Analysis
-
max time kernel
1799s -
max time network
1602s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
20-07-2023 13:54
Static task
static1
General
-
Target
e.png
-
Size
50KB
-
MD5
f9cf6aa8cb3e17e8cd4bc8b43cafe89a
-
SHA1
e02d1ebc26bfa00f2418f14e17db41078109171e
-
SHA256
bb6f0bbcf53e382dab8f2b40c94e17ff36c7205cd071a6213cfc7a0d785d68cc
-
SHA512
358b3c5e5955069610b2d04dbb752e5d1610a1149f4664d9b88db4e67b3e1c64ab1d5c816133f0b83276ca3ac91a85726f03c225f0301f06b6fc11a6a5dbd5d2
-
SSDEEP
1536:tnGeoSNxA2xS7FZqEQNwUC5TqhlCpWJJXD:9xTbS7nqEQNwJTQlCpW3D
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Localized Name = "Avast Secure Browser" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\ = "Avast Secure Browser" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\StubPath = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\114.0.21608.199\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" setup.exe -
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe AvastBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe\DisableExceptionChainValidation = "0" AvastBrowserUpdate.exe -
Checks BIOS information in registry 2 TTPs 8 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion aj60A7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion aj60A7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion AvastBrowser.exe -
Checks computer location settings 2 TTPs 26 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation aj60A7.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation avast_secure_browser_setup.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe Key value queried \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Control Panel\International\Geo\Nation AvastBrowser.exe -
Executes dropped EXE 64 IoCs
pid Process 2060 avast_secure_browser_setup.exe 6000 aj60A7.exe 6132 AvastBrowserUpdateSetup.exe 4896 AvastBrowserUpdate.exe 3248 AvastBrowserUpdate.exe 5008 AvastBrowserUpdate.exe 5468 AvastBrowserUpdateComRegisterShell64.exe 7064 AvastBrowserUpdateComRegisterShell64.exe 4820 AvastBrowserUpdateComRegisterShell64.exe 4988 AvastBrowserUpdate.exe 4412 AvastBrowserUpdate.exe 1604 AvastBrowserUpdate.exe 4376 AvastBrowserInstaller.exe 3648 setup.exe 4024 setup.exe 3388 Setup_WebCompanion.exe 5224 WebCompanionInstaller.exe 5004 AvastBrowserCrashHandler.exe 3260 AvastBrowserCrashHandler64.exe 6376 AvastBrowser.exe 6404 AvastBrowser.exe 5504 AvastBrowser.exe 6684 AvastBrowser.exe 6760 elevation_service.exe 6728 AvastBrowser.exe 372 AvastBrowser.exe 4764 AvastBrowser.exe 2004 AvastBrowser.exe 4048 AvastBrowser.exe 4068 elevation_service.exe 3436 AvastBrowser.exe 764 WebCompanion.exe 4428 AvastBrowser.exe 3928 AvastBrowser.exe 5800 AvastBrowser.exe 3996 elevation_service.exe 3440 AvastBrowser.exe 4344 elevation_service.exe 5784 WebCompanion.exe 2220 AvastBrowser.exe 5320 AvastBrowser.exe 3988 AvastBrowser.exe 5192 AvastBrowser.exe 6740 AvastBrowser.exe 6248 AvastBrowser.exe 3884 AvastBrowser.exe 3448 AvastBrowser.exe 4492 AvastBrowser.exe 6944 AvastBrowser.exe 5540 AvastBrowser.exe 5224 AvastBrowser.exe 2628 AvastBrowser.exe 1244 AvastBrowser.exe 7044 AvastBrowser.exe 6044 AvastBrowserUpdate.exe 3764 AvastBrowserUpdate.exe 6672 AvastBrowserUpdate.exe 2580 AvastBrowserCrashHandler.exe 3048 AvastBrowserCrashHandler64.exe 5652 AvastBrowserUpdate.exe 2836 AvastBrowserUpdate.exe 3444 AvastBrowser.exe 1532 AvastBrowser.exe 3044 AvastBrowser.exe -
Loads dropped DLL 64 IoCs
pid Process 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 4896 AvastBrowserUpdate.exe 3248 AvastBrowserUpdate.exe 5008 AvastBrowserUpdate.exe 5468 AvastBrowserUpdateComRegisterShell64.exe 5008 AvastBrowserUpdate.exe 7064 AvastBrowserUpdateComRegisterShell64.exe 5008 AvastBrowserUpdate.exe 4820 AvastBrowserUpdateComRegisterShell64.exe 5008 AvastBrowserUpdate.exe 4896 AvastBrowserUpdate.exe 4896 AvastBrowserUpdate.exe 4988 AvastBrowserUpdate.exe 4412 AvastBrowserUpdate.exe 1604 AvastBrowserUpdate.exe 1604 AvastBrowserUpdate.exe 4412 AvastBrowserUpdate.exe 1604 AvastBrowserUpdate.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 5224 WebCompanionInstaller.exe 6000 aj60A7.exe 6376 AvastBrowser.exe 6404 AvastBrowser.exe 6376 AvastBrowser.exe 5504 AvastBrowser.exe 6684 AvastBrowser.exe 5504 AvastBrowser.exe 6684 AvastBrowser.exe 6728 AvastBrowser.exe 6728 AvastBrowser.exe 5504 AvastBrowser.exe 5504 AvastBrowser.exe 5504 AvastBrowser.exe 5504 AvastBrowser.exe 4764 AvastBrowser.exe 2004 AvastBrowser.exe 4764 AvastBrowser.exe 2004 AvastBrowser.exe 4048 AvastBrowser.exe 4048 AvastBrowser.exe 372 AvastBrowser.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 23 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32 AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32 AvastBrowserUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\114.0.21608.199\\notification_helper.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\114.0.21608.199\\notification_helper.exe\"" setup.exe -
Adds Run key to start application 2 TTPs 11 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\AvastBrowserAutoLaunch_1088872FC4C2207C6D62AF0E8871CAAC = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\"" AvastBrowser.exe Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run AvastBrowser.exe Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run AvastBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\AvastBrowserAutoLaunch_1088872FC4C2207C6D62AF0E8871CAAC = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\"" AvastBrowser.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize " WebCompanion.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize " WebCompanion.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\AvastBrowserAutoLaunch_1088872FC4C2207C6D62AF0E8871CAAC = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\"" AvastBrowser.exe Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run AvastBrowser.exe -
Checks for any installed AV software in registry 1 TTPs 10 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avast_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\SOFTWARE\AVAST Software\Avast avast_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\SOFTWARE\AVAST Software\Avast aj60A7.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast AvastBrowser.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast AvastBrowser.exe Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast AvastBrowser.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast aj60A7.exe Key opened \REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Avast aj60A7.exe Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast AvastBrowser.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast AvastBrowser.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA aj60A7.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini WebCompanion.exe File opened for modification C:\Windows\assembly\Desktop.ini WebCompanion.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 AvastBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AvastBrowser.exe File opened for modification \??\PhysicalDrive0 aj60A7.exe File opened for modification \??\PhysicalDrive0 AvastBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AvastBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AvastBrowser.exe File opened for modification \??\PhysicalDrive0 AvastBrowser.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_de.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\config.def setup.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1041410533\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a AvastBrowser.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1041410533\_metadata\verified_contents.json AvastBrowser.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_da.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\vi.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateWebPlugin.exe AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\eventlog_provider.dll setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\tr.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\zh-TW.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\mimic.dll setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\vulkan-1.dll setup.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1200287747\ct_config.pb AvastBrowser.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_ar.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateOnDemand.exe AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\pt-PT.pak setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_uk.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_fi.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_ta.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\psmachine_64.dll AvastBrowserUpdate.exe File opened for modification C:\Program Files (x86)\AVAST Software\Browser\Update\Download\{A8504530-742B-42BC-895D-2BAD6406F698}\114.0.21608.199\AvastBrowserInstaller.exe AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\SECURE.PACKED.7Z AvastBrowserInstaller.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\vk_swiftshader.dll setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\AvastBrowserQHelper.exe setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\AvastBrowserUpdateOnDemand.exe AvastBrowserUpdateSetup.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1041410533\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o AvastBrowser.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_sk.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_el.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\aswEngineConnector.dll setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\bn.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\es-419.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\id.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\uk.pak setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_el.dll AvastBrowserUpdateSetup.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1863062629\_platform_specific\win_x64\widevinecdm.dll AvastBrowser.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_bn.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_ko.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_hi.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_no.dll AvastBrowserUpdate.exe File opened for modification C:\Program Files (x86)\AVAST Software\Browser\Application\debug.log AvastBrowser.exe File created C:\Program Files (x86)\GUM8C67.tmp\acuapi.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_et.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_id.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_ml.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_ro.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\elevation_service.exe setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\ar.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\ml.pak setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_ca.dll AvastBrowserUpdateSetup.exe File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping3436_1863062629\LICENSE AvastBrowser.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\mr.pak setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_nl.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_lt.dll AvastBrowserUpdate.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\chrome_elf.dll setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\ta.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\ur.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowserProtect.exe setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_fi.dll AvastBrowserUpdateSetup.exe File opened for modification C:\Program Files (x86)\AVAST Software\Browser\Application\SetupMetrics\20230703113803.pma setup.exe File created C:\Program Files (x86)\GUM8C67.tmp\AvastBrowserUpdateWebPlugin.exe AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM8C67.tmp\goopdateres_sl.dll AvastBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\chrome.dll.sig setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\Locales\th.pak setup.exe File created C:\Program Files (x86)\AVAST Software\Browser\Temp\source3648_729373407\Safer-bin\114.0.21608.199\snapshot_blob.bin setup.exe -
