92c4d} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9608 141b7053a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.24.1886351436\258504468" -childID 21 -isForBrowser -prefsHandle 5900 -prefMapHandle 6756 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {138e6bec-358c-49e9-9736-98beb8f98350} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6752 141b4f45c58 tab
C:\Users\Admin\Downloads\bitdurtsetup(1).exe
"C:\Users\Admin\Downloads\bitdurtsetup(1).exe"
C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp" /SL5="$503E6,9361252,1413632,C:\Users\Admin\Downloads\bitdurtsetup(1).exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Bit Driver Updater_launcher" /f
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "bitdu.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.27.1356218972\1282576483" -childID 24 -isForBrowser -prefsHandle 9944 -prefMapHandle 4516 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492a56bc-f0b7-40a0-a51e-1652580a1801} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 4508 141b3c6bf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.28.719288740\667389755" -childID 25 -isForBrowser -prefsHandle 9732 -prefMapHandle 6768 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da918328-93de-4c17-b93f-dfd60219c4bd} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9788 141b361f258 tab
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe" /s /run_source=avg_ads_bg
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe
AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing"
C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe
"C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing"
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTU4Mi4zIiBzaGVsbF92ZXJzaW9uPSIxLjguMTU4Mi4zIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc1NDVDREFELUIxMkMtNEJFNy04MzA1LTRGRDAwNEMzMDgzOH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins3Q0IxQjcyOS01OTY3LTQ2ODItQjBDNC1BOTNGMjIwRDQ2RDl9IiB1c2VyaWRfZGF0ZT0iMjAyMzA0MTYiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDQxNiIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins4RjFBNTYzMS1EMDA0LTRBNDEtOTVBRS1FM0ZFRjU2MkU0MkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNTgyLjMiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTE1MyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dfirefox --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{7545CDAD-B12C-4BE7-8305-4FD004C30838}" /silent
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.29.2097294289\495917475" -childID 26 -isForBrowser -prefsHandle 9688 -prefMapHandle 6392 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0d46c6-04d9-4733-aa3c-1cc5a4faf93f} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 7304 141b0a94358 tab
C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1 --default-search=google.com --adblock-mode-default=1 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=firefox --import-cookies --auto-launch-chrome --private-browsing --system-level
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.30.770954362\802386835" -childID 27 -isForBrowser -prefsHandle 9896 -prefMapHandle 7220 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc517862-831b-4b50-9366-06bc27b2c0e6} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9780 141b1674b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.31.227162389\921491244" -childID 28 -isForBrowser -prefsHandle 6584 -prefMapHandle 7752 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03f120a-6488-434e-8ab7-5b2f56998a91} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6524 141b3ad4f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.32.635125749\542828747" -childID 29 -isForBrowser -prefsHandle 9408 -prefMapHandle 9404 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e04f7d-b1dc-4d26-9006-f4bb7395ec30} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9544 141b3678258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.33.187695075\1378908626" -childID 30 -isForBrowser -prefsHandle 6340 -prefMapHandle 7304 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07db1ae-8d15-4535-95f8-7ecb46a5cc4d} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 9360 141b3ad4058 tab
C:\Users\Admin\Downloads\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe"
C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1 --default-search=google.com --adblock-mode-default=1 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=firefox --import-cookies --auto-launch-chrome --private-browsing --system-level
C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=111.0.20716.148 --initial-client-data=0x274,0x278,0x27c,0x7c,0x280,0x7ff6f4415800,0x7ff6f4415810,0x7ff6f4415820
C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\AVG\Browser\Temp\source13848_10915269\Safer-bin\master_preferences" --create-shortcuts=0 --install-level=1
C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{390593FD-CFAC-40C4-8E89-A9A13CE2F552}\CR_F15EF.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=111.0.20716.148 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff6f4415800,0x7ff6f4415810,0x7ff6f4415820
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 taskbarpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.34.1613059887\1202749790" -childID 31 -isForBrowser -prefsHandle 4828 -prefMapHandle 6988 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e76a97-f2eb-4fc2-8112-ed7b33c542d5} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 10096 141b361ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="13512.35.1692290079\1158244905" -childID 32 -isForBrowser -prefsHandle 7980 -prefMapHandle 9848 -prefsLen 27427 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9722a370-a46e-4a0a-ac35-7144fd0e2bae} 13512 "\\.\pipe\gecko-crash-server-pipe.13512" 6076 141b4da0e58 tab
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Bit Driver Updater skipuac" /TR "'C:\Program Files\Bit Driver Updater\bitdu.exe'"
C:\Program Files\Bit Driver Updater\bitdu.exe
"C:\Program Files\Bit Driver Updater\bitdu.exe" drctlnch
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.176:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.37.195.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.150.43.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| IE | 20.54.89.15:443 | tcp | |
| FR | 51.11.192.49:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.18.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:61220 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.211.203.81:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.9.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 81.203.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:61229 | tcp | |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 214.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| DE | 172.217.23.206:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 216.58.214.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 216.58.214.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | memz-trojan.en.softonic.com | udp |
| US | 35.227.233.104:443 | memz-trojan.en.softonic.com | tcp |
| US | 8.8.8.8:53 | memz-trojan.en.softonic.com | udp |
| US | 8.8.8.8:53 | memz-trojan.en.softonic.com | udp |
| US | 8.8.8.8:53 | 104.233.227.35.in-addr.arpa | udp |
| US | 35.227.233.104:443 | memz-trojan.en.softonic.com | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 23.222.47.122:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 35.227.233.104:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | e10700.dsca.akamaiedge.net | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | e10700.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | static.va1.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | static.va1.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 35.227.233.104:443 | softonic.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | e10883.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | e10883.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | c.aaxads.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 104.22.55.232:443 | c.aaxads.com | tcp |
| US | 8.8.8.8:53 | c.aaxads.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | c2shb.pubgw.yahoo.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 35.227.233.104:443 | softonic.com | udp |
| US | 104.18.24.185:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.47.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 34.107.148.139:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | c.aaxads.com | udp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 35.157.246.167:443 | c2shb.pubgw.yahoo.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud | udp |
| FR | 18.155.121.141:443 | www.datadoghq-browser-agent.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 104.26.7.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | partner46.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | partner46.googleadservices.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www-alv.google-analytics.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| NL | 142.251.36.1:443 | afs.googleusercontent.com | tcp |
| NL | 142.251.36.1:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | www-alv.google-analytics.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | googlehosted.l.googleusercontent.com | udp |
| US | 104.18.24.185:443 | htlb.casalemedia.com.cdn.cloudflare.net | udp |
| US | 74.119.119.131:443 | static.va1.vip.prod.criteo.net | tcp |
| US | 157.240.5.10:443 | scontent.xx.fbcdn.net | tcp |
| GB | 96.16.109.182:443 | e10883.g.akamaiedge.net | tcp |
| DE | 172.217.23.194:443 | securepubads46.g.doubleclick.net | tcp |
| FR | 13.225.30.130:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| DE | 18.66.97.49:443 | static.hotjar.com | tcp |
| DE | 172.217.23.194:443 | securepubads46.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | partner46.googleadservices.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| DE | 172.217.23.194:443 | securepubads46.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | partner46.googleadservices.com | udp |
| US | 8.8.8.8:53 | 232.55.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.148.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.246.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.121.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.97.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.30.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 131.119.119.74.in-addr.arpa | udp |