Drops file in Windows directory 17 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new WebCompanion.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new WebCompanionInstaller.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI28B4.tmp msiexec.exe File opened for modification C:\Windows\assembly WebCompanion.exe File created C:\Windows\Installer\e5e2672.msi msiexec.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new WebCompanion.exe File created C:\Windows\INF\netsstpa.PNF svchost.exe File created C:\Windows\Installer\SourceHash{19C3AB22-3718-4E4D-B203-242F5001565B} msiexec.exe File created C:\Windows\Installer\e5e2676.msi msiexec.exe File created C:\Windows\assembly\Desktop.ini WebCompanion.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new WebCompanionInstaller.exe File created C:\Windows\INF\netrasa.PNF svchost.exe File opened for modification C:\Windows\Installer\e5e2672.msi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\assembly\Desktop.ini WebCompanion.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A svchost.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI aj60A7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AvastBrowser.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AvastBrowser.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ svchost.exe -
Enumerates system info in registry 2 TTPs 18 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer AvastBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS AvastBrowser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName AvastBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer AvastBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS AvastBrowser.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85} AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\AppName = "AvastBrowserUpdateBroker.exe" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\AppPath = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4" AvastBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\Policy = "3" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C} AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\AppName = "AvastBrowserUpdateWebPlugin.exe" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\AppPath = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4" AvastBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\Policy = "3" AvastBrowserUpdate.exe -
Modifies data under HKEY_USERS 42 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000 msiexec.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software AvastBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" AvastBrowserUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" AvastBrowserUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" AvastBrowserUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343349179615663" chrome.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = dae1111dce193de06a8575a1f39972d01304046c0897e1b026f1f037930596bb msiexec.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1" msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E AvastBrowserUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 AvastBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry AvastBrowser.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\endpoint = "update.avastbrowser.com" AvastBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\MachineIdDate = "20230703" AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000 msiexec.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = a40f00004136b36da3add901 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E msiexec.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry AvastBrowser.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache AvastBrowserUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" AvastBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\hostprefix AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\ AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVAST Software AvastBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update AvastBrowserUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\devmode = "0" AvastBrowserUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 AvastBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69" AvastBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.CredentialDialogMachine.1.0\ = "goopdate CredentialDialog" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods\ = "17" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5AB71627-A1C4-35E8-975E-327931339608}\ProgID\ = "AvastUpdate.OnDemandCOMClassSvc.1.0" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ = "IGoogleUpdate3Web" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32 AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.ProcessLauncher\CurVer AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\https\DefaultIcon setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\https\shell\open\ddeexec\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E} AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\ = "IAppBundle" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDCF02F-B457-36D7-9215-FBE3FFC929BC}\VersionIndependentProgID AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6399AFB-987A-3571-BBAD-C388F0879754}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\goopdate.dll,-1004" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebSvc.1.0\ = "GoogleUpdate Update3Web" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACFD3680-431F-4780-AACB-75739A1CD788}\InprocHandler32 AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\AvastHTML setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7EECC1B-3003-303A-B4DA-8E8F5A85F13C}\AppID = "{5AB71627-A1C4-35E8-975E-327931339608}" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2033652-2F07-34CC-9416-76BC5C9AD5F7}\ProgID\ = "AvastUpdate.ProcessLauncher.1.0" AvastBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\webcal\URL Protocol setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\.shtml\ = "AvastHTML" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ = "IAppWeb" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\.htm setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7EECC1B-3003-303A-B4DA-8E8F5A85F13C}\VersionIndependentProgID\ = "AvastUpdate.CoreClass" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32 AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE1DAAE-30B4-3140-9BE6-40A47E9D3588}\VersionIndependentProgID\ = "AvastUpdate.CredentialDialogMachine" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\AppID\{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2033652-2F07-34CC-9416-76BC5C9AD5F7}\ProgID AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{493E9335-D965-3F74-9338-05A59D304768}\LocalServer32 AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6E3A7FED-773C-3232-B213-43DD2C627B4C}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\AvastBrowserUpdateBroker.exe\"" AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods\ = "10" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AvastBrowserUpdate.exe AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879} AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2} AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods\ = "4" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{493E9335-D965-3F74-9338-05A59D304768} AvastBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ = "IGoogleUpdate" AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32 AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\http\DefaultIcon\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe,0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebSvc\CLSID\ = "{9D2A777F-793D-3683-8D01-62DB24DAC371}" AvastBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} AvastBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\NumMethods\ = "4" AvastBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.Update3COMClassService.1.0\ = "Update3COMClass" AvastBrowserUpdate.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 WebCompanionInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 aj60A7.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 aj60A7.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 aj60A7.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 aj60A7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 aj60A7.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e WebCompanionInstaller.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e WebCompanionInstaller.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2020 chrome.exe 2020 chrome.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 6000 aj60A7.exe 6000 aj60A7.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 2060 avast_secure_browser_setup.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe 6000 aj60A7.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 632 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe Token: SeShutdownPrivilege 2020 chrome.exe Token: SeCreatePagefilePrivilege 2020 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 5224 WebCompanionInstaller.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 2020 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 7004 chrome.exe 5784 WebCompanion.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2060 avast_secure_browser_setup.exe 6000 aj60A7.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1316 2020 chrome.exe 73 PID 2020 wrote to memory of 1316 2020 chrome.exe 73 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 2780 2020 chrome.exe 76 PID 2020 wrote to memory of 3372 2020 chrome.exe 75 PID 2020 wrote to memory of 3372 2020 chrome.exe 75 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 PID 2020 wrote to memory of 4520 2020 chrome.exe 77 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\e.png1⤵PID:4820
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ff8513b9758,0x7ff8513b9768,0x7ff8513b97782⤵PID:1316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:22⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:3684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4896 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3656 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5384 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5608 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5768 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5972 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5784 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5712 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6024 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6068 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:60
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5812 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3528 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6064 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5396 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4944 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5204 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6076 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6552 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6760 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6888 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7052 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7368 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7212 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2092 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3840 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7756 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6172 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7428 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7112 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7172 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5880 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3836 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5188 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=3004 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5304 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7528 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7176 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5332 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4856 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7556 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7960 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6396 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6796 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5268 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7436 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=3088 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5268 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8068 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7436 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5224 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6200 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6924 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8340 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8420 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8584 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7456 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9076 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8952 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9072 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:2108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9020 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9168 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8864 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7216 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=7604 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=9036 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7480 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5196 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=8348 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=8428 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=8576 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=5888 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8600 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=4612 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7348 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7588 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=3672 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=5088 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8012 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=5744 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=6664 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=6656 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=2276 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=9652 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=3268 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=1580 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=1764 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=2408 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=7476 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=6376 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=3600 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=6268 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=3812 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=9764 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=10100 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=10188 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=8896 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:2800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=3400 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=6452 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=5296 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:6800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=8912 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=7056 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:6960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10072 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:6044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10052 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:6904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9260 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:6020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=1128 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --mojo-platform-channel-handle=5484 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:12⤵PID:5900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:60
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7384 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:5740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8840 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:3444
-
-
C:\Users\Admin\Downloads\avast_secure_browser_setup.exe"C:\Users\Admin\Downloads\avast_secure_browser_setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\aj60A7.exe"C:\Users\Admin\AppData\Local\Temp\aj60A7.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6000 -
C:\Users\Admin\AppData\Local\Temp\nss625C.tmp\AvastBrowserUpdateSetup.exeAvastBrowserUpdateSetup.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=6166&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dedge --import-cookies --auto-launch-chrome --private-browsing"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:6132 -
C:\Program Files (x86)\GUM8C67.tmp\AvastBrowserUpdate.exe"C:\Program Files (x86)\GUM8C67.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=6166&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dedge --import-cookies --auto-launch-chrome --private-browsing"5⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
PID:4896 -
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3248
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regserver6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5008 -
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5468
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:7064
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4820
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTYzMS40IiBzaGVsbF92ZXJzaW9uPSIxLjguMTYzMS40IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezhFM0NBOTc5LTQ1MzctNDdEMy04N0FGLTc3QzYxQjgwQkM3Qn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2MjUxMzlERC03NjUwLTQ2NzYtQUVCNy00QUY4RDdENUNCNTJ9IiB1c2VyaWRfZGF0ZT0iMjAyMzA3MjAiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDcyMCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntDNTNBRTA1MS04NDAzLTQ1NTEtOTNFQS0xMEVCMzc5MUU5OUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTUwNjMuMCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjMxLjQiIGxhbmc9ImVuLVVTIiBicmFuZD0iNjE2NiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTE4OCIvPjwvYXBwPjwvcmVxdWVzdD46⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4988
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /handoff "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=6166&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dedge --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{8E3CA979-4537-47D3-87AF-77C61B80BC7B}" /silent6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4412
-
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe --heartbeat --install --create-profile4⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
PID:6376 -
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xe0,0xe4,0xe8,0xbc,0xec,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea205⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6404
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1908 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5504
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2300 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6728
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1896 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6684
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:372
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4764
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3704 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2004