| NL | 172.217.168.238:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 157.240.5.10:443 | scontent.xx.fbcdn.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | sadc1.outbrain.org | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | sadc1.outbrain.org | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | udp |
| NL | 172.217.168.238:443 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| NL | 172.217.168.208:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 172.217.168.208:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| FR | 18.164.52.95:443 | script.hotjar.com | tcp |
| US | 66.225.223.191:443 | tr.outbrain.com | tcp |
| US | 66.225.223.191:443 | tr.outbrain.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc7.sg1.as.criteo.com | udp |
| US | 8.8.8.8:53 | gbc5.sg1.as.criteo.com | udp |
| US | 8.8.8.8:53 | 66395bbc70971c167e1ede873e416e8d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc7.sg1.as.criteo.com | udp |
| SG | 116.213.23.200:443 | gbc7.sg1.as.criteo.com | tcp |
| SG | 116.213.23.158:443 | gbc5.sg1.as.criteo.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| NL | 142.250.179.161:443 | pagead-googlehosted.l.google.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.223.225.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| SG | 182.161.73.136:443 | dnacdn.net | tcp |
| NL | 142.250.179.161:443 | pagead-googlehosted.l.google.com | udp |
| SG | 116.213.23.200:443 | gbc7.sg1.as.criteo.com | tcp |
| SG | 116.213.23.158:443 | gbc5.sg1.as.criteo.com | tcp |
| DE | 157.240.20.35:443 | www.facebook.com | tcp |
| DE | 157.240.20.35:443 | www.facebook.com | tcp |
| DE | 157.240.20.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 18.65.35.220:443 | d1jvc9b8z3vcjs.cloudfront.net | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.240.92:443 | notix.io | tcp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 18.235.185.19:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 18.235.185.19:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 136.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.23.213.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.23.213.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.20.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.35.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.240.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.185.235.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sslwidget.criteo.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| IE | 52.95.115.255:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| NL | 142.250.179.161:443 | cdn-content.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn-content.ampproject.org | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | cdn-content.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | widget.va1.vip.prod.criteo.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| DE | 141.95.33.111:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.marphezis.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | widget.va1.vip.prod.criteo.com | udp |
| DE | 172.217.23.194:443 | www.googletagservices.com | tcp |
| DE | 172.217.23.194:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 178.79.208.44:443 | cdn.marphezis.com | tcp |
| US | 8.8.8.8:53 | weendom.s.llnwi.net | udp |
| DE | 172.217.23.194:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | weendom.s.llnwi.net | udp |
| US | 74.119.119.150:443 | widget.va1.vip.prod.criteo.com | tcp |
| DE | 141.95.33.111:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | compass-v2.deliverimp.com | udp |
| US | 8.8.8.8:53 | compass-v2.deliverimp.com | udp |
| US | 18.210.38.255:443 | compass-v2.deliverimp.com | tcp |
| US | 8.8.8.8:53 | compass-v2.deliverimp.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync-t1.taboola.com | udp |
| US | 8.8.8.8:53 | user-data-apac-jp.bidswitch.net | udp |
| US | 8.8.8.8:53 | criteo-sync.teads.tv | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | adgen.socdm.com | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | r.casalemedia.com | udp |
| US | 8.8.8.8:53 | adx.dable.io | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs.adingo.jp | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| JP | 124.146.153.150:443 | adgen.socdm.com | tcp |
| JP | 124.146.215.51:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| KR | 43.200.114.146:443 | adx.dable.io | tcp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 3.72.243.92:443 | exchange.mediavine.com | tcp |
| US | 8.8.8.8:53 | ade.clmbtech.com | udp |
| US | 8.8.8.8:53 | sync.aralego.com | udp |
| US | 8.8.8.8:53 | sync-criteo.ads.yieldmo.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | user-data-apac-jp.bidswitch.net | udp |
| US | 8.8.8.8:53 | match-ap-southeast-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb-csync-itx5.smartadserver.com | udp |
| US | 8.8.8.8:53 | match-ap-southeast-1-ecs.sharethrough.com | udp |
| FR | 18.164.52.4:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | rtb-csync-itx5.smartadserver.com | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.38.210.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.243.72.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-east-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | sg-vip001.taboola.com | udp |
| US | 8.8.8.8:53 | e9957.e4.akamaiedge.net | udp |
| JP | 124.146.153.150:443 | adgen.socdm.com | tcp |
| JP | 124.146.215.51:443 | tg.socdm.com | tcp |
| KR | 43.200.114.146:443 | adx.dable.io | tcp |
| US | 8.8.8.8:53 | sg-vip001.taboola.com | udp |
| US | 8.8.8.8:53 | e9957.e4.akamaiedge.net | udp |
| US | 8.8.8.8:53 | us-east-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | compass-viewability.deliverimp.com | udp |
| US | 8.8.8.8:53 | cdn.topsrvimp.com | udp |
| US | 8.8.8.8:53 | ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | compass-events.deliverimp.com | udp |
| US | 8.8.8.8:53 | bid.dr.socdm.com | udp |
| US | 8.8.8.8:53 | ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 44.198.27.179:443 | compass-viewability.deliverimp.com | tcp |
| NL | 87.248.202.99:443 | cdn.topsrvimp.com | tcp |
| US | 8.8.8.8:53 | tg.dr.socdm.com | udp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 54.197.100.119:443 | compass-events.deliverimp.com | tcp |
| US | 8.8.8.8:53 | tg.dr.socdm.com | udp |
| US | 8.8.8.8:53 | bid.dr.socdm.com | udp |
| US | 8.8.8.8:53 | fr-xn.lb.indexww.com | udp |
| US | 8.8.8.8:53 | cookie-matcher-prod.fs6yf3fqvt.ap-northeast-2.elasticbeanstalk.com | udp |
| US | 8.8.8.8:53 | fr-xn.lb.indexww.com | udp |
| US | 8.8.8.8:53 | ap-ice.360yield.com | udp |
| US | 8.8.8.8:53 | cookie-matcher-prod.fs6yf3fqvt.ap-northeast-2.elasticbeanstalk.com | udp |
| US | 8.8.8.8:53 | a179.b.akamai.net | udp |
| US | 8.8.8.8:53 | ap-ice.360yield.com | udp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| US | 8.8.8.8:53 | a179.b.akamai.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| US | 8.8.8.8:53 | cs.adingo.jp | udp |
| US | 8.8.8.8:53 | cs.adingo.jp | udp |
| US | 8.8.8.8:53 | sync.aralego.com | udp |
| US | 8.8.8.8:53 | syncelb-1292340544.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.aralego.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | syncelb-1292340544.ap-southeast-1.elb.amazonaws.com | udp |
| JP | 35.213.12.39:443 | user-data-apac-jp.bidswitch.net | tcp |
| NL | 172.217.168.194:443 | cm.g.doubleclick.net | tcp |
| DE | 37.252.171.84:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | sa-lb.deliverimp.com | udp |
| NL | 173.223.112.20:443 | contextual.media.net | tcp |
| SG | 52.77.109.144:443 | match.sharethrough.com | tcp |
| FR | 185.86.138.154:443 | rtb-csync-itx5.smartadserver.com | tcp |
| US | 8.8.8.8:53 | e63851.dscj.akamaiedge.net | udp |
| SG | 141.226.229.48:443 | sg-vip001.taboola.com | tcp |
| NL | 173.223.113.34:443 | e9957.e4.akamaiedge.net | tcp |
| US | 52.223.22.214:443 | us-east-eb2.3lift.com | tcp |
| SG | 13.228.126.19:443 | ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud | tcp |
| CA | 185.80.39.216:443 | fr-xn.lb.indexww.com | tcp |
| JP | 54.64.172.71:443 | cs.adingo.jp | tcp |
| NL | 23.72.252.161:443 | a179.b.akamai.net | tcp |
| SG | 18.142.198.177:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | pug-sgc.pubmnet.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 35.190.60.146:443 | idsync.rlcdn.com | tcp |
| US | 38.133.127.191:443 | sync.outbrain.com | tcp |
| SG | 103.231.98.194:443 | pug-sgc.pubmnet.com | tcp |
| NL | 95.101.74.134:443 | e63851.dscj.akamaiedge.net | tcp |
| SG | 209.58.168.56:443 | sync.aralego.com | tcp |
| US | 8.8.8.8:53 | pug-sgc.pubmnet.com | udp |
| US | 8.8.8.8:53 | e63851.dscj.akamaiedge.net | udp |
| US | 8.8.8.8:53 | compass-viewability.deliverimp.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.2.111.196:443 | sa-lb.deliverimp.com | tcp |
| SG | 3.0.23.195:443 | syncelb-1292340544.ap-southeast-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | compass-events.deliverimp.com | udp |
| NL | 172.217.168.194:443 | cm.g.doubleclick.net | udp |
| JP | 35.213.12.39:443 | user-data-apac-jp.bidswitch.net | tcp |
| SG | 52.77.109.144:443 | match.sharethrough.com | tcp |
| SG | 141.226.229.48:443 | sg-vip001.taboola.com | tcp |
| SG | 13.228.126.19:443 | ats-eks.ap-southeast-1.dcs-online-targeting-prd.aws.oath.cloud | tcp |
| US | 8.8.8.8:53 | brightcom-d.openx.net | udp |
| US | 8.8.8.8:53 | compass-events.deliverimp.com | udp |
| US | 8.8.8.8:53 | compass-viewability.deliverimp.com | udp |
| SG | 3.1.166.226:443 | ads.yieldmo.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 147.28.129.37:443 | prebid.a-mo.net | tcp |
| JP | 54.64.172.71:443 | cs.adingo.jp | tcp |
| US | 8.8.8.8:53 | rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | sa-lb.deliverimp.com | udp |
| US | 35.190.60.146:443 | idsync.rlcdn.com | udp |
| US | 34.98.64.218:443 | brightcom-d.openx.net | tcp |
| SG | 103.231.98.194:443 | pug-sgc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | brightcom-d.openx.net | udp |
| US | 8.8.8.8:53 | 4.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.215.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.153.146.124.in-addr.arpa | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 146.114.200.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.27.198.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.100.197.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | 20.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.22.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.171.252.37.in-addr.arpa | udp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 154.138.86.185.in-addr.arpa | udp |
| NL | 104.80.224.197:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 161.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.127.133.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.111.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.126.228.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.109.77.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.198.142.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.168.58.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.172.64.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.98.231.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | brightcom-d.openx.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 74.119.119.129:443 | bidder.criteo.com | tcp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | bidder.va1.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | bidder.va1.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 104.18.11.47:443 | js-sec.indexww.com | tcp |
| SG | 3.1.166.226:443 | rw-yieldmo-com-1673518954.ap-southeast-1.elb.amazonaws.com | tcp |
| FR | 178.250.7.11:443 | dis.criteo.com | tcp |
| US | 34.98.64.218:443 | brightcom-d.openx.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | widget.fr3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | widget.fr3.vip.prod.criteo.com | udp |
| FR | 178.250.7.11:443 | widget.fr3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | pugmaster-sg4c.pubmnet.com | udp |
| SG | 67.199.150.81:443 | pugmaster-sg4c.pubmnet.com | tcp |
| US | 8.8.8.8:53 | widget.as.criteo.com | udp |
| US | 8.8.8.8:53 | pugmaster-sg4c.pubmnet.com | udp |
| SG | 182.161.73.146:443 | widget.as.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.sg1.vip.prod.criteo.com | udp |
| SG | 182.161.73.146:443 | widget.sg1.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | cdn.aralego.net | udp |
| US | 172.67.71.254:443 | cdn.aralego.net | tcp |
| US | 8.8.8.8:53 | cdn.aralego.net | udp |
| SG | 67.199.150.81:443 | pugmaster-sg4c.pubmnet.com | tcp |
| US | 8.8.8.8:53 | widget.sg1.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.aralego.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 172.67.71.254:443 | cdn.aralego.net | udp |
| US | 8.8.8.8:53 | compass-allbids.deliverimp.com | udp |
| CA | 185.80.39.216:443 | ssum-sec.casalemedia.com | tcp |
| SG | 182.161.73.146:443 | widget.sg1.vip.prod.criteo.com | tcp |
| SG | 182.161.73.146:443 | widget.sg1.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.0.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.129.28.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.224.80.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.125.126.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.166.1.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.150.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | compass-allbids.deliverimp.com | udp |
| US | 3.216.221.121:443 | compass-allbids.deliverimp.com | tcp |
| US | 8.8.8.8:53 | compass-allbids.deliverimp.com | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| SG | 67.199.150.85:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | spug-sg4c.pubmnet.com | udp |
| US | 104.18.11.47:443 | cdn.indexww.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | spug-sg4c.pubmnet.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 146.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.221.216.3.in-addr.arpa | udp |
| SG | 67.199.150.85:443 | spug-sg4c.pubmnet.com | tcp |
| US | 8.8.8.8:53 | compass-events.deliverimp.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 185.89.210.82:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| NL | 185.89.210.82:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| DE | 172.217.23.194:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | gumi.criteo.com | udp |
| US | 8.8.8.8:53 | 85.150.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| SG | 182.161.73.136:443 | gumi.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.sg1.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | gum.sg1.vip.prod.criteo.com | udp |
| SG | 182.161.73.136:443 | gum.sg1.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | sa-cs.deliverimp.com | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 8.2.108.116:443 | sa-cs.deliverimp.com | tcp |
| US | 8.2.108.116:443 | sa-cs.deliverimp.com | tcp |
| US | 8.2.108.116:443 | sa-cs.deliverimp.com | tcp |
| US | 8.8.8.8:53 | sa-cs.deliverimp.com | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | sa-cs.deliverimp.com | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bdu.bitdriverupdater.com | udp |
| US | 8.8.8.8:53 | bdu.bitdriverupdater.com | udp |
| US | 154.27.69.115:443 | bdu.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | bdu.bitdriverupdater.com | udp |
| US | 8.8.8.8:53 | 116.108.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.69.27.154.in-addr.arpa | udp |
| US | 154.27.69.115:443 | bdu.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | d3jk1lxf0mko9y.cloudfront.net | udp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3jk1lxf0mko9y.cloudfront.net | udp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| FR | 99.86.91.57:443 | d3jk1lxf0mko9y.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3jk1lxf0mko9y.cloudfront.net | udp |
| US | 154.27.69.115:443 | bdu.bitdriverupdater.com | tcp |
| US | 154.27.69.115:443 | bdu.bitdriverupdater.com | tcp |
| US | 154.27.69.115:443 | bdu.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | 57.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | csm.sg1.as.criteo.net | udp |
| US | 8.8.8.8:53 | csm.sg1.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | csm.sg1.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | www.bitdriverupdater.com | udp |
| US | 154.27.69.115:443 | www.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | bitdriverupdater.com | udp |
| US | 8.8.8.8:53 | bitdriverupdater.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | udp |
| SG | 182.161.73.142:443 | csm.sg1.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| SG | 182.161.73.142:443 | csm.sg1.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | 142.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdu.bitdriverupdater.com | udp |
| US | 8.8.8.8:53 | webcf.bitdriverupdater.com | udp |
| FR | 99.86.91.7:443 | webcf.bitdriverupdater.com | tcp |
| FR | 99.86.91.7:443 | webcf.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 7.91.86.99.in-addr.arpa | udp |
| FR | 99.86.91.7:443 | webcf.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 144.128.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| FR | 13.249.14.129:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 177.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.14.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cc.bitdriverupdater.com | udp |
| US | 154.27.69.115:80 | cc.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | trkr.bitdriverupdater.com | udp |
| FR | 13.32.145.106:80 | trkr.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 106.145.32.13.in-addr.arpa | udp |
| FR | 99.86.91.7:80 | webcf.bitdriverupdater.com | tcp |
| NL | 216.58.214.3:443 | id.google.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | udp |
| DE | 172.217.23.206:443 | youtube-ui.l.google.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-download.avastbrowser.com | udp |
| US | 172.67.15.96:443 | cdn-download.avastbrowser.com | tcp |
| US | 8.8.8.8:53 | 96.15.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.avgbrowser.com | udp |
| US | 104.22.62.125:443 | stats.avgbrowser.com | tcp |
| US | 8.8.8.8:53 | 125.62.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.avgbrowser.com | udp |
| US | 104.22.62.125:443 | update.avgbrowser.com | tcp |
| US | 104.22.62.125:443 | update.avgbrowser.com | tcp |
| US | 8.8.8.8:53 | browser-update.avg.com | udp |
| DE | 23.32.238.146:80 | browser-update.avg.com | tcp |
| US | 8.8.8.8:53 | 146.238.32.23.in-addr.arpa | udp |
| NL | 216.58.214.3:443 | id.google.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 173.255.250.29:443 | allllllen.itch.io | tcp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 8.8.8.8:53 | 29.250.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 69.16.175.10:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | cds.j9q8r6t7.hwcdn.net | udp |
| US | 8.8.8.8:53 | cds.j9q8r6t7.hwcdn.net | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 99.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 8.8.8.8:53 | w3g3a5v6.ssl.hwcdn.net | udp |
| US | 69.16.175.42:443 | w3g3a5v6.ssl.hwcdn.net | tcp |
| US | 8.8.8.8:53 | w3g3a5v6.ssl.hwcdn.net | udp |
| US | 8.8.8.8:53 | w3g3a5v6.ssl.hwcdn.net | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 173.255.250.29:443 | itch.io | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 42.175.16.69.in-addr.arpa | udp |
| NL | 142.251.36.2:443 | cm.g.doubleclick.net | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.2:443 | cm.g.doubleclick.net | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| DE | 172.217.23.194:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| DE | 172.217.23.194:443 | www.googletagservices.com | udp |
| DE | 172.217.23.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | offsetprovider-search-sites.svc.avast.com | udp |
| DE | 34.159.167.110:443 | offsetprovider-search-sites.svc.avast.com | tcp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 110.167.159.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| NL | 172.217.168.206:443 | lens.google.com | tcp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| IN | 20.207.73.82:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| IN | 20.207.73.85:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 104.22.62.125:443 | update.avgbrowser.com | tcp |
| US | 8.8.8.8:53 | evntr.bitdriverupdater.com | udp |
| US | 191.101.166.8:80 | evntr.bitdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 8.166.101.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.155.64.172.in-addr.arpa | udp |
Files
memory/4912-133-0x000001D09F5A0000-0x000001D0A058A000-memory.dmp
memory/4912-134-0x000001D0BA950000-0x000001D0BA96A000-memory.dmp
memory/4912-135-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Azonix.otf
| MD5 | cdfe47b31e9184a55cf02eef1baf7240 |
| SHA1 | b8825c605434d572f5277be0283d5a9b2cde59e4 |
| SHA256 | 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9 |
| SHA512 | a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5 |
C:\Windows\Fonts\OpenSansLight.ttf
| MD5 | 1bf71be111189e76987a4bb9b3115cb7 |
| SHA1 | 40442c189568184b6e6c27a25d69f14d91b65039 |
| SHA256 | cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424 |
| SHA512 | cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061 |
memory/4912-164-0x000001D0BC450000-0x000001D0BC472000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | 55146e6ee37f253333c9a19218b533b3 |