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1912,i,15392043300120352241,14120487592108032752,262144 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4048
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe --silent-launch4⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:3436 -
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf0,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea205⤵
- Executes dropped EXE
PID:4428
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:25⤵
- Executes dropped EXE
PID:3928
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:3440
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2064 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5800
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2608 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:25⤵
- Executes dropped EXE
PID:2220
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:5320
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --disable-protect5⤵
- Executes dropped EXE
PID:3988 -
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea206⤵
- Executes dropped EXE
PID:5192
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6740
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3780 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:3448
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3808 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:4492
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:6944
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4576 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5540
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4472 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5224
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:2628
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5004 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:1244
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:7044
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4208 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:3444
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:1532
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵
- Executes dropped EXE
PID:3044
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵PID:5508
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3816 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:1372
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4424 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:2480
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4104 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵PID:6772
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5256 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:4828
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4196 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:684
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3948 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:5300
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵PID:4596
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4296 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:1372
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵PID:2840
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:85⤵PID:3608
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3792 --field-trial-handle=1880,i,13552227180771026465,4295465825603770643,262144 /prefetch:15⤵
- Checks computer location settings
PID:4576
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\Installer\setup.exesetup.exe /silent --create-shortcuts=0 --install-level=1 --system-level4⤵
- Checks computer location settings
PID:3856 -
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\Installer\setup.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6e3f18fa0,0x7ff6e3f18fb0,0x7ff6e3f18fc05⤵PID:5540
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk"5⤵
- Checks computer location settings
PID:5668
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exeAvastBrowser.exe --check-run=src=installer4⤵
- Checks BIOS information in registry
- Checks computer location settings
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:2448 -
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea205⤵PID:5612
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1808 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:25⤵PID:5576
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2412 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:85⤵PID:3512
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1844 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:85⤵PID:4056
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:15⤵
- Checks computer location settings
PID:4812
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:15⤵
- Checks computer location settings
PID:576
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\Avast Secure Browser.lnk"5⤵
- Checks computer location settings
PID:6540
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1812,i,17266274755652183282,12949212820134708343,262144 /prefetch:85⤵PID:6296
-
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --disable-protect5⤵PID:1636
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea206⤵PID:2124
-
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:82⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5588 --field-trial-handle=1796,i,11162863168994729987,2255279691904131239,131072 /prefetch:22⤵PID:5384
-
-
C:\Users\Admin\Downloads\Setup_WebCompanion.exe"C:\Users\Admin\Downloads\Setup_WebCompanion.exe"2⤵
- Executes dropped EXE
PID:3388 -
C:\Users\Admin\AppData\Local\Temp\7zSC3D0294A\WebCompanionInstaller.exe.\WebCompanionInstaller.exe --savename=Setup_WebCompanion.exe --partner=IN220101 --nonadmin --direct --tych --campaign=18022583703 --version=10.901.2.5193⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
PID:5224 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone4⤵PID:6844
-
C:\Windows\SysWOW64\netsh.exenetsh http add urlacl url=http://+:9007/ user=Everyone5⤵PID:6620
-
-
-
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=4⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
PID:764 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\_l3b8zj4.cmdline"5⤵PID:4632
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFC6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCFB5.tmp"6⤵PID:6444
-
-
-
-
C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SendNotifyMessage
PID:5784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN220101&campaign=180225837034⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7004 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8513b9758,0x7ff8513b9768,0x7ff8513b97785⤵PID:6700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:85⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:15⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:15⤵PID:5248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:85⤵PID:5676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:25⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:15⤵PID:6684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:85⤵PID:6640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=2108,i,15811491491339251274,16644909743546553217,131072 /prefetch:85⤵PID:1324
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4176
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x37c1⤵PID:5984
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
PID:1604 -
C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\AvastBrowserInstaller.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=edge --import-cookies --auto-launch-chrome --private-browsing --system-level2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4376 -
C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\setup.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=edge --import-cookies --auto-launch-chrome --private-browsing --system-level3⤵
- Modifies Installed Components in the registry
- Checks computer location settings
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
PID:3648 -
C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\setup.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{86F442ED-16B0-438E-B779-A7A58CBD86B7}\CR_D2EDF.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7aaed8fa0,0x7ff7aaed8fb0,0x7ff7aaed8fc04⤵
- Executes dropped EXE
PID:4024
-
-
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"2⤵
- Executes dropped EXE
PID:3260
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"2⤵
- Executes dropped EXE
PID:5004
-
-
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe1⤵PID:4592
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵
- Executes dropped EXE
PID:6760
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4068
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3996
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4344
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:568
-
C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\System32\SystemSettingsBroker.exe -Embedding1⤵PID:4932
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc1⤵PID:5096
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservice -s SstpSvc1⤵PID:1048
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1272
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
- Drops file in Windows directory
PID:6904
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵PID:7112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SendNotifyMessage
PID:1188 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8513b9758,0x7ff8513b9768,0x7ff8513b97782⤵PID:6380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:5380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:22⤵PID:1440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:7088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4648 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:2640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4844 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3252 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3716 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6452
-
-
C:\Windows\system32\control.exe"C:\Windows\system32\control.exe" /name Microsoft.DateAndTime2⤵PID:5328
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\timedate.cpl3⤵PID:5780