| SHA1 | eae5322bddbe03d3fb2030cfd70b414fdacd5a04 |
| SHA256 | c9b46ee315bb0a68ea051b5b1af03e1519b0a45619486b6111bebdb72b1e44d7 |
| SHA512 | bc694af114d89e6c51780180d514169d3b1d69e39a5f0b3927dff096309ba8134dee4042485bbd7536c97922f3b7ad907e0e968a26e36a8b9af749008492aaa2 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | f87e9baa2650b0db949823922e120439 |
| SHA1 | 4795eb7dc1f34b2c4478f7cc31fc6cf968ebf19f |
| SHA256 | d64f22fe749e9836f1c9f95a11ac88254233cf48bd5533cae0532a995afd71fa |
| SHA512 | c2d7b038a2e728efc409fa1c2c0a1337d4c3d30ab71885c058fc3e228f01473fd773b162636d7855c72a8ee69efe75b847182c1b469e89fca6c83c569d193985 |
C:\Users\Admin\AppData\Local\Ambrosial\log.txt
| MD5 | acdcc33dad3e2e931da9f5d8014796d1 |
| SHA1 | 184cce281a830de664ef10803db1c8559572eb2d |
| SHA256 | 14bf2758dc5b86d058efd01a11da5cc8a2480b9405090102ddb1baf219c4dbcd |
| SHA512 | 1805cee4a4975bd3111a841ba299456b812e5d94a628c8fd8e550bc2e2b9059f9f57983a86217bacf4567cceed2758ea0510d007fb795a5613d701a035351b65 |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png
| MD5 | bd127f237b3f4a794308fc3576b495ad |
| SHA1 | 0a2ff256aa76a0deb134315e4a72844dabb37041 |
| SHA256 | 59b60c0cd0e2f058fd06054fc3b546151c73930dfe605a2fb08dfd21086e6351 |
| SHA512 | 2ac6ddd8e824017291c0b145434c06fbc2329135794eb6427915873ce940537055565c25cee03f531f862c931f58fc217d475ee8027e26a736e3f8ce46f4d8b6 |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
C:\Users\Admin\AppData\Local\Temp\0e1a63fc-9228-4b4f-96fc-fee060f96e92\GunaDotNetRT64.dll
| MD5 | 9c43f77cb7cff27cb47ed67babe3eda5 |
| SHA1 | b0400cf68249369d21de86bd26bb84ccffd47c43 |
| SHA256 | f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e |
| SHA512 | cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7 |
memory/4912-372-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-371-0x00007FF992520000-0x00007FF99266E000-memory.dmp
memory/4912-373-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-375-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-377-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-379-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-381-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-383-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-386-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-385-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp
memory/4912-388-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-390-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-392-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-394-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-396-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-398-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-400-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-402-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-404-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-406-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-408-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-410-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-412-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-414-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-416-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-418-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-420-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-422-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-424-0x000001D0BBA40000-0x000001D0BBBE9000-memory.dmp
memory/4912-425-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-427-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-429-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-431-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-433-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-435-0x000001D0BC880000-0x000001D0BCA64000-memory.dmp
memory/4912-440-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-1091-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp
C:\Users\Admin\Desktop\BlockMerge.bin
| MD5 | e43444c9463ef9868ef89c2a227cf4f9 |
| SHA1 | 88238b4f223476e8cabcd87645aadd41c6728139 |
| SHA256 | 6e71f928b09d8d298072ab877c73a295f62bb5883499e4eacca20100c3e21166 |
| SHA512 | 3260ac0565a19b676f660c7f5e965f8d084a07ad346b1ce02d00c381492c6d9d6db5e83ef6a28f4e64a5d227e3dbdec39c2aee56289f989c32b349beddea71b6 |
C:\Users\Admin\Desktop\JoinConvertTo.odp
| MD5 | 1b41b825afdb6e5827cc6c86a2bda82b |
| SHA1 | 6c438f98a12efbeebd6f4388cfe40a08425c272f |
| SHA256 | e4e93fd1d44e869379c6c7e838544899e6a8c8f84dcaa39baf3c6a6df4382c0f |
| SHA512 | 89ffa1ee14e97c12333ffc0d08efbdef23d79ea7f98388220fc3c13a84db0c2e83b1f1cd00bb8b55d84d53a91bf07fef59d4810fe3c3dcc0d3aed786910f7454 |
C:\Users\Admin\Desktop\UseEnter.jpg
| MD5 | 34d9d4b3bdc86cff89fba633435023d5 |
| SHA1 | c24b43c41880cbc2856c783667ba9398a423ae13 |
| SHA256 | 251046bc147bfeafbf89e417109643e15c3042f1372adc5bb423bfeef4f960fd |
| SHA512 | 25f756f8164322399dcae1e8f3fa0604d97b38369abce68815e6c137679df10db481ceb2a7c00bb1b26db8389bee4d28a8bb3136897aa18caf0fd3aa4eff23ca |
C:\Users\Admin\Desktop\UseConnect.jpg
| MD5 | a655e5a1138337ea2ca307bba9db0425 |
| SHA1 | b8b6354c82498cd5be34a105812c5502dd40b401 |
| SHA256 | bdb8d655efd5e10e0fe9b1e30a5c78d7d7815354c77970f1b5d23a338120329e |
| SHA512 | 52e956f2162268e5dceaf9c2b1ae39886a66b3598e669fefa0db8a0d314ab3ce98ef73f1202c98977c3b08c1310a6917f0074cffde6d5bdcbf40dd7d194ecaf3 |
C:\Users\Admin\Desktop\UndoRedo.rmi
| MD5 | 27448b614a5aa9eb2b5b240e8c55df98 |
| SHA1 | 71bbcb44c09a8e17a796e47f179bec39157f74db |
| SHA256 | 4af8163a442f0620745bb6cb4cb1cd97753d561afb7042225dff2830a53a76b4 |
| SHA512 | 26c068b5160bb5be4abe1089213f1199cd632dc4c881b2cc106b95e9c0b311d6c76c89775d4d6bc8210cd1340e920cd0cd14afc809d8cef9c2e4f877dbb01894 |
C:\Users\Admin\Desktop\TraceRegister.asf
| MD5 | 85b7ca72885fbdb1fbb0564e9c7fce7d |
| SHA1 | dd530cf190fa3bf7a6ae5b315893bfcc0298daec |
| SHA256 | 06ab15c798a7df80446f8392f3fb735bec1b6c10808a451524d9572cfad195a8 |
| SHA512 | 613c71557bde172367d61744b23f65ed09013d41d50cfeadead4ef605d2bfd9dbdb9a7cc04d50e015e8fdf494b475cac035a732b60d0b9d5080e4eb0d28e80b3 |
C:\Users\Admin\Desktop\SwitchDismount.dotm
| MD5 | a3171d9abd887e37b935cd77059e940f |
| SHA1 | 674e62b9a0868ba3a55aa0c27a3fde49400a7e8f |
| SHA256 | 77bbc42c53ca9edb0ed09fe588ecf9f01b290cae35ffb73080f4bcfcdf348286 |
| SHA512 | eb8556c6b347ad0ed7cfcde6b844e683b3c2fcb27f7e438da066cf0efe24e89053ffde81b8397e1b07438997d4074b861c373ede670d6a1d77a570787e84867e |
C:\Users\Admin\Desktop\ShowUnpublish.vsdm
| MD5 | 2220530099ded132241957d53f3e6d88 |
| SHA1 | 443d945cd0d04447782d0730d0f6b49fc06176c6 |
| SHA256 | c8a31cec2de6c0dee4169013b8297b5d322a1e94009719f409834cfbb55b0977 |
| SHA512 | 6643b76f6f05faf9f25d8bf7b36328b9e8d331379b34fc0c0cc56941c7fd0797b760bfa9b6c8923be3caebc26fc799bd111b30bcce6c7093bec5db57b42ee759 |
C:\Users\Admin\Desktop\SearchUnprotect.svgz
| MD5 | 5b7fb32006e1da26af4b8f2cf3df8e1c |
| SHA1 | 1b5a65504e56ec91f9ce5ce9721b93f74ebe9274 |
| SHA256 | faf39c5616580a0801e7773283395b8e89d0d8bbc4d8d57f4066a8e05e289cf8 |
| SHA512 | d77319bd4ec3150cc6d587f92ab6f75d0c5b24f8febdad9451151e48aa1bea4798b036ccb14abfe9b32365a16daf1bad65f5a3b25ab5ad6f01fb2dcd6ff45bbc |
C:\Users\Admin\Desktop\RedoReset.docx
| MD5 | 1f41d67a461dd51083b6e242a4336946 |
| SHA1 | d9f183b90f438c29d8c7a1a30c7df64fd9d74921 |
| SHA256 | bdfda60c7ec8fceedafcb24eb883e3906593aaa4e2dad341727964e3798931bd |
| SHA512 | c24d1fa76f14e1f2d3c9feb60545339f2e57a037b34d74240a814db6c3371a5cce8df7d38fbc675e82aecefef6e693614c2bac91fc7efb70c09541a4ef2d44a6 |
C:\Users\Admin\Desktop\RedoDismount.jfif
| MD5 | aa02d974b1a7df6f9b9361b1c0d08593 |
| SHA1 | 59acc21101dee894c19cfabf1d0db26c6ceb65d1 |
| SHA256 | 7e920b69b4deb06dce7332c9c023f53f37cd1255cb9d77744c1b2d78f77daafd |
| SHA512 | ee3d287b0de1f745a9db014f6ae410e8f1233a1712e851492cc9ec7c2215f42bd7e50f8d5b34b570971b8b2992771e4e83c52d7e6efdb517692f7b897994e4b5 |
C:\Users\Admin\Desktop\NewCompress.jpeg
| MD5 | ff0a4c0526cba27f958608200182845a |
| SHA1 | 811ef95d1ac490386328ec24e86b7014b2e007b9 |
| SHA256 | 98f7fa1094b54bfb0127a4a4d2c305dee047739baa6d2cc7cf87d53ea532772c |
| SHA512 | 9828d591809119620401d667d50257bbc6a440a98e476a9d676fa00da49defb1f914ddacf58e4355db5839229e57c66f3441bc24b7d3811a0a101c5bbe253d4c |
C:\Users\Admin\Desktop\MountEnter.wmf
| MD5 | 18fb19a22c218d29703cba13f3708869 |
| SHA1 | b52de8ce207a5640ddbccca0c6966281addb807d |
| SHA256 | cf42394d4be050fad0cdd2620414842d2ccbe1835aa192c2e9f0a95044b04bcf |
| SHA512 | be8ac811f7198929d1db1cd2110c5cf0f8a3f2f78886bf6e1afe794d9142e1f36456d0079f84438059622416231087bc9b9af3c0d6ded5d91ec5886e65a314e8 |
C:\Users\Admin\Desktop\GroupExit.otf
| MD5 | 09279a6e57a15378b4410edd15484c69 |
| SHA1 | bcdf46c53fbc60910ebd51a91a586b12bf5fd7dd |
| SHA256 | e507dd9e5894b9677bf2dcd55f01dd1591fa1d6300a3c65a0fde433017f9cded |
| SHA512 | bcb9777fbf38a803cc78fb30deae14adf68930b7f021d931f51b59dd2a05c7ef721e2be34c56acc8b9bd27a41ac58a1c7cc2d8aedaec5f405a1a3fca53ba61b8 |
C:\Users\Admin\Desktop\CopyStep.sql
| MD5 | edccb93ea6a29d7dc960d0da26147a3e |
| SHA1 | 5ec24e24f1b43c180044b794988c68c3e30e9f02 |
| SHA256 | 813797375fa69ce9f2751f94cd2df74eb1b2e30359e436557d367a87b98b495a |
| SHA512 | b5cc0a49541ac2692605992a8918da9f2d3b4cb344f26d2819ed3a6467d82bc3f6cf5a4e31438a7eb2a8414b244583cd15ffe06d56ec87289e84bf4faad2cdff |
C:\Users\Admin\Desktop\ConvertFromDebug.dotx
| MD5 | 7adde9cee4c62cdcbb28bcb2c25ae45b |
| SHA1 | cc30fed07f1d641c43dd235393d75d895dc0eecb |
| SHA256 | 151586e9abf3b0518e5ca93a172696bdcecf72691120dffdb27fdac9edbaf852 |
| SHA512 | c19ae7526c6fed25a9dd4b9aaecd52c7f52ed8e3d78e1eff270c213dcdf6976c819a63251dcfb9e25b639650fd9d1621d96a0fb2e34ccb0c73adfb934e00a4c3 |
C:\Users\Admin\Desktop\BackupImport.mpp
| MD5 | 53e81062d6d0313b54d2623c099a0f7f |
| SHA1 | 02a14bf4ac34e47f010a0a89559de2ce71be08f9 |
| SHA256 | 0b94890950725b115bd06d3491194280a37d7ae812b0d4a22f1565c9127d96b5 |
| SHA512 | f79291193dc9534bf64e858e0f209d6e298a45291c987f723ef71b3a216599db48e2726a7a0af60e230ea65996df3602262d055ea669996f0203ce849dbad4ec |
C:\Users\Admin\Desktop\ApproveSwitch.mpeg2
| MD5 | 2c1213babdff4afe7f0f6bf04b64df4b |
| SHA1 | b6573d73b2158de32552bc4365c84c64c1f7c67e |
| SHA256 | 548294397665f3fce5538ec5403bb2ffb22efb8ad02002069743cbcab45a3d3a |
| SHA512 | fede4cc90303cbe85f391a6e06e100a6b995d480e84f85e2e27c3def57953a8491b0e219483078f4d8e775192ed9297ed2620977aebd8143590ac0d371e857a0 |
C:\Users\Admin\Desktop\AddInstall.pub
| MD5 | 9a4e59c459c241a6eb483912b8e1be74 |
| SHA1 | fe863c1e5703f3bae0dbd1c1e51acd01c5349cea |
| SHA256 | e76e3ba8da354a14f4a7c8d756eecd3970ad68ed598bec0bfceaaad5d84f3be2 |
| SHA512 | 3e90e5306f71bdfd1c139cdeaec6adede6a1c60921acfdefbf51aa817367010cce9462e033f47aa76244993af5c2cd0c1b095643a947ac29bfcdbf00cd1caeda |