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3168 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1356 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5460 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:7000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3048 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:5520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5612 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5760 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6220 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:22⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3196 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5424 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:1760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5440 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5696 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:3508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3764 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5680 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6336 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:5216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5360 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5516 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:7140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:6660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6580 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:12⤵PID:6232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6808 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6788 --field-trial-handle=1780,i,10238699668196400937,7227552452125708755,131072 /prefetch:82⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4928
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:1848
-
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument C:\Users\Admin\Desktop\ConfirmOptimize.shtml1⤵
- Executes dropped EXE
PID:6248 -
C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=114.0.21608.199 --initial-client-data=0xe4,0xe8,0xec,0xc8,0xf0,0x7ff84f06ea00,0x7ff84f06ea10,0x7ff84f06ea202⤵
- Executes dropped EXE
PID:3884
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:3764 -
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /registermsihelper2⤵
- Executes dropped EXE
PID:5652
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /c1⤵
- Executes dropped EXE
PID:6044 -
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /cr2⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:6672
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"2⤵
- Executes dropped EXE
PID:2580
-
-
C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"2⤵
- Executes dropped EXE
PID:3048
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:4004
-
C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:2836
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵PID:1412
-
C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe"1⤵PID:4420
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Defense Evasion
Modify Registry
5Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD505aa1a6a48941d2f6cab24e5b36fa172
SHA182731228f87c7bd2f88d346bc9e2a7c92dbd8b7f
SHA256dfa4ec703d57b0aae697f8d6fe43c7f1440553801027a6c68d762159e7bae0a9
SHA5121eb577e87f272aa2d531c44bfbc00df85bab199193d2f13e0ae33624993186929b4ef7cab1192278a9028da3d83444ae0d28cef5c21cc1ea810b3382865beb4f
-
Filesize
4.7MB
MD5c3a9cf114eaa0fd8ece4b12bd8bd9c06
SHA1e2edab92d790a3388c2afe0c73e247f5ee506641
SHA2568b66ad77e24c8e42f771c25969664556f4a4e0b0bcf4861b069c184e4b2c2c7c
SHA512fe6e7138ee18fe530b775b41afd5f26d65d107ae842c8619a34752bbb9f9b4b479dc12182865615e22ce063e92f4ff83733b724979c8fc169280736bbe558c34
-
Filesize
5.8MB
MD51deb81b483e500b96aabc4c8761e642e
SHA1389a03ce92bd5869f24caccae43855331b4a9800
SHA2567a48d929d17de49160db68b3be58aba7d354f73f7292125adbb024bcd65d82c5
SHA512703eb1e3cad9349e1772d552b30e69ce07b3fb80b78311c0f698a79ca7cfb04d424bda1b722f4d8c586d9862ed56e1c2b99cd2d7df64509d3d66d1862e9ed936
-
Filesize
131KB
MD550cc978f72dacfec8e1f61acea2d12da
SHA1a0d7dd0e6f6eec6f0c56e260778238dc3a5fb705
SHA2562c7af2eb48f51a42f93824a2022fce7ad0b2df1a348560c76aabef5d666da2e8
SHA512efd27a7aca756d0c4e4e5e1d34f55e2c255bfc75296ae270ba7b6f75a0d221cba2fa38e4c7439ddda3bc7a339f07c961fc6e47a949084dc57299ba3ce2026683
-
Filesize
152KB
MD5bab0e5fc48a37c6d18e2aea27007746a
SHA18be3f947b183aed390f0c7daf3c40b6bc451322f
SHA25662dde1ae0cf875694fa0cd748685f4615ccfe8d146a2f57ebd5dcedee4782ca2
SHA5123228a1806935e35e42a190c4a23e229337388ecb59b213d513733109472a0f20a4cd8da827ddf9d2ae1b1b8613fd044ed02a7027052a3f1ce8e475ec88bcb2c7
-
Filesize
186KB
MD5008b382cdb77eb7811d572937805de53
SHA1b339ce200f027307c3588096a413906d5c348b95
SHA25617dce0905356c7eebc78dbba0913aa1476ed84cfc09284abfb8aa7147fe89004
SHA5122bc380bcb872bfb8b61ee24442df21ccc101f56f05d766f41a3f34b103d0be2e6569ed371c3f9011b2b806911d6e5c4b56208ce387d45027d382b7f2d6da986e
-
C:\Program Files (x86)\AVAST Software\Browser\Update\Download\{A8504530-742B-42BC-895D-2BAD6406F698}\114.0.21608.199\AvastBrowserInstaller.exe
Filesize101.9MB
MD559369b1ca3c0499a02cbcb1e5b369223
SHA1f7ba64af7761f9a0f5e17b49f5b06983a64891a5
SHA256a05c449065becf299b85b1e1bb722b84857907c0f3b13860f46da7ac5019c548
SHA51219e043814b334176e149677a1eceab052f3be56fb2442eb205eb0ffb9c7e9f46f460e1d825a909915b8d42433c502b7572c599c2c1396d68fa2a7bac6be41055
-
Filesize
28B
MD5615ecd50e43fd9917ec749d71b81d829
SHA18a0985d2f384f680002c5aeb7066d128df70d30c
SHA256507c58da8ed1aec7ce37b1b9e3e3171e8e265e77c9a43f2599bab3c7573b9e67
SHA51237062437c6d19c043a25f6d814d0a82e2d5b75c65183f361459dfbde5478be77bd8414bf230378d060f4be36f8fcfe24664c66efb67f13e2a7bb5f291dad39fb
-
Filesize
573B
MD51863b86d0863199afda179482032945f
SHA136f56692e12f2a1efca7736c236a8d776b627a86
SHA256f14e451ce2314d29087b8ad0309a1c8b8e81d847175ef46271e0eb49b4f84dc5
SHA512836556f3d978a89d3fc1f07fced2732a17e314ed6a021737f087e32a69bfa46fd706ebbdfd3607ff42edcb75dc463c29b9d9d2f122504f567bb95844f579831b
-
Filesize
72B
MD5011bc6a43063a8c4f4ba6e7f26380545
SHA1709aa9d0970a1479458011d207682295066843df
SHA256c4e8b930a7560dc9a94105aaffd1c23d3b370c654ec90716ecc7284e3294b202
SHA5129a2b2b04f462c19b7b5dc6849c3e3b2186e10e82bdb1356781ac300caf9bdd9c6381d675b16ef4a38a2f1fa39a723ab0ad469789e0dafb1ec0d23f72b86ceb9d
-
Filesize
473B
MD5f6719687bed7403612eaed0b191eb4a9
SHA1dd03919750e45507743bd089a659e8efcefa7af1
SHA256afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56
-
Filesize
1001B
MD565d61aabcdcfebd3786564ae704941b8
SHA1d310c1bdae070e2ec6ff150a21922e2cadb0695b
SHA2567c58e1d88728a91c0434d85e34163921bd77380929dd5aeccb1b0055e0cb1731
SHA512ae8d4fb4e57e9ff8fbec894a99f923a46ebb835fc5e81fb1e17e66bf9202501fd9b159ddb5784d07d13c35c95750197dd028a02c2ba30f5d83d5aaf5791cedff
-
Filesize
300B
MD59569e205d5815a3d9e14dee93b7717c3
SHA1020bd6a07ef64a304b07e3adfda4c4d5397534cd
SHA25679b7618620e50a91c4f46f4560ad054823f115a03da55d5651cece8843896582
SHA512be5eb17e769203e6a064326f227d21ffc1e8aa3f2684bd9786faa4d0eac944e4343608b1aea25fda15fff88d9c41487907037fef75dc4d1615a27c7041fc0f9c
-
Filesize
95B
MD5faf520f81937ff97787ab8d9803a3060
SHA16c466f495e1cc4ddb712aa8769ed11f31fb2e964
SHA25685878e4dee9d68245239df9e31d16f9c72a4902be904ec663f6a98f7991706d6
SHA5128bec4020cb5b22d5e47647353c8a0881044bbfdf3980ddb563a2a1785d768123263cdd964a145519fff74de1c483a1934aed739ae2d25e537a36403a6c82ff0b
-
Filesize
72B
MD581fca5624d9e5a5e7921ead58e98e432
SHA1ecd7d7ef75479fc5f5d8fb0c6e1601243bf1e9d7
SHA25647578ddd3e8c8614c53297eb385b1241d35853df442a37d1c25f3444aea87ea5
SHA5122ff5b6890573493ef5990d18391a66185a84b26bdbb37e35462b88d37bfe3a42a754644041c7589bf30f87997794765845e78d218c7ca196be478bcdab1c618c
-
Filesize
108B
MD51cfb88ec9bc9d979ca51da9a61333479
SHA14e01a414d806e562f9b36d2d202ca60e2af8af21
SHA25681cb586453dde3124af187146773e97cf877583dd71035a5963d9a2c6fe75f69
SHA512d606436e162d30b526549d531978c90e162dbb5404965ed1fe4356007b71e7b1eb228bf4657638a0ea0dfbc43bd55043074642b0480a480a74aa698f8a1fa289
-
Filesize
2KB
MD53a06efb4083e0857a9c93ac629d3f81c
SHA1ea316434302575de8465a07f9ebd45f1f03db137
SHA256f4d7dc1a30cbb20bd36a75eecd09090c34b66b7f76438216c2f235f0f7d2a871
SHA512102129017b71aa1fa97da478540ed924c3910ad0cc6ddf1da08fe71d52845f4376079c36dc6236d08fe150331726a119fcf82d6976410886fc26ceb04ca7a837
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD5e0318f2928fe023cde0458f2853f471a
SHA1903fdb5035c86b1dfb6605e43d1b2c680a77b965
SHA256843cf95cedd62090eb3a068787d1123d43cb7f7c6e585c6e097548fd09545156
SHA5120d826c4c1746a3834f479ddbeeffb044475502365213ffb219ac08688bec89282586df27e801f23dad9970ed7e58cfd4c766ab70467c1312058de8ee344bf442
-
Filesize
23KB
MD58005cc74a05b827cc35c9dcbfc22058c
SHA13420b30ff7fd8f54b7d711e8f80b486cddbc4103
SHA25624a5ae33b987c582a5eb479c065a232bf6450b77ca76011e4627e6d75d4f6e1e
SHA5129b0f998e72e5caba0363c5a650daf0111b2ecd3e3204cd2dd42b1eb731991cac565aa3bbf1cfe6fc6e82bf31a2cdc31a2e95de8c4d70b38ba105671519149086
-
Filesize
40B
MD5f85dfd81e5d4d2dfae6763d26eb03c56
SHA1a575d81414703841383ec489c6109f826b0d640a
SHA25644d95533f370669c7d4d402f79bdb48ee4b19d3998c71afbaccada9958c33420
SHA5127b8116b1ee2af157814b3930e0944e73d5d8b4fcf85c760bf071a4d34e5f8bcb40797923cc3bfb5ffbff12dde193fbcedb81a4a3d555e527b54c1ef2daa79688
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\22cbbf29-89de-4855-9ea2-52aa8cfe456a.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\4846270c-d98d-457f-8814-ac0fdd9ceb35.tmp
Filesize168KB
MD58ffa5fca99440903fd2e3e96c4dfcf4e
SHA13fb616139a2fe070340032489c5f809c739ff295
SHA2562c9d821ed66c82eefbe486efd4e9b6d52651a6ec2980761add8f22e2c3051065
SHA5120dc51168ced3123731eaa990e19f12d21f7e37b3e234132969b429008d903e880c74c7754d7705a669315aade1bb9a971dd8d35851b7032d1a4ca4764c79f482
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\4cb8e9e6-878f-469c-b533-8a0d388ba23a.tmp
Filesize6KB
MD5a440cade49c1d34008403c22d9b3aa86
SHA16dc50a9c1860852d5216e47175ba993da0a7713f
SHA2563b52b3c7090b321308c64550a77b990821cbac3cb023dec62b13dc85813c574c
SHA5120924a18f34871256a3fb053b62661b4de69846867ae2ca61311d658d11c4196ad3d1ca1281eb11ccf0612e6f17204eca79552c6456fa08d473fa887c9fc855f3
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize3KB
MD5e9acf1086aab0e6442b0be2928498e97
SHA18101e518afc750b9b4f3b17cde61c4f417a91acf
SHA256cdf579d97bc9a3e9319bfe162f2d314c4050b8aedf181be9eb0ebf31b71b4bf8
SHA51212d1b30e5d01e3b73e1d0993a14a45555676f0e0f9c57f9d17f493fd28c0f2daa0ca423e0a97dd26f79f3d643af651c4cd13c23309fa1f107e98c739d6000f1d
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD51ef1d46a0550451fe7a05b5c24642996
SHA14fd77ca1a5aadd7a9253d43213947bc8d21a7788
SHA256e6b898fb242b242001b755b1416f9a6fa87cd9a79010256e8dc830d9868332cf
SHA512498d0897d53d63e3a81f57cc746bea2b94969de63ff15055757ca4b8c4a8d8d8dbfa691246d7be33e55e96fb558a3ee03b5835e220fccfc1283a8fc7e76266b4
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5aac738e1da32c0139be4291564d5075c
SHA177dfd89310375795e915270ce33259d7413bc85e
SHA256c51894de9e61e38528d508284414b6b0d4e813e56fdcf8f437e728180247a8d4
SHA5126124be088e273e4cd18a1ab78b625e3063dea06638139fcc5ae59f255264a6cb003e7bd11b6bce99875515a91abb854e51b51875bd851f7168f68f7c6c572840
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\Network Persistent State
Filesize2KB
MD5daa31f6ccc6541b40d2599badb21f390
SHA16ced71a966782b83d802aa19749ec1578cf9a8c7
SHA2565f285c8e6ff00ac2b62324b40270aeb05d467e5b70f66496afe5d9a4c8c3b8a5
SHA512eff40e6661837115b7caf2231638b388eef011ed7854db50d4df3fc7b9ffaabf270f8e5880a5f50899f6f98c67ae0d58789daae81adbf3d35b10c6ceafaee844
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\Network Persistent State
Filesize562B
MD5d2ae32509932a9a0bb547e8dc8f26c06
SHA18ab576e6187b5b6dfbe0c1a8fae48a42b4c8fb41