C:\Users\Admin\Desktop\AddExit.jpg
| MD5 | 63acbb9d523371e31f5655170e0e8060 |
| SHA1 | b95fc8ed2243cb64a7a67753ba4cef7577491d5f |
| SHA256 | b9100c3796140b27e6d4025568705bafad9e7802e9e2a18586d036a5d4946c72 |
| SHA512 | 92f8ebaffe65d766993656b6b11f76fde7b29304b86e4e2d061fed6035f8d33532259164bf8a1d1c2c6b702ab8f2f5ae3d5332826b4a25ae9ccc822545c1ed8a |
C:\Users\Admin\Desktop\8uhgtghgj3g834gizn43nzug43nzg34nzgz3n4gznu43gzn34nzg34znug4znug34u.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 99c64202a82b95d1f0f0c1bb8e32590f |
| SHA1 | dd134bf660c199dc64b3392d3e45022186f94a81 |
| SHA256 | 5cb19e8387e817db33da3a1febd93dffcd4407ccbd996650e202ab6e8a07bd8a |
| SHA512 | c141120ca899380c38ae95be69e166c22802af5456939f30dd2b2b92959c82ed07b37b444e0a1f26322459ec1f6cd29e3228b825a4ac0af633edc49c74e642c6 |
C:\Users\Admin\Desktop\WaitSelect.3gp2
| MD5 | 9716ab5ba45e6cf456aea1490d06f46b |
| SHA1 | 1b55fe851d07618de27bdbe626ae57bc6a6aba0a |
| SHA256 | 55a6e7525eab46d8bc076e90d24abfe3ce647e2e4dcfb28f69839bf307f2ab8f |
| SHA512 | f0d207622b014f3ef2fe8bc2751d247b36ac9ec98a7cf3112ddd9bec4e274c89cc2f17da2d8485674f0fab641fa92a933ae36f8958ecaa65298cb3f3aeb26860 |
C:\Users\Admin\Desktop\StartTest.png
| MD5 | 867641c0b68de2eff22b8cb34f763ad8 |
| SHA1 | c19933fa016d2a43ea44a696048b0b44ae9bc3b1 |
| SHA256 | fa4aae8f76761022ee802349bdf7b6fd151d54e72284ce6f2798cf44e41fccb7 |
| SHA512 | 58ccb725b0681bd9484d112e26e193bfb26b9d790521bc29021397d3dbd78b9f9fc8a309d48f37527a9349aade50b899352e14151c717e23167b5cd1a722e168 |
C:\Users\Admin\Desktop\MoveFormat.search-ms
| MD5 | bad438bb5b9934aac9a16d0e015c1273 |
| SHA1 | 5306040b7a06fa933b9a2f2466e06b7ca4c7e95a |
| SHA256 | 94c3138ddb565f04a47cdde6df020abd665058ae23ea9c929501333bc9502a17 |
| SHA512 | 4464691766b79eec5b8c95c30bbe8de6588e69a36e9c7985ab97cb128120d828ea30f9b10fcf9daae9ef8fbcf483254d5b539f946c64142ace33208931ec4adc |
C:\Users\Admin\Desktop\CompleteImport.mht
| MD5 | 6a88da2d3763ce5d784c195ca1cd2ae6 |
| SHA1 | c620745cb8afb19b6c6d4ea099f8450a74292fce |
| SHA256 | 2d93fe53488146b5e67aa9e242d589117b2a7582c287dfd6090538582d93ea8b |
| SHA512 | ae15b14f7d3627557d9f8b0501292745dc2731d35af38e23d6f414a41c07e1e68b485c3eb04203ca560ec48d637ca9aa86298e545969440eff4b9fd0e295349d |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | c3150b24d32b05dd438288e34c58133d |
| SHA1 | 1898d86f227969712d89c89688159d9e869f2858 |
| SHA256 | 3c38bc3ef9702824c36c8ae8b56948ced94425ea8d3064318be55e065c812198 |
| SHA512 | 13ee18a1d1ef53a4935e5b3d4e038588281425e3cb2578fba92e70c2db29890eaf65f4218b247ec9a18e55565aec2c81c3a242fe93c3ce14463142df3922a021 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 2a95aa4bf5f33b4b64da24ddb38a44d1 |
| SHA1 | 456775523e3ee3848c287233c885b8ebe523aa88 |
| SHA256 | 065d7612c168e525047c78bd9dc1d72ad8603ed4ed9ca1c4cd166539ce254f59 |
| SHA512 | 198a474b75bd5c88d45cbde9f3f546c0742d8697299c47e09bd4c84ef386a7f263ffa564c576a0dc3e15a628dfc5755a125cd08f6f8896f72aa81bcfd6d18baa |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 3238c410c2b7a16f3741f50dbb22e8f1 |
| SHA1 | 70cc81d5df03c13517f70b674ceaa2ba5bd00f4b |
| SHA256 | 7fb95ebff254bb0f94bacc4a4e3109201263803307e5cca51b792d505aef5111 |
| SHA512 | 063e87dd589e15771d6d54ae67d1b967fe9b1f8ac3db44d0dadf1ed50c612bb7f315c429be06ba00e69c64c41e82252e7bd2b2ca679f47364ead1e5b8d51ff20 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 6a3acf7402f24690ce39397854b94a7e |
| SHA1 | 4b5f5981b771b2eede6342ef7603fa76f01da8b8 |
| SHA256 | 8518868a0b81566e363f8b24d2a155b265099af99d34145abf7c530a83444712 |
| SHA512 | c26ac25be35c5dd01141978b7e71fe1f30a6dc44e06bf8b34f6601bec2286d1691480a51b9470ff89fcaf087c4949c9531d04a10804b1fb4fe904c913eb2cf94 |
C:\Users\Admin\Desktop\Pc fucker.bat
| MD5 | 0745b02931d69fcdfb01a50a8c1d1cca |
| SHA1 | 4e96af16a85b6dc4161918a552d9f0306b5dc666 |
| SHA256 | 9225694471ee8194a14d664970c91fc0ec19d626e12754d3f7dd7ed64da2a8bc |
| SHA512 | c7b60f2c8fd7d65d9e013f5bcdc039c98a8cb85b3c9644456387675f0c4506b4269f45a53e7f7d01b7a5ba0448225e1cd7733575143b53360ef7da039f170375 |
memory/4912-11356-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11357-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.17.201.0\Zephyr Classic\launcherAssets\yeeee.png
| MD5 | 8a377c03e02f15ef0397d89f0506ac8b |
| SHA1 | ed85c391fe70e991d2abb24bbecb0eaaf0d75552 |
| SHA256 | 464d8afaf7dfa366b71049d4a3c8273cdc6e70a2062a7d23d58481d1f47b3006 |
| SHA512 | 349e088683abf61918d74b897cdf7516e07e4b301402aab9c2d6295b0100883e0f66b32634cc25a1e1ea378b9994084f3dac652457a72887b7169dbeab1e6d90 |
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.16.220\Atani Classic\launcherAssets\ataniclassic.png
| MD5 | 136ad703ba27f07a2140a419078b4cac |
| SHA1 | 8c020948fa0e2e7eba3a0fdbeb916d219dc225fd |
| SHA256 | 0663de9371c6be579e7e7cfa4c053b3de3c00d3de1c73778f0d5756a69eec77e |
| SHA512 | 7e3ca0bd104c7068c3f12b55f62b98719f4b20757f924ab7034436abe9f905c8aca169b81c21085e5dddfc57c8887df02dc4b767ac65796e836a80041dda7e9c |
memory/4912-11483-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11485-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11484-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11487-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11488-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11489-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11490-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11491-0x000001D0A21A0000-0x000001D0A21B0000-memory.dmp
memory/4912-11522-0x000001D0C8390000-0x000001D0C8490000-memory.dmp
memory/4912-11524-0x00007FF9A53F0000-0x00007FF9A5417000-memory.dmp
C:\WINDOWS\FONTS\OPENSANSLIGHT.TTF
| MD5 | 1bf71be111189e76987a4bb9b3115cb7 |
| SHA1 | 40442c189568184b6e6c27a25d69f14d91b65039 |
| SHA256 | cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424 |
| SHA512 | cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061 |
C:\WINDOWS\FONTS\AZONIX.OTF
| MD5 | cdfe47b31e9184a55cf02eef1baf7240 |
| SHA1 | b8825c605434d572f5277be0283d5a9b2cde59e4 |
| SHA256 | 51a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9 |
| SHA512 | a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a3646d896ff1918e70cc1bdf8c87869e |
| SHA1 | c14ae8cce9fa0ebea70ab7b5566ad5a7b6ab2c93 |
| SHA256 | 7b681367f2b831e5cdc069c915aff9c647f3bc3b565304dc17694d2313393678 |
| SHA512 | 31a51abd43a164518c9c97e02705c10d5043b00db9c0d97da9e3c05a9511b3736bfd1ac424f4d63d3fcd4f9308e5e393382e6b6c49276fec2d87d095e9e21fba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
| MD5 | 1984b45f201f1fd79d2154406648433b |
| SHA1 | 42f082dc6d4d43333688690bf4dfa7c7f8b618ab |
| SHA256 | 000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9 |
| SHA512 | e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | 87222f4352c9a66aac4473d16ebdc70a |
| SHA1 | 4cd6bb25c6b020a20f65ddbea7361ce1a66a101e |
| SHA256 | 872b35e939a8a81f2a83190cbfa90d3b72e5fc9d106a00ca6a35a626096b226a |
| SHA512 | 8d4eff29acef6308c0d7981b934118ef34a956c5358b4d00c6d218fe6f3fc488accc38b13d2c9bf4e56cf829f09961948a672068fad62a5e054b66163e1cd7f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee8a10c2201ba6379e1f3cf39efffcfd |
| SHA1 | aa563f05e9b6ce06b12a3ed883c01ee946a9ce04 |
| SHA256 | e633cff6aac45cd8fdd842a1b808b0b4b413dad89f44b498d6925355ea4713ea |
| SHA512 | 2453f4a5d1e366d9d4068a511029e934ac8bb48d91fcf1e840c2f01059f972d590f60a088b3988971ad98a52a51cfd7d3e6c7a9c650ecdd8b2f3643504d6bd93 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19359
| MD5 | 9f6fe0fe0a95c8be7b13ed5328978ab6 |
| SHA1 | c7ce16876aef41d7021187d196b2b680e435ff9b |
| SHA256 | d9848a58802f2c6b74fa2cb7ebe4193a23d7ff3449a1ab3ae520ab0b5e267ea7 |
| SHA512 | f1930359a9b6eb2f288556605b714a1e0fc80a016861ce98c4654fbe2a1220d596b9cad99020308d413b2afef59c0b8e3719f59b9a25f405e0e0fc6c7dde176a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\15028
| MD5 | 13017e5c7b5fc8feaf6263e7d2721047 |
| SHA1 | 6e27df87467963bc39abfc31158dc5852695d264 |
| SHA256 | da3db9bcfd314f4564f0b5d9a2f0e8a782141b60c3e69befa8db35e4f110f09f |
| SHA512 | f728686291fbecd9ba96ee08ee1d18ba1b264b4416760ba61c280dee8e340c4c81b277e27c1e134c1ed3245a6dd1a801d32ef81e1437d939f49797134ec79f6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | d0c3bd97aac8fac0033c55ae1a7249cc |
| SHA1 | afc06514f3b77977a9a3fb6f9dd3a0aacb147c15 |
| SHA256 | b14437cb5a75336f26ba5d9f471baf225eb567f234c8b2f25a7404958054c5ae |
| SHA512 | ac113e8114d5b918fd5021f480717ba6e91d8c0a827ff5b1d53d2e0b7dd6c0ffc3ef6785c930865e24941e31f6ded1b9ec5e1018ed8ed1d6408fbaed4794d719 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\9104
| MD5 | b1d0b5c0453694541f53b52dc9d23c62 |
| SHA1 | dd0fcf39c1f8a8a3b156e210f8960762151f94fd |
| SHA256 | 0f5e8d17ea73de0e148cc7004a526181d23e476514556e40ea65642b6ea9e818 |
| SHA512 | b25f860150d82e66f72e635af0a102d9b34f761afa3d2393c083bb6d85ed6ffe80a76f26308b8efeaa94b6e6780ec995ddacd0593688e5212e13ebd259178783 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\2573
| MD5 | bd81189c881d034b8b35ec1d1ce45fe4 |
| SHA1 | c59a4161f109035026ad7fcd569dbc94d4e4e3aa |
| SHA256 | 4c5a5299e68119161c44983a220b762699839e73480ab7abfe84f4cb6c98a824 |
| SHA512 | d3dd8fa1553ec53ae2272ca74424f94e28118e43d88a2dcea88a00f68d1a91079102bcb956a0e773af71956cf15633a265143927b6df4eb8a5ce635f516519fb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\12551
| MD5 | 750ebe747605002f70de788b0aea1598 |
| SHA1 | 90961227f4bfb5c4aaade640e4b690be8ffe08b8 |
| SHA256 | 893475b988eb4616d0844f0e817b25d53ecac3b1e579e5a9f261f72f4d4b8f72 |
| SHA512 | 430d84bf0fecdacc4c34d601680a8259751b00c191f76f9dc87f64fe22cc451391c597eb1e0b467a6cb9dfac481d01bb6187ba877dbec95f082898011d6d8cfc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\31146
| MD5 | f54e8ee24f45e863940614d69d52a00f |
| SHA1 | 4e47b87016d0675885cce016d4d723435b380809 |
| SHA256 | 6efe6f0f37567b7a0ed783ea4febf9471120cbc3627b421f37a4c45f6b296d6a |
| SHA512 | 56e1cd436c672c08ddfe9930f82fdcdbe6d4bd0a0a89777b5160218b15012fdaf802f907f266f11a33159b4e064691df8d92d5deb55052266271b41fa63fad1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\25334
| MD5 | f53c5998b1cced98c105716cdee75cf8 |
| SHA1 | b00fd7681d812836d3cb46bf50699cd1164cbdfe |
| SHA256 | 23a0880fe0d1132e272734c076d0e8d895daba02454c069e695fef0c6badb6fe |
| SHA512 | 6f116e3f9a07d1d42cfc5e13c6e31e6a962f449730ca398996ead3c87cd08b406979efe8d5e5a45ec45d9e5d56424d8296eedcbc1efcdc1466b1b14a2bbc38bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ec1fad3625d765d2ec1d0afba2c96236 |
| SHA1 | 7dbf6d926db2b8345f035f00dde6806d19ab85a5 |
| SHA256 | 8554458772524ba48d43bd719767a0d8da1b36bf2c81fa3d9be08aac0026d1e1 |
| SHA512 | ca8d6895e9e9a026158fdd7647060ad0f944744546e891b95aa582b5d959e0d3c7ec1911a8b5245897dbc46e119b03e064da9b14d0a4481327a1462ae42844b7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite
| MD5 | d9f79827fbea7965691660145d77ea18 |
| SHA1 | bc01d53a4525cbebfb848d57094aa608c4ad4748 |
| SHA256 | b1a56e21651a04daf8ec85033e4a1919ce8a1b4dde896100dbde762b47c12d5a |
| SHA512 | 63f16053c096c98a165b5433507586a360340731a689a50208b4a42c3ab71f1ddcb9310b58ea82b06cd437fb8be34c44767aea2410b7dd730ad8d829d0955bc7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | f532567154cafbab872382b9c07acf63 |
| SHA1 | 204d4bbd14420f3bae347a20bcd47199b595efd6 |
| SHA256 | b52e10cf6f60e35733e860e70e88b108b9ad4afa419dcc31cdd81e811e0f86be |
| SHA512 | 06e1e38d1149534fb46795bddfc8ba15ff9bdd2835cadbf07621edecc0e915edb3e66ed5e718438be61dd72b586d5af9cdcc36e6ae94faa7bb52ee43461be712 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\10048
| MD5 | d9394c05678a8d1ac78bfa50ff299736 |
| SHA1 | ce5af960e1db3be42d48373f266ff1c0cf6fb39f |
| SHA256 | 31a896d27f5be5721d2f43c166bc9583ebf98eecc0ebe7c3606c0717bc3893a1 |
| SHA512 | fa7db9297dce0a6b61de935172ed15bb87f8cbb7ec4e229e9c5dc116428d00584bae0b00e327adbe261e422f9e398354c48e9ea93531f88f053da4f9c8971e12 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19003
| MD5 | 025f216aa5cf1de8e04640667944c7c9 |
| SHA1 | c4d36cc7de4313ebe8bb5b6f6728aefc15fac01d |
| SHA256 | a26c1bf434a59abe08c2eeb0890e064fb9f9c57ba2cbe4db7f4a50f86dc5f652 |
| SHA512 | 4bf34d548cfe65e04ab78b735e445def664dba6c68711b59989e84b40f751ca9ba1075a8518265a4ba7796c53f21c25a48d12ce1651047105b2c6f009e9c98bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\11126
| MD5 | 7014326953634d52652a757cd900ba88 |
| SHA1 | 9b07cedf0eb337c80920d224ef2816c0339970be |
| SHA256 | c5b050977463dc1b97c7675ffbc305c31fefc90f685c9e1be3fec91539f17753 |
| SHA512 | 4ecb9af4c4a2434a489d88fb532787ff2ed53214d746329e43240e14774e8184c73f474fdecc5f4c052c8be4df08b5152954aaa3b929cc3f112c19a9ab165783 |
C:\Users\Admin\Downloads\bitdurtsetup.9soBDGVW.exe.part
| MD5 | 97c85c57ffdc0bc652bb9ed8d494824d |
| SHA1 | 94dee39299f76d86ad7fe8f27cb440301fc9f54d |
| SHA256 | 1fcf2e00c9ae12d47c1c58a51b08ad32026422fee479c2e6af7305aa140ae35c |
| SHA512 | 89d068f61541e2645500846f7bdbabcdba0d79f8f1ed07a1166c85d1f35c181ba74a2fd80f4c7b0b16e0fe636ff8011ca9a62c166d34deea6eb79357f65d37a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 9e5fa8a40e2bac5d0811229ca3472a24 |
| SHA1 | c201564d5a2e3f8b9c787d674e5135d01b6fab4d |
| SHA256 | 8601b2f5cb216dcc638009884dfa3ba2f6b807489674d724a30e0e5afb55bb4a |
| SHA512 | 0cc8279ac9c63902ba3a5ab847a4a8468098bf17821bde356eb34462b96468179b6cc6c4fd453432100337da6c2e9a2881948922abadc2d06fc4a22fc7707954 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | 6f98668d90519f684e7d82b198a66c20 |
| SHA1 | 56d9d94a562061cb495776d5732edaa8b6d402a8 |
| SHA256 | db2362307fd66112d8986bf82813e556715dcc6172524b22c461fce0aaea8adc |
| SHA512 | 3227ade1cba96b3635ad39109f086e4a08c2bdeb5532fad5fe15b592c4bc6fd6685234ea46414014dde14a7a1ab3c8423c8e77aeac03788841912e6d88d778f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | 68e4f72a931585db74553bf31722603d |
| SHA1 | df8302fc3fc4672e87a9a6954f0e871e97c29884 |
| SHA256 | ae6ce12b71126436e04ebc3bb914691ee914952eb9ce407a0e7a4c4822c0f311 |
| SHA512 | c0709eb5bcf1af7a8496fd5bb2bd2335eea2e21a323e2414f135cc3e84a457f02747dc9fd9bc44391db9becbf1e95eecfb43c639561703b2b5084fe15282c324 |
C:\Users\Admin\Downloads\bitdurtsetup(1).exe
| MD5 | b87fa95f852231008727e857ae71bfcd |
| SHA1 | 493ba777bc8bc6b10816ffef668d1a88e94a3e68 |
| SHA256 | 6c7aeacd1744feb85b196077fbf4cf80d7b2cbc60c58b33452c93b696658713f |
| SHA512 | 35cdd6089b700c45f203ea6b6fd011c4d77a68a81d9de93b66abc7b789e1eae772da55e49f3d9c60045538f219facf76d15e4654c344076cb5f45ea1e1e97e88 |
C:\Users\Admin\Downloads\bitdurtsetup(1).exe
| MD5 | b87fa95f852231008727e857ae71bfcd |
| SHA1 | 493ba777bc8bc6b10816ffef668d1a88e94a3e68 |
| SHA256 | 6c7aeacd1744feb85b196077fbf4cf80d7b2cbc60c58b33452c93b696658713f |
| SHA512 | 35cdd6089b700c45f203ea6b6fd011c4d77a68a81d9de93b66abc7b789e1eae772da55e49f3d9c60045538f219facf76d15e4654c344076cb5f45ea1e1e97e88 |
C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp
| MD5 | 5f87b09f2d406385c943236fdd0c1dd7 |
| SHA1 | 3373304e61f4eb3b35e20569d9faf27763d8d4c2 |
| SHA256 | e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3 |
| SHA512 | 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063 |
C:\Users\Admin\AppData\Local\Temp\is-QSCOO.tmp\bitdurtsetup(1).tmp
| MD5 | 5f87b09f2d406385c943236fdd0c1dd7 |
| SHA1 | 3373304e61f4eb3b35e20569d9faf27763d8d4c2 |
| SHA256 | e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3 |
| SHA512 | 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063 |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll
| MD5 | 9806a1edcaa83c90ae83f6fb325a73a7 |
| SHA1 | 7c309e62b1c1450c9eaa394b531f428f1289bb2e |
| SHA256 | c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67 |
| SHA512 | abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll
| MD5 | 9806a1edcaa83c90ae83f6fb325a73a7 |
| SHA1 | 7c309e62b1c1450c9eaa394b531f428f1289bb2e |
| SHA256 | c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67 |
| SHA512 | abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d |
memory/5696-12948-0x0000000000C50000-0x0000000000C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Apps876\promoapps.xml
| MD5 | 3ef759854b196c3caa0e6efccfb72766 |
| SHA1 | c74bb5befe9ef463c8a2b34d14088c6cea811cc4 |
| SHA256 | b2ed68fdb361d57ba5540016f860e1cc2ca4aab26456564fba98e94df8027da0 |
| SHA512 | 7f3df8d646453583cd6b433e9bafdcc66b07d92723e95917ae820efa59bf0491d48b4fbffd3c1d8954c987ef29710012321c76b882687be2a207d8d24970a7b5 |
C:\Users\Admin\AppData\Local\Temp\Apps876\gtipinfo.json
| MD5 | 0f75fea7da573d1ebd8a6994dde3cc8c |
| SHA1 | 22eef46ac33c93bf46ae2282a84ada6df82899be |
| SHA256 | 07241f32aed63734011637aa9c5448e87df0d1fe11ad82fffcab643a5f85813b |
| SHA512 | 4c688013f47a53fa9b444303bb16220a61696d7eec42f40212554b29dbdae010a04cdc0ac32c30acf441ba7e08b57a96fd42d7d54cd399862e9e2241be0f6782 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | 0288810df402213c844ddcc566efef10 |
| SHA1 | 364a0dbc7a3e46cb384f2a9fc32a6d6dbba5b11f |
| SHA256 | edd61b6e2a026430535647484967d1a5becab1ec90b4214d3aaea89e6144d6aa |
| SHA512 | 3d451f15c58f630fc64a9735b689964caa9a7ddc62e64c7bcfdff04591fbd143e39f01dc03e31e68032eaaa3836eb4dee8f34803841bcda5c1103dbd8ab69f08 |
C:\Users\Admin\AppData\Local\Temp\Apps876\154_61_71_13.txt
| MD5 | 1d7c386b632293d33f53f305f910fdcd |
| SHA1 | 5a0297a254200417c32c714f677e09b55e7cf47e |
| SHA256 | 81f2bcef1011d9c68bce30b5994d4d511c11b6aa7d84a192b83ab6a3a8246907 |
| SHA512 | 682004d48a9270f32b0a7184dbd3c9a84314988d7eadc8c21d8505a5450848d77f8a55187e8b6c444b34c772e684796d240e1d3f0d9f856f5566ce7c584c8060 |
C:\Users\Admin\AppData\Local\Temp\Apps876\en_avg.bmp
| MD5 | e26e5fe9660082d9579bd032cd7a6e7a |
| SHA1 | 61dd028a58f532e125bbdda7f27ca9a03336d388 |
| SHA256 | c8e53c45b5972e8b0ffee4fa89d181238747212759ebdde7b497903e78ce7191 |
| SHA512 | 2de019b8011276079e1c6b69919031a77c56d541cab34bf1bf386b7b41d30898994cc9ae05b7e7ba39aacd1a22b6ad81ab63641c5e33768e4170ef7a006acc9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19038
| MD5 | 86e3704c24451a284dc68c6238815138 |
| SHA1 | d0b9424ce141e073903eeda2680b56208fdb6ea6 |
| SHA256 | a5b49f6273151c48778ed15e1f4c74ea9d450b99206f43c24fa4aea9cbb00446 |
| SHA512 | 6ede48c76bf8b7db60532a7d82194fa387162f72b89c31d7c5b01f8535bc2dadf8518e2e31e4643565934b98cbcace359db17ed59bfc66a3dac79050766d188d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\32247
| MD5 | 09cee3e14051f1eb993edb362f1f5213 |
| SHA1 | da7f32608977df4a55ee44c6ff074a4477a3af59 |
| SHA256 | 08acf846cb0d2ce24ef0d0222c79e3d1286965ba9c2c0a4dfe35af292d57f371 |
| SHA512 | 6414e4b92ba361b2c800cedcc0c13673105f7a68262d91738affa806c4ebadb695a62b571a2f7a3435ad17f27db27f31038313e4a9e0623c51ca002c7077fb26 |
memory/5696-13228-0x0000000000C50000-0x0000000000C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaNextAPI.dll
| MD5 | 4c93aeb01da51a5613762a11551e71a9 |
| SHA1 | 3642d36fcaadc796a4b16380577450d81afff431 |
| SHA256 | a98f6a7928b84616043af2691490829aa108be46a08bd209e086422716d2142f |
| SHA512 | 4ded40e5a45825decd9f182ecbea17eeef5600b483920d5e3e010f54aafdd049a4e3eeb8ca02502837cd89076b274ffa4bdde2bcca9518776c866503adeebffa |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaSDK.dll
| MD5 | c0767bf3e9d776ac14d4a7690751c87c |
| SHA1 | 1b67a3b025abed3ef6ccbd64143e0a8517a62dd0 |
| SHA256 | 8e343f727b78a4e706836eaf2525021ddb8567bf86d8ef2a209f719f93443267 |
| SHA512 | 38e2c8729719d3ea0a833c638666995c3a889d778f032034002395bae6d92c905846099d0b98a6b42dfeac9692ef086f097d43cfb068d5ecd4d441de7544b381 |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe
| MD5 | d4357824e6504254c9a15c72859b87a9 |
| SHA1 | 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5 |
| SHA256 | 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee |
| SHA512 | 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385 |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe
| MD5 | d4357824e6504254c9a15c72859b87a9 |
| SHA1 | 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5 |
| SHA256 | 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee |
| SHA512 | 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385 |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\avg_secure_browser_setup.exe
| MD5 | d4357824e6504254c9a15c72859b87a9 |
| SHA1 | 3f94f59f2fe5ebeb02a2c09de622cb8a5aa909f5 |
| SHA256 | 9c37538dffbbcc93247e86c342fe67ccd28c54510cbf92161b813d5bc81905ee |
| SHA512 | 3e68d248b48ba85814283023727f36c716ba1c140d0c174254891827bb358aabe69e81ccb219d90d24ad35768b8c6a131d927df89b8d9f501812becf32ea0385 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\jsis.dll
| MD5 | 465d5265bfe5b90f821235f0e13ba5e4 |
| SHA1 | da4d81c230b3aaa1e0dc891df8650e3a777da263 |
| SHA256 | ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d |
| SHA512 | bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\nsJSON.dll
| MD5 | 18662c1acb667a9db5fb9e90aa0f5dc8 |
| SHA1 | d332202bad869e5c71f30bd816940b262cf24603 |
| SHA256 | 608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66 |
| SHA512 | 751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\JsisPlugins.dll
| MD5 | 3f4f65c3551435aa4f70b23db238e027 |
| SHA1 | 10a50d1003a2da42b869527098758bbd0c5a0b93 |
| SHA256 | 3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f |
| SHA512 | 15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\JsisPlugins.dll
| MD5 | 3f4f65c3551435aa4f70b23db238e027 |
| SHA1 | 10a50d1003a2da42b869527098758bbd0c5a0b93 |
| SHA256 | 3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f |
| SHA512 | 15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\StdUtils.dll
| MD5 | 9a44ba9a6e36099d8058fed7feb1ca5a |