SHA2564319be869edd9a42c3e5f6dd68eac66f2719745ce9cf72594b9ce9799206f3d1
SHA512a29183793e89aa9a6c8995ab722e60590e8597cb4c74baf2cb9276410f5f1d430245be2f7938367eaeabfd53ed958dcd35350670154d4161093fddef22fffcab
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\Network Persistent State
Filesize4KB
MD5b03c454e2d989a51998db7f81a6da089
SHA15629a919d5ddd63d95a42c29d905c1fa01197275
SHA2566f9e8a6a6ae849c84c65b78da53b8dc9b8db95cdaf5725f72f3252299466d837
SHA51261c4c122c4b5e63d5ba3c6dfb14f9f34fc2f6d1699dca2ca41db44dd3324b876de89f9a73cd8f8b306991d73f8f0218e9283e269e4a92dd15ffa55f1a7137538
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\Network Persistent State
Filesize10KB
MD5153c5034e9bf9720e33b88fd1182835b
SHA153291822f1d555349125020cd17a1dbc716c3595
SHA25688e320a07ace7ea20fccc2adf6f91ec96956ffb25f0f681a795fe2f4481a1f05
SHA51238ef3cb6b16a07b948b26661df6bb087c8ba1558988f64ce3b66af143c1ed90c72ed574fad8c506c0f9638e64d731c6c541e97c69a680725c3d3d9dc6c547f0d
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\Network Persistent State
Filesize10KB
MD51002944570bb89decce22530c457a9f5
SHA1c99cbfe01343e221ba4373f2a9c211cf5aa1c3f3
SHA256fd58462acdade64de2b6d87a28a11bba3ed91cf4ab26198df41c2dd085e47c4b
SHA512ac750dc498ac6ee1384fcebd74773499e65d9d1efa325bd8e9151fc1185fbd7dd6121519342e2ba87ce36bd6afa5e4390595f82e4115f49dec3aca463e108737
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD534644a3a9b1010faa17932131b9986ea
SHA1ff10128dfbc2689c05ebb376425a30d933cff07a
SHA2564bda1b698f6ceb78efcf4aa4466f39eb701f1fd072f93dcc2ba9db5aa4b450e8
SHA512ecaed8de3ea5d5762e770e586ef2a3dfea4532c591fa1af1e7a9fe2614e9615a1f20619e96c85922952721e2949d91c2bd126bb48cbee727dd36f9483d2ec57d
-
Filesize
4KB
MD56ad574223b9e6b86d544a33f5d269d02
SHA1ef11c93ca4f6a7e13c7a5b5c6fa15361be8f0e3e
SHA256c2f5756910e71cd85309e2e31a483ebc0168b4e51cfed3f4d8f45a0ff349df80
SHA51280d1070210ebe6235b31f9eaf71d3b15153b3a47ce42b0631d0d04d26a5da36c7d6435f3b84163dbb60480ba0efafca327088962d2697285d1bc5aa3e7170635
-
Filesize
186B
MD542aa5aaf86e5bcb03a11ebb7d9eb54c5
SHA17b72f8d2d19c59c61cdf281f2fe29a20f83f2966
SHA25692a615983875f87f4bdc6682b5fbca254f8abd2a8a7fb6895ea5a96756f430ef
SHA5127121bf213200614bd6383f7d74619ef8a608b49434074572ebc4c1d966b1961a8478206559e79340e2fd6f63e2cb09ea9856042f9818bbdbecb25cf005d6fce8
-
Filesize
857B
MD56b8c8e5f68365c705b28fb4c8d73863c
SHA16db36a8dd96e760ae8dc6b83857d49ce7068e7b8
SHA2568d43e3b20f8fb259f78dd2d55b3831090cd17df07cd05be616fb6f99070fd7b5
SHA512daf2b9dca80135eab3a142c34dc2e6ae0e99f90c43f9406ae343680ad926b96c730b4b4288a05431c2243f7a5d829b680db23bf6a503ad89950a40c876131f4f
-
Filesize
4KB
MD5c33a60268de9e28d52e6efd2266911d0
SHA164e1400d3ef4df5097aabdd722a8ed0abcc7b3dc
SHA256abec814c60c5c304f4d15b02ee4b3bcc1381ba281bbac860cea88afcabf1519e
SHA5123c748402c1db0989768eadd89127cd2e7c58c549f8f1604d3c7221bf7591dd4096c297564ebafe8a96e0617de69d8969606c222f01fd810800de43249549a4eb
-
Filesize
188B
MD50edd2931972fc0f86168558afa069619
SHA1514e09c9b8bd7aa76a7b6e3d68a2b93688378b8e
SHA2563290f2ab946a64a8f785e2d69bb0cdf44d5ee23d9bb48433c612c73ab37f2c1a
SHA5124c1b54259e86301765bf5ce170539384e94d06ab3f85d664895ac9c544afa032686bfbab3a73db3240b004598392a587a0033c1cd6134db7c9d8ea0de14e5925
-
Filesize
4KB
MD50b19052d3f6b314b50fdc49e38479636
SHA1309a7b5843bb6aff94d7a48f735e81b3e1bbb67d
SHA256eef6b86c6b6f747ee0ef06a8c1331b2655c9baa72ae7b517c1f3a915c63e493c
SHA512b5e92c92aa02bfb9db11ff9f880d5332a0917249d7956633310c96bfa2950474ec5b5287ade8708d08e4f685eec834f4eb0688ec7ad5b3ddc47be1b5ed8299b1
-
Filesize
4KB
MD52d06330238638c4bd88718bea8d68224
SHA100a81ac020e0681dc9c18acef067cffdc371aa00
SHA256a663b233439907740c2e7b6209a1854e51b203acd7c3684317e50f13b3c6c547
SHA5121215fea6a34a0ca516df7d74fc6a26f24b7b698f158cfed85d06d42c3f78a3e9d97cfc3329c0c23ab4e0d11e3f1657b24fc6cd2586a607dfd83a9e91a7f0194a
-
Filesize
857B
MD5bc9b1c33ac57c4d285c718683f37eb00
SHA14f9ab126746044dbae93230dd2e174e096268514
SHA2563f7759be461c11ae75e4e1d2a56e26d52dadb5eca9933131f4379b553eb98d4e
SHA5122131cc34c0c8602fcff7f977260df6f527e4cd0d644af0a8964293d33aa88cc568dac923202934261ee9fea949efc968801d72669d2aed51d9553960af47da6a
-
Filesize
4KB
MD5f44d8328faea6deb150c5e9a39f3dc30
SHA1f87c03ddbbe5a32e2502af2170f18e02a8b50149
SHA256c6d36c043e829803aa4db9f4857af21dab5a1f47a77cd1e781d362c0fa5c220d
SHA51268ea433a4bee04a30f2ceb54f62e4c37166fcb950886049c10d55776e2a635ce0326a71fcd549154d9b51f20dfcde7d9eea509695a43ecf3c9c366b5e3cebe4b
-
Filesize
188B
MD51db84f975b4c202dc700fe14e9b935d3
SHA1835a991f3b7665962cd0696950891a793766d45d
SHA25694aac4824a0d5313448dd7ca8cebe925c942f9d601a1584e0dd33939f128a738
SHA512f6d1476781870aa552d4b42c64678039ca0b0e989dd652c4d78e5bb0a1213a80aa8bd8ed0df596a55f2860345222ed65946ad2580c1d976457f6261d2fe55c12
-
Filesize
857B
MD5afc900396e9b5ac876ec3f7697230c31
SHA1f8d3c848eb2852589701e6c4de0df28b6a3ce3b5
SHA256088ddd00c83ece59cd6499933a71fd34db5891226d8350ee9d457fa52cb3187c
SHA5125035602f604a492ad84fd81277cc41d0ad5ef773c087e695dac93f06269c6257adaa36ed8a28fe02e216f5b3bc77ce1bfb7ed5a97273c4ae9f599fb29c13e655
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Network\TransportSecurity~RFe5b4bda.TMP
Filesize186B
MD594d8a522ae62acf46beb1d00a16d3e36
SHA15937975d37eb6a5f3d01747ca98b8bbd3e4fe58e
SHA2560af1ab227e86b147fa37cc5260d5fb9c56c433a0825e9322640263ea8db70eab
SHA512ee47cd84d8b6d1406f659fcde7ccb161b962ce42ba9e13916fc7abf1e0d645d4a0b70ec8abeebd7f07f708c879cbb3382bc590e8792eff5ec2f99d4473c0e6d7
-
Filesize
8KB
MD5841a3eefb5c5132cb0e615bb90cf444b
SHA167c5bf644b855a918070feeb53b0e31b4c61ff28
SHA2563a3623abe03f0053bfb045d5a937f8ac486a60acdf5684769a19a8473ea76c91
SHA512f330c9d9c771b0cfffe69811992d1aa723a3dc8133c996954021726dca7b6804971f444fd39f1c2c63dd0349166fff9d625ca27935d253fd913d9477b56a8495
-
Filesize
9KB
MD527e3164c4eae3e75675e09110b9d13e1
SHA1653c3effbdb16010efefa882d87d77ecb7d7b28a
SHA256631f56be4a2ea25d83c440107687c2a8832f1bbbb13caed30b5fe4ad02f15076
SHA51241c2d4a6afa09de80926c4ae378fe80ffad0277280397913184b3a1be23b9db842e5a01076a13b5ca4dc96ec268a42ce4e3bd825fe480111adcc1df837a632e8
-
Filesize
8KB
MD58940369ac5820f1b447077422932c8ff
SHA1f8379b1a9f89c96ea216a0fb67e941e3fa6a40eb
SHA256959c40f23f67a912927062c78ffe1b57ca05f6d2606b5beb7e77b6e7cb71d2bd
SHA51273419819595102cc91056d279796af4aea4c22f78deeb77d113fd4eb989de591f61f6cb1c10378ddbe26bc75c3ccc807a7666b09a7ef090f4c900851a665bc2c
-
Filesize
8KB
MD5180242e2420ed5a3ec5cf9bb0acea999
SHA12843e1ce3bb7f523f3ef9a921850b8e822f2bb56
SHA25674ac684f579d6cb6ee81e1fda2c58b7d2efe3e37d070488ecb95231dfd88200d
SHA512446bbf1bdcec4b204c54064de210778080af88e5aca36b9b0d2c5d44b23a23a2d45da8f89e1beffdefa333d186a8cf9ce68de44403b62621d13f001b41c5c595
-
Filesize
10KB
MD5756dc6cd91c0d5c03398d923b45df1ad
SHA137df6e09f55f9f8290e3fe011538d83e3d2de924
SHA25606cbb2b3f11376d3796ed3d9a552e17f1fa3644ce24c785d7141eac36d48df00
SHA512fea513f3689dd83540d3513ad0c20d0f6fb43053368c5fe5af2f0da3ab38ba53483748429db2cb8b9be65a1cc50603a72f88b331c2a3d83eab860e1c56177923
-
Filesize
5KB
MD5651989c3f845f9011bec68cda3fae9bc
SHA19ff1f27dd45a43357e0cd54ea6099a96656fd7fc
SHA25691a815bdeb8493105fa64728055f6bff80adb8956cb7558a4c67bfe9dcdc13d1
SHA512bd0245581efec2b237b626915cd9bc3e4b2207ba5d827ea26aa63200339a244623226e5a9b3693aaba4880bc95dc9854bfb84fe664c7a8b22d2ed69d371a1bf0
-
Filesize
10KB
MD5e2c2cc1bd18a49722ea5b6e0249d0ad3
SHA1841a5ed256d804c729b3ebb16fe75b554ed1694b
SHA256e413e2efce830c1fcbab26f131d30f95f2fa0dffd4c78657d8057ddea0c05444
SHA512fbaab9e44bf0f6b519e823a95d7b31bae7eefc6ed885e159d15fb362e529ea46461d1285dd5289ca48b5a08fca4bf6d43ccdc5da7b8c9dda72a369e688b5ab3a
-
Filesize
8KB
MD59d995a83fe9ce4a9ea0216fb60f2c511
SHA1dfff795008ec995f90e8868fb7ec548a32ff17a2
SHA256f9dcc2c463039f2d367163d776af40500b6b3edaad2af85e91de05defe0804b7
SHA5126cea582926297cbc22fc2918e8588703bdd3312cb693309674166c6ebf998bd09ad43193a1f09b031dae696410c585b428c0a255710249718280fc751d8a750b
-
Filesize
7KB
MD5d22831783c8b93211ae94bc0d4d0b89d
SHA11342e9a1e5c550c7a0e87c5508dbee3883199789
SHA2565046fa0bbb8eb8a06be4bbc8f9c63a18a13a90a459639f00c031bf3189f5c731
SHA512b7c1e67ce4903aa4013b1a80d911b26dcdcd359e4ba7158e710765cff642d14c57eb794d29949d37c818ead6bcb8f6312d8318755d4f2c20ab684aa5bec13f06
-
Filesize
8KB
MD5d30fe4a367494833901edb6273b73600
SHA1d15c642cc88d389130a95dcb1f4a41be1fa16064
SHA2569cc4a4a1fac80eaca70ebe8dd681405fcfa900517dc76b2bd6d5f5e7b695e5b0
SHA512a0a55c5d0fbda785c26eea539aec4fdcd533efba7d2cd1cf4cd5c1d7b08c1b1ef853b03bba063f6a61cf05b61587ca38ace01365dc7efdd0012e400a1fc3bccd
-
Filesize
4KB
MD5a0e8b0ef9afdcbad73809989b77e5145
SHA1f7d425d79c00ffc682463aa2a1e5c3a9ea776512
SHA256f6065a36c2727e0d1de9bcbf08d795269dfcb514a435cf48be5af438cacb872d
SHA512704a1c0862493df180bf77102fc2520dfdc057ff16ce2013edbaba6e1d82c206173d6f85b377d55e9d4db51b6f14b5bd6460ea30bdc83ff519bfbce02dfc32eb
-
Filesize
11KB
MD5f65087a2d78d2d7ffa1278eba6535fa2
SHA17969867f93272472d423f7b2710e087faade7b4e
SHA25618a3220f6d61a9add72d5c5b4cdfba462bbc624c2a81a817ac1bb8e612fb6396
SHA5124133e13e8ecd32afd9510983bf94b9a2bbfb4f0063a3d649f4d7ccf92b0cf71c31c59b74b7b897f382e22792bac9332d1c402a4f29a4e2e163be48febd992f31
-
C:\Users\Admin\AppData\Local\AVAST Software\Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
12KB
MD5cc90e464e04f7f586708a13e415ecfc3
SHA1441ee39b4ee3a06517e614dc8f16fae38796101f
SHA256d7fecd1c2e3e1d42a61ad785cedf58e841473e3b557720b4c0cc44737079ee05
SHA512655666cf24ad50275990e09cfc261c0b8dc145bf47e5e57b5abb70ed58aa10775c62710bdf49096eedc25e8e342ffc8b47632427f276c15cbe09aa1938c2508e
-
Filesize
3KB
MD577e0e614bb9d000c72442223035392c8
SHA100285ef5e4cee2401962147824041fcb9d4a25fb
SHA256496f7f7e1a85288901e0ce4de2cea53f8100224b102523e51e4ca2b01d997cf9
SHA5127a6a6287f06aabe633fb0b5f0331af8921bc0342f6914bb16a81e579031f7b418ca7dedc375e3c893b8307c25f8bf5bd5774bf3bef8a0ef4fe1e884f71c4ebe4
-
Filesize
6KB
MD54ffd8c23c203d3d64083f69852870302
SHA18470eca56895341f0e6c8495affcd47a2957aebf
SHA2565aefe64c77c2c2853dfeb9c4a820a92e32425226c86a29b6e4c65b946aacdc21
SHA512b46b550664c6b80be324307eba533ca9a0e5573115e633fa4698fe82f4bf9a5f54c6c575811f41e2c8a0f69c5b8a45c27f5b3ae71d6de23d23fb3664a60517dc
-
Filesize
17KB
MD55843b994eedccd82adf74debb7ca0eca
SHA122f11ee834686a331f5eb1571be8abaa542f40b7
SHA256afc4ac13ea1d6845b70024f9f7e182a1723182296060a97ab6652073ff58b3a8
SHA512f6c920035d59d4ea85e335a2f707bc8c9343f0f061b70c69b295720deb955cff309e918189a3e82effcccd2ab3f90f0c6c25badfd171c3697952626cdc38ce1f
-
Filesize
7KB
MD5fb61272ea5a5291f0ed8d47a1b38728b
SHA175657eabd8c7ed324a68ecacb2f6c722da8b2176
SHA256368201edffe55673bede54ef0b0381775a1f752f2778b91aa26c11fda30d56a3
SHA51292f88d567893a0ade872df80728a40f5ec73a788b159b5e4fd82d3361889eff20d2f79afb810ffc7fd3da470bee0e0ec2c34f0ff05ffa3ceeba7d4c54da60509
-
Filesize
3KB
MD535c924b5d1a30fff0edb8982d06ef742
SHA131d00c7b43fdb4acb9299c684608ad16cfb30abd
SHA256304850284f8052b350348090b3fa43e6d50d6f4dccd65c2180d6a8ca502bf63a
SHA51255224516e63e58e901f598818b68393cfd9395e3205561a53fd26e0f54d53106e8b1e910513f688d692daf9c4c14d84675e6e53e549c1a5e6268a30ef2c8670a
-
Filesize
6KB
MD565e76b3d3a5d83a523fba7bf0deaa02d