| SHA1 | 457679105484f604606db9b7cfc809240620747d |
| SHA256 | 445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d |
| SHA512 | 34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\thirdparty.dll
| MD5 | 080eea7a54aeb7ea3d016645dec05bd6 |
| SHA1 | 771e1b0fe952ace3d2af3985b0b8d06c65f4d902 |
| SHA256 | 84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4 |
| SHA512 | a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\StdUtils.dll
| MD5 | 9a44ba9a6e36099d8058fed7feb1ca5a |
| SHA1 | 457679105484f604606db9b7cfc809240620747d |
| SHA256 | 445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d |
| SHA512 | 34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll
| MD5 | 00fd199d6b8d08446f4862c31b191ca7 |
| SHA1 | b6ff09243cb10e34ed8efbdd822add98585008d4 |
| SHA256 | 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24 |
| SHA512 | fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll
| MD5 | 00fd199d6b8d08446f4862c31b191ca7 |
| SHA1 | b6ff09243cb10e34ed8efbdd822add98585008d4 |
| SHA256 | 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24 |
| SHA512 | fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\Midex.dll
| MD5 | 00fd199d6b8d08446f4862c31b191ca7 |
| SHA1 | b6ff09243cb10e34ed8efbdd822add98585008d4 |
| SHA256 | 1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24 |
| SHA512 | fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\CR.History.tmp
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\places.sqlite
| MD5 | d94f8ef7b0c89e7924e4cc8436e5b389 |
| SHA1 | a4fea46f9bdca50c381a89be9a0f4706d20abcf0 |
| SHA256 | 089ff6f933bbdc42c44eade063823a87d6d750eb9d06ab2466a7472fd08067b3 |
| SHA512 | 2dcb2b419231dcee54d08be3d338151347bf66b485c9a397a11b7418d75dedab64956512869743b6cea57ac27bdb57879fd3b29433b622ded6dabdc86d091fcd |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\FF.places.tmp
| MD5 | d94f8ef7b0c89e7924e4cc8436e5b389 |
| SHA1 | a4fea46f9bdca50c381a89be9a0f4706d20abcf0 |
| SHA256 | 089ff6f933bbdc42c44eade063823a87d6d750eb9d06ab2466a7472fd08067b3 |
| SHA512 | 2dcb2b419231dcee54d08be3d338151347bf66b485c9a397a11b7418d75dedab64956512869743b6cea57ac27bdb57879fd3b29433b622ded6dabdc86d091fcd |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\CR.History.tmp
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\search.json.mozlz4
| MD5 | 033eb0645837c8b618a593f7b9a72642 |
| SHA1 | cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172 |
| SHA256 | 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582 |
| SHA512 | 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe
| MD5 | 34a8f08f336cc90a6746e954252074d5 |
| SHA1 | 6e15049f46b7d84f72f5fd29b5763092101ffab0 |
| SHA256 | 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7 |
| SHA512 | 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe
| MD5 | 34a8f08f336cc90a6746e954252074d5 |
| SHA1 | 6e15049f46b7d84f72f5fd29b5763092101ffab0 |
| SHA256 | 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7 |
| SHA512 | 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AVGBrowserUpdateSetup.exe
| MD5 | 34a8f08f336cc90a6746e954252074d5 |
| SHA1 | 6e15049f46b7d84f72f5fd29b5763092101ffab0 |
| SHA256 | 9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7 |
| SHA512 | 18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b |
C:\Program Files (x86)\GUM2094.tmp\@PaxHeader
| MD5 | de9bfd204320e798e214b64ecf475500 |
| SHA1 | 2f999b22940ea6180ed195866135d07735d6093c |
| SHA256 | 6890e99d8001fe1b3d9cb1e1217f260427bae76b6b670a75255ecc1d8ba17eb8 |
| SHA512 | 27a5818a9d20307e532e03cc8a2af85206caecf524d347a1beb9f75a4c915317cc5b599247521633f325fe25ed53a8c1bcbff553947ee333158a625e12434a6a |
C:\Program Files (x86)\GUM2094.tmp\@PaxHeader
| MD5 | e73c502b6f61fea0e09a7343d159211f |
| SHA1 | de886c8fd0f2b9305375c7f7e1b60ace4e0db736 |
| SHA256 | 142ac02343c8d890bcd1c948a849c9824cabc90a21f3cd666608ed14be8e4a99 |
| SHA512 | c886d71efb6d67ad902293756776842f0647895fd25c857b8008389e6b4bde3acfa3678039f39c29dee2496562c07399ab373b0bc813ccb068896fa63dff41dc |
C:\Program Files (x86)\GUM2094.tmp\@PaxHeader
| MD5 | 7a20cd9f5231872c3176a64d84f26c97 |
| SHA1 | f808dfa43a5f72d77222b368db501708acd3f956 |
| SHA256 | 0547a95421b6d8ae6b6f3c71503eda478e490579b8705814c74130fce5177120 |
| SHA512 | 07b032a78088a726c80ebf8e366810ffbf18bfda7f3845b5ad305b5c139b672978f5595609b480cb9623268e6f51b89cce02f1be80abe6e72c65d1335769f8f8 |
C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe
| MD5 | a2e0e8ff0bb8068d6e06db4b5da75806 |
| SHA1 | 8ff63d9d3c7879f40070851e464241ab5ce82273 |
| SHA256 | 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964 |
| SHA512 | dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32 |
C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdate.exe
| MD5 | a2e0e8ff0bb8068d6e06db4b5da75806 |
| SHA1 | 8ff63d9d3c7879f40070851e464241ab5ce82273 |
| SHA256 | 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964 |
| SHA512 | dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32 |
C:\Program Files (x86)\GUM2094.tmp\goopdate.dll
| MD5 | 0fb0c73e4ea6f96f77b6767c8a144c33 |
| SHA1 | cfe4a43b70b5e7fe07caac28b508830d273cf1ab |
| SHA256 | a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f |
| SHA512 | 0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433 |
C:\Program Files (x86)\GUM2094.tmp\goopdate.dll
| MD5 | 0fb0c73e4ea6f96f77b6767c8a144c33 |
| SHA1 | cfe4a43b70b5e7fe07caac28b508830d273cf1ab |
| SHA256 | a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f |
| SHA512 | 0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433 |
C:\Program Files (x86)\GUM2094.tmp\goopdateres_en.dll
| MD5 | 2d104154df1390915432d09a15494d1d |
| SHA1 | c71ddbf257e3cc823436e470b16faf95256b104d |
| SHA256 | 8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c |
| SHA512 | 92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31 |
C:\Program Files (x86)\GUM2094.tmp\AVGBrowserUpdateCore.exe
| MD5 | 0eaf12bb06501a62df52d3ff488d009e |
| SHA1 | 217b8e7b39d9698f134a2ee91efc6c07957b2503 |
| SHA256 | b9e37578debabb533b5ad30b31a20c1275f12eb5b1778386c2ee086b09512c37 |
| SHA512 | d418cc64bdc84217d98b1d7ae9f55d51873070372418cb88b1720e48f0fa744dc60b72c053cb8ce42be488b581eef60b93ed6d1d797520796f52f5c3b551acd9 |
C:\Program Files (x86)\GUM2094.tmp\AVGBrowserCrashHandler.exe
| MD5 | ad2e402663cf92613e1ffd1d04bcdeb2 |
| SHA1 | cea9b5d96b47cf9c82254593ba12b50b97fa59f0 |
| SHA256 | c72b63a6b690352af20405cb0e9ab84951ee116f417a2b6462859242bac4137b |
| SHA512 | 94a86ab826c969af54c9be213e1bb282f0125d645bc865a014d3421caf93467f01ae01cc9fcac3c79c05b1e60f18c1024ec1f0c7717056164a8e5d7cf1336bc0 |
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
| MD5 | a2e0e8ff0bb8068d6e06db4b5da75806 |
| SHA1 | 8ff63d9d3c7879f40070851e464241ab5ce82273 |
| SHA256 | 9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964 |
| SHA512 | dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32 |
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\npAvgBrowserUpdate3.dll
| MD5 | c46c52976d49246aa050c868d7ecb412 |
| SHA1 | 2257221d881d874f18f7f7e3cc966b79420672c9 |
| SHA256 | 872cdd1cd854d0973be3f6e5d3f361b9d85c7ce035a380e5f313dd7eb26b43b6 |
| SHA512 | 24801e16dbc32fd389583c62ab4157b25318e645fe2b911bf8b859a72a3c38c103e86ef514a7a9ce3da6dc76f1c076253930657aecb955d56b94593d24a26cb6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\9D1B9071715C88213C449C8FD6B03BD9B2B2DEAF
| MD5 | d95fe4172e7d5bb527d0561d596c180d |
| SHA1 | 25cebd71153dce6780580a654b63d72f6f70c16a |
| SHA256 | 4641e37d0194748ceda9af9e2b93958ef891dc80742092063745047a84d7ed15 |
| SHA512 | 808e885cc13b873c1828798f9175c4384fd456bf40162df5287748662eddfb96972109980c930da1d26cbb58957aecda6039a65dd40e87b8e14bb934ba8dc687 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\30434
| MD5 | e66357558ec1823e88e52619c6b70952 |
| SHA1 | 4fa9c308593c464c548a91c8000222bed9bf3981 |
| SHA256 | efaeb4f01e3c4796b0418dc11b86c34c51f9f7f4f6b7d2ac5477edcdecaa3172 |
| SHA512 | 122ef95d15097f9f9c5595a010a76a580fb1e5095d1204f3dc50590ae155f1cf46df7cf602765b5bd1bf2c1ad8ea14ba5e21f29ae099c35edd4a8b4e97cb5d35 |
C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\111.0.20716.148\AVGBrowserInstaller.exe
| MD5 | 58fe6cfd35eef6261af2212dd1031b13 |
| SHA1 | 8ac9fcc31f9debfafa1d518a68b6d9a7cf539609 |
| SHA256 | 1e572415a647a8f4e30df09b26f47e5edf5744c1f6555825d6cf08fd631a1c55 |
| SHA512 | 778b5cedcd2579cc5c30bfa31581707ce02cd78edcf353a2fcfce4e1d1eee21bdbbb91f613e49da32e4ee722d134a7d1b8fa476b45a32f9881fd0619f3b5c938 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\19585
| MD5 | bf46fd0a002b290a5862efda25a17ff6 |
| SHA1 | d4abd476690e85cb7a8213ea86e4d5e907ff929b |
| SHA256 | 3a5a91349b5121316923ab101ec0dd29504a975198f214086f86b386db87898a |
| SHA512 | dc82d9e14e91017d72e6ef2cb6c6aa21f075f1bb388eabd648cc25b3decc671aa8f3d3f2305c1bd9b799751518d5f3c9cf5efb0423481ec94f6fc547a1ff432c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | 8466106ffd3409fef5f542bc80160586 |
| SHA1 | cc395a1a0c4cecdffbc4e4b7a0672cf773234eed |
| SHA256 | 02fce008da5e3571dca0b966c7c4ffe8dcf85d424ceefce9adb7eee4bb2c9b9e |
| SHA512 | 3cc96bab0efc36ce9b1579d4e9b7a52e1389815526aa403204179c21dd4d00c4845a020f5b2a69d6be7789f9fd82242ef30b10401224bde83cf3933950589d95 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\C70E94FEF8BDC55C26EA1A771B3B99AD46C49195
| MD5 | 51257a26a28119e64cb3e68decb2157f |
| SHA1 | deb2b6581f6c42c0c9a0ae1a801c04d8191eaf14 |
| SHA256 | ed10ebe61c5f26ccba9f3c501d74d36e8c4d1bc8d9516a6b7863a5db54d0f36e |
| SHA512 | bf116996375ac6ec7a4c1430f8c3e2933d546cf67b779678469d937134f4b5844f4078ed539a3d8fc2d38eb9ac88e02716ffb3203414bdb1d7c365d0ddbf07e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\8B4FBBAA9033A93F0B81CAE921AD59CCCF42C12C
| MD5 | a76e60aed07e9cbceace371f79d684d9 |
| SHA1 | cd86d080f59688db4a368b81e87db5ab2bf5495f |
| SHA256 | 6aff771ba3c5e05838fa5fa68d2dfb673cb7b299cdfebf868ce589c8070e9f34 |
| SHA512 | 29d9393ebcf80c450ce40d1e67770dd5cbebb891cc8ef2b4e82c9105edada6e2a483beae31240c391180430c24b9c437d540387a5ee076d827b036dae93b5fa4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\A3D6A16A26B1D7399736688127F90A7DF9933EEE
| MD5 | 73d4fd9be7eb38eabae20ced508324dc |
| SHA1 | 66de5707d07f4954d9ec1f1c7d60dcf1a18b3eb6 |
| SHA256 | 0a621eeddac2ea61c0b0c45a5a6acf2682e4f45d0586f30cc7e0c5d09dcd827a |
| SHA512 | e0cca329580b5715634a2c3954b86d375a7a3d7b0482e9d17118e1fb4e5db26406cda7fe4c1d92a73c4323dcbf532ea5e62ea1f9d10d97aaf07910468c039824 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\EBB29891A8756468BA9CAAD7866A8BB655A35251
| MD5 | 8d7c8bcdbc6d24d2f8f934cbd22a3136 |
| SHA1 | 556d361c33f8f42748cae9283163d00616b6655f |
| SHA256 | 77ffb80b68d5c544aa7279aba946276e1a388acff73ba9ce5a7e7b139e2bef00 |