SHA1f169f6e1b5e2d6e70c421be05facdf521cbcdd71
SHA25637147484c8bd1c1e555ce629c4eb23e2ece153953077e5f06a6b4f09ee13fbd7
SHA51293da8a8577b30642deda6309867d5b86be3e7afb03ceb4304e56a8c67f9a9bebba07c8d2bafcb08f0284db69b26879970d52b7b73ca984b853df83e79b95f6e1
-
Filesize
7KB
MD58663c7e6eef9927999eed2045027cdd5
SHA1347facf3a9f436406c132bd5e327ac2e6b415ea7
SHA2567967be8b6148dcc297c9d83e9d9f087fcf9d7ef56e2268dca1883fca5f602208
SHA5121a1ea92572aff14258be1f99361acaa0b9a6e5866e36a54d2c8a7d214786b274be0e467c69116fd73fa2adbf7e18fb9d7da813d8a840ec4f7fa09b930f9fcdd7
-
Filesize
1KB
MD560a0dcccce9f661c56967157177d9aa4
SHA1f4140318886a92fba98758f5f65bb958985e22a2
SHA2562d5d2e582b74d45281d5b088f66b83866a980db3b4ac2370c3b306d626002116
SHA5120ec92d532072c4c5ed255d01f6acfe3b952ccaaa0e063b6c82800d2cef437cc79cd0a4ab46943162f3356b14fbce09247a46dcf0d26ed2bac5922534e54f39e1
-
Filesize
92KB
MD589d63fca7392bbf18cadfef248315cb8
SHA1a3d3a6c40426464e42dcf4b7893aad0816c47b5f
SHA256474f80570e37405eaa630a6fb7e3c007af7cc7a7ff62903b961ca734c8638ed9
SHA512392750c48ae33fdcd27c7231f2aca9438ef8da72d1e1d3c03f55c9805a704571c6aab88e451baffef8977664ce546dc64beef634ca7acb2cf6092bbadabaadd2
-
Filesize
97KB
MD50609ec7b3f34019961d83757ba91edfc
SHA14dec6d0b5b8db578c1c17d998b162b61f64ac7a6
SHA2562d323c3cb2dc0839b4d7ddf473dec2de2ed6499aa071629b0b5a90873e746465
SHA51264557b14204682ce40c1b4ac69cf14bce4b085cdd0e75d7d1160477e5902410ac7c735daae7cb54ff27932aaf8749d9c606ea49c02994ccd60bab502d1905a32
-
Filesize
95KB
MD58c8e69c4372301b32f7d54310c73d09a
SHA1c27b7c7a6fa712fd9a95f9882ee267571741cfa8
SHA256f4fd390244d3fc893d4bbea4086aaec2a2151e42d58a5de7343e0351f512f123
SHA5127afbdc546517c8b934e5de004f4859132f167fab7919d5f011cb835819cf3e80aff019ad53003fa941f30da948cf43dd391996f3dfd230888d509070cd586786
-
Filesize
77KB
MD53673ef9e87375acf3ec4e2b114c1114d
SHA1bd84600cb68d8e4072c4d21ad885154c10209db6
SHA256644af70874c37cd7f54dd87e4192e2b281d68ee93a8e1cc4357b6374be5f3b94
SHA512f8a8928025541b005f65d9e446226c43e903b55feac5eb885112a23f6d55b5a915bdb9548515c4ca46d7d57aef25a5c455b4c065902d5bbbcd0db1d5a3dd63da
-
Filesize
124KB
MD545fa2fc15aa84f7abcc08e9127694a24
SHA16cff789e8b7089c90912c146ad9d21a345faca68
SHA25609425d8288d57abeca8a5d8a3b934058227961018b242d0d1bcef9db507f8254
SHA512ae4ca77dbede46930fd81d5868213822faa88052a9e8c5a616590d94e90c04458c2d7f0a01ee4586b6f8a0c04cd6d1ee902d6f985f1db1b598292af2890863ca
-
Filesize
40B
MD5f218436dcb1a084af7e7cc6182c22e47
SHA104c5a1d8c18ee2600442ed7ab30add416fecc791
SHA2566b0f01e1774e31f775f29cbbe4175593944b75979da0d7bb5fa599f6570650db
SHA5124b78359e66818aef944376aebc9e0ca5438ffd24e6f97ac4f5af7ee5ed4649f55d6a080aa85b4cc7f7aa6432232c9419f21766b385d3b43fae18e4f12b805801
-
Filesize
318KB
MD55e278b913709b703b341f441555c7433
SHA128df768036c90e4a123437c82b7502efb55deaaa
SHA2561442cf7446cb29cf34b677974d8cb381bee92556db271282dcbbe92c23a53e6e
SHA5120b895605259420e04c1527104e7e06c8b97d889506100937ffd71c01fd932d80e61ae798eb289d79b1ea14a5fca5fbb333560863caa3b57d5e3f4e8e96b1a686
-
Filesize
83KB
MD5bb715aed435e2dad3c1eb5f19519d116
SHA1c3e08e1f8a3dd1dc57aa7cd685060986fcf86c7d
SHA256b3971ee0037b4baaf53c16027eca2262918cd8de4adfab7626db4e6fa905ee9d
SHA51239ab26e0714c9c73b21f3a7cb44c2367850ae89ba50c7ec568bd64e3a72d173434b915331ab491ec42936a632292706ac6aff6939992853f52b655cc2b070e27
-
Filesize
71KB
MD57736dc75f654906278f60fabc5dca253
SHA16ae41935dc90ba77c1dd2c4229f8c36f74a41fe1
SHA25683cc73bad8f2ce35aed0431a8584cfed77733ea834df36cf2bd5489c93ba4a5f
SHA5128a99439ec75ef2a99def7dc9e1193bea0e622651b6d219d6cba3df9a906c1c6da08f8c0e824734f4a9ea68983c6f7b6d27a8cf5df80f484063cd3094822ba625
-
Filesize
39KB
MD58877fbc3201048f22d98ad32e400ca4a
SHA1993343bbecb3479a01a76d4bd3594d5b73a129bd
SHA25622f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af
SHA5123dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9
-
Filesize
62KB
MD5ac05105f494ae2fb995f8a24728fde70
SHA11036bb3a85e4d49b30ae12c084159c367182a2b5
SHA2560afe07795f98f7c3b89eb5a60eb14b477f9db4bff7363c1e934467a56e6a7e57
SHA512681de85078e71ee72cb83a9b2d4234283f507b95522f486a2c0e2c2f7d5961a694fffad61b132843eb53667644326faef198fa06a69ea7ecbfd6c6a40d926461
-
Filesize
46KB
MD5f834a8482f7e5e51dea9f374e49c0dae
SHA1866fa944e0dfba57333f3a0c4329784f3f970745
SHA256a703aa7dc477be6e5dcc3a171b278107252ede4d626f42af09c4ad542392d8f0
SHA512cf9d5b4c72c5bcebe272b17c74882de25886c604566e69657041ba15c827de030ed7f929af179c62c54f1cf7804fd66ec1c9937397882cd52bec738f959ba768
-
Filesize
93KB
MD501d6a385e18bd17098cc1457783e030d
SHA18bb6181e45d32563bf220769fafb1c709a356f1c
SHA256e5e8f9ded39527a4bdb765bc405edbf9e466685d888e0f4758a20d415119583b
SHA512b88fbd99aef499be1fafc96a4ab7188b988548cfad312ed1149d785b2a52941b01250734661005d288d7c5528fb0cd75439882d651237b6c589c4acf5a30f8f3
-
Filesize
741KB
MD5096bebeea7a57080f6b6aabbec38980e
SHA1d3828d8fc1f60567686dc7eec04ca2c868794e9c
SHA256a1c5bc91c30fe8d9d764265f18970d8afd4c007e7f6b82bbe426916dd8cdd139
SHA5121472286263791ac5d46a4b5ba61846800faa9b9ff7362a77aada9ccbebf63b7cdf777d24515e3d6e64d7b004fd765a79cd48a47dd996086109fa5606d9fd059e
-
Filesize
32KB
MD540f2e154fc031a05f1579d88d9cac595
SHA1524c7153b98799777799745f6283d04d5de680ef
SHA25629aaab2ad8ebf779fe4ba913997f08fcd059eba09f15090255baca5f6ed9d79e
SHA5126fd7c199993587e9d41038abc41707c036495656e1b67ab1e985dbb42a0d3233d2f0a3a41d06426071d4da3c807bb19890a4158ef02e2e4d197465165c232c9b
-
Filesize
104KB
MD52d31d7514261968c4e0638ec6c4a2059
SHA114a8c9b20852633b3ad52450c993e64ea1e7aeea
SHA2563626a1db4b1488147899e5bbbe75ea5690768620e3e3b18ab10e5014f95d177e
SHA51251728635606fb07b449904bfbc05fc02ee9107995df5b040f2233a80f98c207bce33810b6b99cb5eb4fecc79f08edabf9aa52f6c398c2b7de081faf09ced0e8e
-
Filesize
37KB
MD5bdd4164a3ebace7afe4518899d843904
SHA16db737f8b780a0395c6b314f24d359c2f95f18e2
SHA256bc7f5862b393bd00ff23dc3fdfc0ec97edb3ad9c25e24861ff388441a38dcb40
SHA51253c8a940e0ee5626b8d0c1b2e3d024716039f330a4ba343c1e67fa4bf192b5873517f3302db4f985a6c65f8002029cbe5661811325b1260062eac19fd8789305
-
Filesize
165KB
MD5983af77d21f414b8fe59053e96ab3e0d
SHA18041cb23bae2ca28a7a5d4680f9b204646dbb471
SHA2565fa29a9fa834b729b17f83ded5637ff40228597205937e1260f037c6dba95102
SHA51231271047ec07d5e3d25de0e749d27e5f30c016b26e8184c3365faa21a17be0aa06db88ac6d148f6cda9ebde98e4db6069a7b6feef93abc6a5013b5e3c4f62b35
-
Filesize
217KB
MD59097588b1725c12c62502eaeffe72afc
SHA12773270020f790bfcf4c8917326e7469788b4431
SHA2561e4df456edeb1aa6b32f3fb7a8d19dfea1a9930c616e7fbb359fb211a238e303
SHA5124eb7a7d1eca8a36e3da546fac0c177b597edf52bfb2261c776c1a63f60763abe50ae4b67915b55270db2c832ced0b8fc364f155f7b3a8d9f58b56bade29997c1
-
Filesize
28KB
MD56501711a8d62b4c5cc4c2949c2297053
SHA18757ec0ae40bf016f0637e14fd2cf4c3675bbf9c
SHA256366c79b71bbc68d7df5f14c3fd25284a7c80cca0fe57e804df68900b75596287
SHA5121e9275b7ded90bd809ef613ebba6683a9d307c7959af0de3d299804b3ff6e31b3591ad4c83d5c889fef5b5c7ee934b891944699a08e01f59e30b4096f770bb03
-
Filesize
59KB
MD5898d04436f40cfe9344440679e620721
SHA176e8fc74cd8d5a7f759401bd8fd316fdbed22a06
SHA256284f31c82eea7d32f861542478d9d13b94ad0216116667ad4019621bb15930ad
SHA512f94800ea96de477f763b088d97733a10c60a21dbf37966ac5c4c5716ad069ffb7a5e5dd66288efbecb298217defc602825c22cfa1546f2a995de72c7b5b2882e
-
Filesize
122KB
MD597c99d9c9c097f345d0ab4396a3dad44
SHA15048a9a7959e77b1569c232ad6135fa5e012e7ae
SHA256ea56182a4d4b013043c12bee15e9431b634444dedad29478dea5650b323163d2
SHA5122a31e410018f4b66992a15dc694d51e0f853a02390ade895d3a70c8e8b43fd0122b35d7ffbdcb7bd9b840b39f3644fc4da0923b2a0caf3aa40e5fa075aca02f8
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
55KB
MD5ca229a996fac715d1762a0fe03e5a980
SHA1a208d974470cca652bc7ff816a3cd9b074d6df4a
SHA256251e8bf329c56d859d4b55f26e5144ea398fade33038f1057da9970e99e377d6
SHA512688e2471145a0cd5ad5e378576c2de67e345994498843425db339638761ef55c80e9e4b168a965c9a01ac217669181b27b3e4f14d62a35eed4513d445faae908
-
Filesize
47KB
MD5ebd4d3c821a03882ec4c89b186149a53
SHA1ccb7ebb2a8f0ce5e708906805d81514e224ebd53
SHA256ae031fef27b01d24a2961ef2f9ce011cbfbaae474801590fa73994f374e52939
SHA512b0cbb918f3b656ebf4b108dcc488cf8fc5c39226795db8e8721864ae6d7bde3d793c48cbea336f3f6e8834c8997977c63c4f428b541145817984bbeaeb0d4541
-
Filesize
30KB
MD5e02cdbaa4581483f4637fc769a1da45d
SHA1af0c16ad140cb8205f957a710fadbc7d5215cb05
SHA256fff2accbdb285188e21cd86434f90d226c8aaedc09539f21c36da182b67aa222
SHA5121d74b64a78981dde591dd9ce454d8a707784d561d9752c5e861e8dd7beb86752278efa0a35f09ae80e8fc2a0fcae4de672899615af71b26cf9377cc8c30e0e25
-
Filesize
195KB
MD5b736b32c97c6838c97f1384b8f8fd6ad
SHA17cd56551c9bb674691c5a9bad0af16da91d994b3
SHA2562cfb224cdba8ae6436f408a98e4c804f46fc64602222a4bb21d629b435d1d1e1
SHA5125ac103c9e4067a1d01d81fb8013db3434b0910f28a09d80af7eb7b087fec7fbb8ddc202dfc6c9c339a13d14a3471417fb7834a292b7a956b6cd9eeb4da104880
-
Filesize
1.6MB
MD5f15c081957a9776dffa6139b895346a6
SHA1871ec6f1968c12484d39a840f452efa71b0b2377
SHA25631d06fe170f88384abcbc74d24bba8d9e023f7e928b4eb68451c2106475752c4
SHA51244729501ce949334b5f9ebb6781ec01be4cb5039ba5c0354c804440ba46ff537074c694559a19fbf0422e3027eeee8992063ca467ed93a2d09787c51dd17b07d
-
Filesize
284B
MD57a424ac570583bb9233abd99d00d7e2f
SHA18fe1c202865a7b940922e51864d927dcd2c11682
SHA256459c4b562c0ea62ccca2d7e25894a748ca093381c1cf751b58d5c5a7d4d53a56
SHA51261d40c16ede56980cdfc9f3e48639d3a0cc439ebb047a75386ac3e8192eb9a0544ba1cc6d23bacad6e72d4ad4460036e95cb0c58d52c6bf5e07a591da13ab024
-
Filesize
1.3MB
MD5f9231006cb9a83557300ffa9f4b2f81b
SHA191874f31663baeeeed6076127055f5971cc582a2
SHA2560222c24ccda92deb9d59af12d1bfe56cb04c053ba74672fc06a3e24ce0c35b71
SHA512f930ab051d5d585d802517205254a437dc3272e0e262910653abc57fac024566ff4d811f4be7a3de014449c053a2689fd1a502593168053e71ea1c516069b846
-
Filesize
5KB
MD5e55987e281d70aa4b642adcedc3f7f21
SHA18f4626045d2bbea925f20b534632dc142015786d
SHA256ce2099a529abe7979c28ed3baac57eb7e71f19055714f3c56963898b9249f0fc
SHA512d5bb032381eddefd21cf893a3b3b2d365e34ee2518d2c04bab0bc9bcd8dfbf5c21f9868ad6ca5885f1d3b273cba76a0da640c9ef947cc5d855279a3d4aab80b1
-
Filesize
197KB
MD550ebac7e257c417a262ba93cb740ba92
SHA175125902db57a309f35ef3502da5fe8c4fa5131c
SHA256705ceb0935086a0a1d2b515695ce596bf0b0584dfdcfee10d441bd6e30264a2e
SHA5129169f92a3318aee09d3bf05ca892bbf24b32ff755333a3abd1ada423bd4aa1dfd4181be0f531caceb5bade380efd8f393ed52a93dc9dde5c94b689054924df13
-
Filesize
145KB
MD552da2a72c1e6f54b33ea901c2a8ef971
SHA1d4570e73a617cfdd2fdff55d8c49c07086f7c8d4
SHA256d0ffb5a67f8062f9fc045bb74fa32832bf60b18236a9e21c0c5394d7bff30f65
SHA512b1a81396f6cdd7e41cb04a14839057ae3a5e6764aca4f41f928cf83bb1dab4e45fa969a2a0c70c1d321874c869176d7348df0ac13664492fff6589ffca0d6c72
-
Filesize
2KB
MD5bf334c2ccf0e4b20480896cc481cb51c
SHA17ceea867a2236be50c75f63d2e09c0022381ae68
SHA256a765207ae189441c06e54917f5bba2cb014da5dcf69b610912c3db4b4e3a2997
SHA51215a5e94f4ee406a99769c03cf617b58d276ea6b7d3d738ef1e4e95a2b4f6ba382f6f045cc2ef22deb707efce9296526f63fb256079d9d226a05fba881f788bf6
-
Filesize
149KB
MD54ddca681c650cd7a7b60355eab4a58de
SHA14362f1f680c3f65f7a71b5876cd5ef393a22ea25