| SHA512 | 6e08cfe967501163e9406710a07a0ee378d3fc1956acd280497828d63efcb688352cdcde46614f2f243af13f53c2766a8e4837d0938c915224fb2fade55d70dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\14210
| MD5 | c093eb0c014ad6116565a8ef12f0ec2b |
| SHA1 | 12a1081ef9aeeff34c64972bd4a89550d2022ad4 |
| SHA256 | ac146412a6d77116a3be45e7bf832abe7fee65c7e11e79a3b804b54552082cb0 |
| SHA512 | d70a620b604c68df912a2751ac7dd6bcd607465f846f7d9d75de1f24ec022d68289a00e3e59fc517e986f9cd9d27f36827219018b4e6eb4fc8e331fd007d87f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\7F42FE94851B64C0E4D94EC04171C776F1AB30FB
| MD5 | c391037552daffb57a98b41eb2acd608 |
| SHA1 | 6c6b03c67ee583761ddb7f9790beed9a8c245460 |
| SHA256 | 21ac77d2b33a0a049b36dab2a46b15d9085d62137dc7190ccac4c3ce8822b897 |
| SHA512 | 5e407fcd71f183d286da5eff795c9ea7ff8d0a578bad3aa92736150ab118cf7cdd5b8bccf515dfb18ef8822bf6b110a5206eb855f8b43b87de1e87bf63194160 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FFD89C047463AC2E0D4762A9B5A942050BDACF14
| MD5 | d6e7a82c7a00ec12248fe1d31d17dc5d |
| SHA1 | 9bedfcf0d16860986305bc4d7d976bb4216994fb |
| SHA256 | dd5ed88b17d96471f37005abbad4908840718de43ef75251d750c1326c8b1306 |
| SHA512 | 41a5804c348728cb778f6278651effac3a63300210c338ceb4200371adffef54816f4dd187a110b31719c1dae0b696d6b74a04b46877d32965300b1a254a3a0a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\4DC1135366EC68B043CEA58A6D9E4651AE97239B
| MD5 | 81e8b9d2343a675ab9ea4ea2cf56cec6 |
| SHA1 | f159d35e33f7b22432361dedcf0d23983f4ab76b |
| SHA256 | 996214df185e219aca10d9abd6ece5fe57ffd4bb1c419cda969d7fbb7a3621d1 |
| SHA512 | 60b44a5ccd10bbc439e0371ce0f663bd3cea22aad79437bec5f8e2d5d271c3492d90494346b9abc5beefa0cdb6c9cd0dedb29a96fab3b21c57216d8bea00fccc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\86D907A7A02E68DF27AB8DD8BE09BAF3E01176DA
| MD5 | cbb6ea60f763af73dcd31fb4d0146bd7 |
| SHA1 | d622c02b306072a1333269a5641a29615a30354e |
| SHA256 | 83246087d1a1a74724a2017171d819f14265eed2d992f8f6d1ee826469699b70 |
| SHA512 | eb843f854f713ac8ef3e9afbd27c09f09d3303f5e1da24975c66bdf71297f0e7ee3979b54959a4cf4e2add1fa947a544d079e787a768016115b99c31a18fd2e0 |
C:\Users\Admin\Downloads\NoEscape.exe
| MD5 | 47340a3629094c6e83926c447aaa1ec6 |
| SHA1 | 051205421dfe943bda589005c82e520bf0599660 |
| SHA256 | 719aa1929865aacde378eb158415e6bb54b5020fa47799d98445b211a3d84613 |
| SHA512 | 623b0cbf5d6f8c2d64b51394ca35552a4c90490a53f968903e553d210072ae6c235ace54a8e7968ba33e9b7d27037daab6c7f3df3932b8989db27e5b126a25df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\6315
| MD5 | 62ed82271ba4c4c94d1acffd1f805728 |
| SHA1 | 30dc2ab94d7427270bcffafccdbb89279b086860 |
| SHA256 | c678d2a74f987998ed664524a6692d00d24ceb73f2f3b9f02a33c55abf5222fd |
| SHA512 | c5cef2c5a6cd3c0e12bec5c77c714bc733c04c2684bbdef44fae6186cee57e6342ddf472219d801a64dd5d575e953be37e7b6c98ac057431fd93dea9ed84f8de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\7D038D819C43A3424FEABAE44418A58AAF3A5DF0
| MD5 | e714bf6f3f0ad133fcb071dfbe7a846c |
| SHA1 | 4c70212306fea44ffc0234cc0de12acf89659dff |
| SHA256 | 5cea86960c0ccc0dc47f0fdac25d2a8f216a440784c06d7a291de368d9496b18 |
| SHA512 | 99a2142be1e06fa8133ff706c0f7a0ed0e5ae42e67b0e91f2735d6a5ef937d13f36cc15a6b5d6e83db9a75431fc6a9f0babde801e3872c65f8f7adf57d9d2312 |
C:\Program Files (x86)\AVG\Browser\Application\111.0.20716.148\Installer\setup.exe
| MD5 | a8cfb220ea1468012e372efa0b389e52 |
| SHA1 | c7e35e62593fe08ad3cc31e1a0336d16779cbe73 |
| SHA256 | a316e751dae40110cfc587f87c9f882be1ccd184ed86544e2fd1cf23f4fd6c04 |
| SHA512 | f8b56d3cbef09c009124511e88c84617b59c2dccc4b61487d7ef21ae5a5170e846af27b3ec177c327cac3fc1be1f6cfaea260082cd5e7a854233d6e0e1458dc8 |
memory/11432-14612-0x00007FF9B0630000-0x00007FF9B0640000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk
| MD5 | f379c052eac62da5fa29e4bda3b68b1e |
| SHA1 | 0c3cfeb9e5ba62bc146cbb6b54f289c391b95d28 |
| SHA256 | 20314ae177a284674bb2fd2b68fbaf6d4707c3b11867d256c04044a34a3402fe |
| SHA512 | a3d2afd65c4b486ac0dcf7f8949127b12756867985807dd1840d9f4b0c85b07c61fb27b57b7ae143ff215466abc1aa1c232a2c3d2c73713d9af97a90d44334a3 |
memory/7672-14659-0x00007FF9B0630000-0x00007FF9B0640000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\E46918910165508D39CEBA92855F5E88363EC242
| MD5 | 22725d6ea3b533a640396ef24533b2a9 |
| SHA1 | 0f33269cf3751d3dd0546e4e3b4c10d90bbafa4c |
| SHA256 | fad8f1a8bbbe1bf0890f8eb478e95fcd59347e499b1139b289d05b1630101e0f |
| SHA512 | be7c843bbd5a45396d70716f961e4651de7016847dc672ffd8a0f3bada66a1652a9e16ee6fff5925efd9413990d34fda144ccefc535b2166e6c0e8ec757fcc1b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\5345
| MD5 | 9c076416c66140fc8cc1eee931332d4b |
| SHA1 | 722206243082782ece1bfe16434a430c704de9ab |
| SHA256 | b6213df8b77f8266517b8eeee134be2018f4b4b77f687744941daae545b9107e |
| SHA512 | f2fe3dae1c0d050950fad955364c9b220f8807258484b72b3b82495769849c239b99527b8cc30989c71cc288118b0526c042bbb7ab391bbd406a81f6e91311b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FC3CD48C76DE937109E22152098456855A3FCB6E
| MD5 | 006b6b39476d77ef4fd8a721924edf1c |
| SHA1 | 9671e4fd7cb3767db4a27b7f6b316679ccd84ce7 |
| SHA256 | d8b55f2e4b7b74f40d8e1a19f1c353818bed401dcf637c219619534f3dc4e4ec |
| SHA512 | dba41b4a4ac1c4f92f9efc8621f208460cde0955747d51d60b81c5bc4ee59f770decb68f47cc3b498fe73682cfb100154ae80d90a6e142a15a28d69f29a3868f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\0670CE4D19DC348AAD008AD9A5D5936C62B64D02
| MD5 | beb79608b200e22178dd58d5dd302489 |
| SHA1 | a00f3896102f54b1ac4aeb110defe9519b82cdaa |
| SHA256 | 767e5c33788ee7079c373ba56dadc6ba9709c90bc9251025d876dc3f9245a07e |
| SHA512 | 105702f44b1bed5a6a702a922cf9a2008b8d28775552c55b3e2765864ddc23c48e2cf81a7587eaf10b635c75cd993d2899b9dc850fb3c30991b1dc698f6c31d7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\9CC2EA39F67F72F30D975C6BFCD2AF3B88DBC79F
| MD5 | 6fe7d6fb631b9bdabb8004a6d11ffccd |
| SHA1 | b08b2ea790dc84e277196d09ab63633b32ee7bfc |
| SHA256 | e90705e41d911f26fb8d99104cccfb070b99e2c370f9165506884d4ece0e87c1 |
| SHA512 | 61613167e13494a6a4604679f2fee8361b0360961fcab8eaf93f18622802c5398e19446b6f5e413c89f0c10bfc5469bc2e28d84e08e5944682f26f9e8ae3a19f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\FDE8B9D575D981F51FB165FC50C428F5159ABABD
| MD5 | 619d4d4a22eef41a9a6758ac2e7fb5f3 |
| SHA1 | b10d64dabe2839fee137a06ec184dd892a8e7e04 |
| SHA256 | 4bd641379847a9a0c539d8deca414ec6c650e9701152d241f0a801e9cc5e6001 |
| SHA512 | 80ffec3f958e2c9af1f708fb3bce08fdcc588c4f9c567441e19404427a75c5cdd0f4381e2fd2ea599b7d8525f2cb30fa5486ef21c3bfe71b1a12e9ecbc2a40f5 |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
| MD5 | 146157cb7116d7803bc3a57a7717a51e |
| SHA1 | 0d4179152208085e3e6b10a59d95949ef713a7cf |
| SHA256 | 41f555480398d239cebad34827714c12d40f65556032f272a9b1f97ba3a8e473 |
| SHA512 | bc26b096afc1ac32244bf8595377adf4c7b67bfc384ff5e127f47f4905723ad381e95c82953659ba1889e7ab7d39166bbfed662a0547c8c648848e60ffbce038 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\thirdparty.dll
| MD5 | 080eea7a54aeb7ea3d016645dec05bd6 |
| SHA1 | 771e1b0fe952ace3d2af3985b0b8d06c65f4d902 |
| SHA256 | 84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4 |
| SHA512 | a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\nsJSON.dll
| MD5 | 18662c1acb667a9db5fb9e90aa0f5dc8 |
| SHA1 | d332202bad869e5c71f30bd816940b262cf24603 |
| SHA256 | 608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66 |
| SHA512 | 751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687 |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\jsis.dll
| MD5 | 465d5265bfe5b90f821235f0e13ba5e4 |
| SHA1 | da4d81c230b3aaa1e0dc891df8650e3a777da263 |
| SHA256 | ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d |
| SHA512 | bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac |
C:\Users\Admin\AppData\Local\Temp\nsvDD9.tmp\AccessControl.dll
| MD5 | 604a2e2ae485971e2fa3c87381c34fa7 |
| SHA1 | 47cf889e2337bb226d3cc91b30384a8898c001ea |
| SHA256 | 5c5299d0b5ec902d6e17c81ba429094d943c38f6852a76292bb6bcbbf44aa163 |
| SHA512 | c4eec8ad90c476f3fea8b3f5f5b5bf0b0e347d764d04e8d6cbdd5e0cc9a55f5458442c9234f9542c56656974846920ba53bc797fbd187735c32746d7c0c52cda |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaSDK.dll
| MD5 | c0767bf3e9d776ac14d4a7690751c87c |
| SHA1 | 1b67a3b025abed3ef6ccbd64143e0a8517a62dd0 |
| SHA256 | 8e343f727b78a4e706836eaf2525021ddb8567bf86d8ef2a209f719f93443267 |
| SHA512 | 38e2c8729719d3ea0a833c638666995c3a889d778f032034002395bae6d92c905846099d0b98a6b42dfeac9692ef086f097d43cfb068d5ecd4d441de7544b381 |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\PlayaNextAPI.dll
| MD5 | 4c93aeb01da51a5613762a11551e71a9 |
| SHA1 | 3642d36fcaadc796a4b16380577450d81afff431 |
| SHA256 | a98f6a7928b84616043af2691490829aa108be46a08bd209e086422716d2142f |
| SHA512 | 4ded40e5a45825decd9f182ecbea17eeef5600b483920d5e3e010f54aafdd049a4e3eeb8ca02502837cd89076b274ffa4bdde2bcca9518776c866503adeebffa |
C:\Users\Admin\AppData\Local\Temp\is-36KE2.tmp\jsonconfig.dll
| MD5 | 9806a1edcaa83c90ae83f6fb325a73a7 |
| SHA1 | 7c309e62b1c1450c9eaa394b531f428f1289bb2e |
| SHA256 | c94b46a0e658fb583ea8aadb40b808fad176318abe35f834ffe83e7799333a67 |
| SHA512 | abeaa2805911e2d4548a96967fc235eb5a94f1639a41ccf73f8d7438650f2d4e5bc6a0c315077cf37f3b2201697f44b6f238e90f2e7b8cda0a12d470011fcd5d |
C:\Program Files\Bit Driver Updater\bitdu.exe
| MD5 | 73c9d7510bfedc20d89b774851acc8bc |
| SHA1 | b8a7e2bc1adba5f8a18028c6668f6c79fe810f56 |
| SHA256 | 4c0fd107a9276ecde6727ecd7477fd9b26f69f8b259a1e627875c180186d88d5 |
| SHA512 | 894743f916f9421c63066dee54c56913c26b175a2acadf4042b14441e753836ae5849f92eb1a418f44b099c35aa54afc7456a27b66a17ef38e493fbe949ec14e |
C:\Program Files\Bit Driver Updater\unins000.exe
| MD5 | 5f87b09f2d406385c943236fdd0c1dd7 |
| SHA1 | 3373304e61f4eb3b35e20569d9faf27763d8d4c2 |
| SHA256 | e0d00e3ad64d76c0985b5a6bf9783616e17cb6e3aa5f848c8795cebe0c226ad3 |
| SHA512 | 1b61b73fdfdd1dd141cccf5807bc9812da138cb374928af1b28ca3c4b50253738cf3daa9ae77d7db81074148ca201ada11876534d4a5cc5b82f82acfacb11063 |
memory/10360-15438-0x0000000000DF0000-0x0000000000E00000-memory.dmp
memory/10360-15448-0x0000000000660000-0x0000000000CD0000-memory.dmp
memory/10360-15454-0x000000001CB70000-0x000000001D07E000-memory.dmp
memory/10360-15455-0x000000001D1C0000-0x000000001D2F6000-memory.dmp
memory/10360-15461-0x000000001D740000-0x000000001DB14000-memory.dmp
memory/10360-15496-0x000000001E5B0000-0x000000001E5FC000-memory.dmp
memory/10360-15510-0x000000001EAF0000-0x000000001EB8C000-memory.dmp
memory/10360-15511-0x000000001F710000-0x000000001FBDE000-memory.dmp
memory/10360-15517-0x000000001ECA0000-0x000000001ED02000-memory.dmp
memory/10360-15533-0x000000001FF40000-0x000000001FFE6000-memory.dmp