SHA256cee65f91d6965767a42b0c770c2961df9a35d5d2609a3c4ed4cc7c759bb203e5
SHA5123d82e7d54e94d17035bbf5d2edaec829e55e305f89335b0c21e02996dfe1e28aa05f9c517a19cd422e2e37b357afc24196e78f6489afd90fff91f3dbda27ce03
-
Filesize
222KB
MD5af5855e56b52be3a1f7b6e82a2c1ac8a
SHA1dacc925ff456c394e6c6f8c8d4b00e17acc99301
SHA256414aa30c74f771770d18cb9e7fc01289e6a07ee8b137f581d6fdbbdb73a30c26
SHA51225204d02eb3f55eb30393c366418ae418bcfba95f1489b7c123c29a5eaf6e66c9680e3d81392d81fcf04834ab47c1300f3a14487779f52c24eb24ddb279b945a
-
Filesize
279B
MD541c42e1d5467dbeaf911b9dea0c7d094
SHA11545bfe4bdedfe992cd55f07814a837694a3a09a
SHA25633d640dac3c73d33943d0dd36637d4c7fb8398f64320cd2f34fbe27745802592
SHA5122451b0be9d362fa507624c0210f444cd9218eba4c4aac49238ff702b860e7aeeb5a1b018789e029883272a2b56085275e580cf9aec2a681165cc2e8e118f12bc
-
Filesize
386B
MD5f08aba8e01a41be478dbcfadd9526d28
SHA1fc09145124e2fc89aefa46c4eca3cfe0835b26e0
SHA256750988651ac15ad17b931d4a25da90a1b5823ece07d49ab3b071cfd7fc67f442
SHA51266493f460b63c002078f5686fd3081bd1d2e70e6c399c55bb219404784604a3d3d0f88bff9b678e445b63489b78d092eb9e6d6c1afc02486f52ae5fd996823ee
-
Filesize
411B
MD580d07e916fcb6cb87cb423c2236d43e2
SHA137eef30450bf8bb497d99d3d52e63586b5f15510
SHA2569a6c7bcf0facc81c2307669d08e2345b1f1cbfd1ce4b33e43666865d9fa87cce
SHA51293bdf6a0d93c4d8b30a66e1b373b2544f467ab4fc6c61a107cdff939cd1b630257720a79a4af8bcf617259ed788e9aa04c1a1dab065e18f3a23f855a85fd0a7c
-
Filesize
291B
MD52d91ca5ba28b01c98f4ac48d2325b654
SHA1d7994129588b6e934fc6b98b9883fe2adc667306
SHA256ac9d0a73bc435b1e5031935b6ee5f84427ab40b34b4157c6a097460df5d835aa
SHA512258667e46be0e56d38a043624fb3a0d329cf5114a0a6479419fef6823c85b7fdce20037a5c595ea2fbb71971f3f3654c62a8de653174caa0ab9bdf28174faf0d
-
Filesize
8KB
MD537d12f0196982b700c64ca4a445281fd
SHA167e751f4c2f6d09cdcbb14d7d55821778cb41add
SHA25669837884319f4d844989a67c19074654dd29bffabb54f64a234e187290b1ff73
SHA51244146d40da9cc9d9e9fd1238427aadd5518524d0f378396bb85e760a63dd756a02843aaa2f9a80eae9af8f7798e3ce2fea45fd4149a6fa632b06f9c46859f956
-
Filesize
9KB
MD5366600b70281766ea86d02fd8985f5a0
SHA1cb33ead243be7620b3206ee1239dc991b176cec7
SHA2561fee448cd399053f5b28e9844bd03a42e53ed7177361843c10ba4ec427add812
SHA5122882c1e9f410c9c5497905d5837fce0a2bb9114dc3dc66d4d1dad47f4181e064e468cc6ed911291450f0b2c21c9f52f31fed55b9ce4034e4f96817169dfd9a11
-
Filesize
7KB
MD5e74c63d67c99dfa54bffa8b2e39cce62
SHA1ce4120d2f4fb76d98ab131d8f3da84dd8d082eef
SHA2561894a3691ad0a99ca7ee149094d527d0d485e805f625f3b49c9505f68260410b
SHA51244fa6b0358b386d517eadef572f516584e6d4f893c37abb6fa5da434d4d712dda2231884616b8b486ccd5b031ece93c28a76edf0b1b6d1e61fa888623fd678bf
-
Filesize
8KB
MD5a5b1eb72c8c75ff4d23fde41d4ff9938
SHA14eddfaf49d20ffa7c79adc29f1e1578dafb09f42
SHA256660635cdbed8de911738509ae3de7ae531b4cfabb1ec35554ec5c88bde1fbed9
SHA5128b07ceb39aadff990717a8d62aae67ae3e295e96de731a59aa86805a4024261388fc2a09c71c21afa76f3ce19cbbec003cd46a2ebfc71f0310eb4700882d1ba4
-
Filesize
7KB
MD5b618d9290afddc1fc324500107b89c57
SHA19560e86cf050a3a963c4c5389df2b08b79d96b14
SHA256f00af03104a7d39572eb9dd8c7919b1ab0d7d1aab052a566e14d8098dd13d2f0
SHA512c20d734be1863db5992e58ec8019e61d2d42de65b97c022b12406a335de6a521fbdb7a65f9f07e914a72a060c84016940b6c48a133f08a314ef7035a1417a67e
-
Filesize
264KB
MD522aebc518d7d5860070dca8433050664
SHA1788cb696554788d261ff6522ded48f2f2599a8d2
SHA2568f4fb7ab06da8e694d564e82e39b63d51497173f6f2f277d05e09d0e68732e75
SHA512ab92756f285ba9cfe85400dd266fb4f466ab0bf4ae0af67123c3dce2d34a7741006ce4ea3553bc4191f7585d143ceaed6d699c4d437460e8b4cf61d5bb712680
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize50KB
MD5103c6d3461917f99f2ea336ac9dce093
SHA1fded9787d2060171df730a0b1c0360893eb36980
SHA256cb007366482f8c3e188afce67555849e30ad8bb47a22d37e187a3638db515206
SHA51226b546505969e92aebeb3091d50963e21f3f5e5160ef43c876d2b933434f177f9969eb4e816db44fe231b505ba799972a29d15d054d68d37b604ec80d5c2cb51
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD50ecc42853475761176e494270cc6bbf3
SHA1e841f105f4cf01dbfb819daed302b42d0b397e6b
SHA256347b4a06b41ae166af93139064327840b6cc6965623e34a53efdd9e4d58334be
SHA512b716cd46ef0cbe067fccddd21ca9467afab9d7e1e98c18cafbe16f3b1ffe5402cd8ebd5d35af96760c17953b8262ffd3215702d7033c30198b8507200fb8afa5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD539e069722d65d74b22c7889f76d05639
SHA1042126789e845583ea360f24c2f36cc99cd17453
SHA2567d7fee7ef2ea0b8539adfc0e41caf3adb262154eb2a6bc093acb546c293153ad
SHA512c1cdce618da851376f19dcadbf4bdf5ee12fdb0689cd1c81f29b4a6db9586621d019f0efbe238d797334d5feb8561cb6e11eb6f596ed45ffb2fb2b65fb5fa44a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD56b90314e9e52363764c51ed5478738a9
SHA1cde8ded3338b291800149e347a5b777c283c8f1c
SHA25607a3a5bce02457cc8a2a8203d6fabffbe735d3d544c0008e1a8d8ce9b00a720a
SHA51245e359c061ee34c17c4624f50f551426a9efaa9a64016da1f511f12b726efe902327bfab5227efbdf9220f87cc89f9c297262bd6e7953009c3a8e9aa312869a4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD50b77e21bdc58793e0d37820086654951
SHA1d568aa8f2367bb1324229e7fe9565e31a4cf1e16
SHA25613629d3ec884453431bef01a5e99196ee2900bbc57bc87f059432d5623bd40e5
SHA51248bf31aa71530860854f1127e9e6077ee87375eb1c71c1f299ecafd9ff6a1925c23475a0531d17f733a2e96a04ff7769db732b3786c38ad004fbf1d2dc137b21
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe580ff9.TMP
Filesize349B
MD536e1ec1727b0fc9af127119f63f472c1
SHA1a43a6c14462eeabbbda54e1492d1633405ca0a66
SHA256d2a72d1f23e545476292a7a90a6876790dd0ad942449ac4bb83b1c1dea46e451
SHA5129ae45a9d3e797cda8019cb1128e337646ef46342a3cfa13562f8d678a9ef3a92f63b88ce23d1c0cbce1dbfd6b56a5049d9b50cf9161ac8c339abd1f52870935c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
29KB
MD5cb26bdecd4f64871c6deb05d1a7c658e
SHA15ec8f21a8ad3bc4010944210ad7fb3af0b4fd345
SHA2568f1d3b6f4d1524a0f5a27c79fa3bc3e867796dd5d9b0d9988d8febe8683fce4c
SHA512d707663309136a2613d9534786de0c14e9df1c8858a1dcc8da9254a6508298530b6bf467691e1e5dd9e3d4d54e8483fff710ee47b561528af9be0851f1bef62a
-
Filesize
21KB
MD546d2379854339f06c7d6d9dc97417fbd
SHA1324815d4cf0434b91cdb0a91bb8c03142614e198
SHA256b0084731f85a9b7cb398f1810bf371cab461089292c6457423ae50363f1a256d
SHA512ee881dab7004171325965fb3b7b0e4582a415d3d00aa30f8c11d09bdedd719aa3091f360c6b7bc4b5a00be9fc5faeb3718af73e228a886c38aeddb72c70e2b60
-
Filesize
29KB
MD55aec68b352bc1da4b984c65080be8e83
SHA1d8505691a6da6121e962bdd1563207c2505bb6e8
SHA256626e22febd20ba263022137b2a746713cd3db679743d8b6a86bc983990dd65d9
SHA512fc49af41058489e0c1222c304a85994cd4877deab20bbfae85fc08b92cebc1610401f507644658e2af055cb94795f196720c924755741378a9d036e5965c8641
-
Filesize
30KB
MD5a7a7ddbda8b81a4ffa32ce97cbd0a920
SHA1ff673bedb9bc210ac87bdff76cbfd09bbf6d3db3
SHA256864b173339845ac1c436552b9577ef97d497855fbb6782104e3418d20a597e9c
SHA512e308bdea1d2a03e021f95efb1e62df9019e67dec3b3052595a64a95a75bbf159bd57ebcdff9b4fe39b99e7d098ebd004bc4bfc45573644fe4ead5b54684d3b9a
-
Filesize
30KB
MD55c8dfb093a82286b7cdb0dd12db071fb
SHA1a48856101f24f82661b90e19eb93a48dc2a6bfc5
SHA256cc6e7221a1f4fe4d48ab1d40e215001b88ac384a958434bed469c92a51de1cd3
SHA512fcdc4fb664ca246eab522a5151eb3a00a1203bf5c2a0ea7c09361b0107a6cd35033103a6fac44b9fad1c1669321aef09bdbb3b69603e81e20ed1084d7a5967e4
-
Filesize
30KB
MD53cbc7e3d5698c8c67da01a2f6da1d249
SHA19ed2b80771e1e3b0d9e97b60e0214781a258647e
SHA2569ec7b7badda36b65de8697e75b08bf852a742b93b82e9a529f6d11bf63f9f6bf
SHA512579ff83a477fd1dd82eacc48522ac66e3fb959b7a91462f6ff184d9d321df97f24d80fb5eb94846f5fbeb6e8d6cfdfe7e51d0b870d95263cce26a2a9b1308291
-
Filesize
10KB
MD5217ba448978b5ce6095c5c5d681a91e0
SHA1648bcb01a91079cb6012a9036a45ffeaa4945394
SHA256df6e1a052901f6eab0cf4bfce438f5f6fcfb5d86b20e2bbb6774e2f9214bbfef
SHA51286bcb2b3b8d402c8423bc99cb34c9cd5b49f0432e2fcbbfb834821924e047ff2a6b9c010d1b3d5d86b7263d1ea2eadf9b24a64255e19fbf96e913d4043c6fa4d
-
Filesize
3KB
MD52d08900f4420f49374a2e448adf971b8
SHA1813c5a044ec6586f4dfb26d6e1e13bcf41bf814c
SHA2566e2aa79a7dbd50505b104ff4d90b997515b29c4106bca4fc98a1485589f60744
SHA512939bf7fb86634d402c9eebf2fc3837ac5efa7777b6ea3be907a7a8993d90829215f37a720b24592611e7c095ff2f560625648f1b5195f574d7e82a28c1dd7db9
-
Filesize
7KB
MD583d73746ec92c8dcdb528924f98d907e
SHA1ce2dfdf3b70363332ae6d26606b4f80e910f0f44
SHA2560dcae28dee2112775ad3528c3a0a18ec90510a6baffcac58b213b54f2d330e87
SHA512e0b9da661fa0965006d1efe9558905ed4cdb2d56e3ce6420fc608dacb49823d32c98b99de08df12e8f42af97c4a154812759f83696f763ac90735b188d54eede
-
Filesize
4KB
MD5314ef729e95b247c7c3841487e9119ff
SHA16e083ffcf8f6b7199e578f8c8104cb87ee57ca48
SHA256ea8b6841b6a4527873d3788503c70dae1e8ebfca4bc491aa16cd1c408b59f264
SHA51201776a43a324835af945d8e0c78b3e4c1dbce4917ffc61123495821801ab429b76d7d2672613499e10ebedccf35b2f85fa417cb420764099c72496a7aa6022f4
-
Filesize
10KB
MD58df97a2ee0c28d93179a0cb1da86a0b1
SHA1d6c85bc74531aab9880017a40078b59e67198bcb
SHA256c17fcd409103f78e95d31430ff21f0018f2fd68c654b0062bfa3931e23265f44
SHA512fd541e2b473726c113bc3819de0a5490e46380623fbba8cc53b7b5aa8ff5c689147909546df3a5e7df1cbdd8f671ffd04ce05a9bf28b6691d72f031a9ea3bf79
-
Filesize
6KB
MD5c2d9c8ac5bc51d8a0b100a217f0b993b
SHA18d408aefc56d011dabce336a690d374aa7d4e42d
SHA25617cf47ed2904056317e5ed68e28e1df93d0b2ed289b31c5b73180b7a72cdf3f9
SHA5125e6f0824f7e8558d26764bf89c0ce8409a1e9457fc8829486ec7ba28c2dcd7b47f77a166ef33403bb6b0cf090416aa22add6e3918e9fdb5b33107dcf803cd9e8
-
Filesize
10KB
MD5c3fe0cfc6cb874fd0174326ef77d78f3
SHA1fc4e5246f9a9aa937d78325f17de263ba33a2bc3
SHA2569bfb6c290cd63e0023d19f24cac487d9db79f269ddd828c8cb343eaecced33e9
SHA51205ea317580ac6cd706760c9be6f9c7c523c040f3ce96c404690b6ae710b8cd810ce3dd7fafda8ac10e4e4eaa7aaec20533c22b3251c4ed611d95979ea7def002
-
Filesize
371B
MD5dbc63d6621e282e943be0cd82754d17f
SHA1b87e650dffb0ed21e349965b6fce89170115eba3
SHA256b1be00d45e203a8c33be891cf09d8b6e3fd7ab2354b6890d19decc24083a84b4
SHA51228f3804d371f138c841cc6f0e8db07c1fbe88eb8bca39587ed3930186d7a08a8cb18b139d875b7c3c480f0e17b03dd4434357d3a251562dcb4f6521b2674d020
-
Filesize
539B
MD59773875be82e6eb153942640859875ed
SHA1e0a612028c58185ad745e1edeb1a1127caa748a9
SHA25625a5ebefb96a4982737e707b14376c7a0171c3c17a39cb3f6f2cb731a44ea27c
SHA512004a53c671c6ad108b38a29816fb48cf8421836a3b81e8ee064ea75bb34884e79a35320b4b61f3f947ff4c21b25d00e05675994fc24239b0b854c47b81e098e6
-
Filesize
10KB
MD500f12f51b73d0f508bfb7899fb52a6d6
SHA1b14cc78ddec101559f5284dfe1a98a0d29cb2ba2
SHA2568d61b19b3dc576de1e5371a43bdaa96f9d06519b58300f3c7fe6efaaf5974fcd
SHA51202ce36a3b7937c61cb54e22b9321d4f877221413f125155f019ca7dfd1ca6364ddeabe7774775897940359803dac90467598d2496ad598277112696d5c3b5642
-
Filesize
9KB
MD5c032f35c22af2f249a0ef465c1d855a6
SHA1386fbe0e11fddc7eba11974def7e160c05dc2932
SHA2565d0ce370be0203489d99b36806b2bf8e82c38752dc817ba2741e9cdb2e0ca41f
SHA512762fab2c5050c910bc8e8ca4b70dba2f5b6d35f12c00b7780aaa80b35ab7d2569fe1877fa4fe5f0b9158e980fa413dc8427d535690bbd49d3e430276131eb6b2
-
Filesize
6KB
MD5d68c7357797ef6969cef19a158d71dbb
SHA193d110febe3fdd58744ce44d0fe44bf92bb44199
SHA25626e0e00607950916c0ec43013a56c31cad92ff522f11ec712ffb96b1db1dfed3
SHA51258d3c821412124dc94df387dc9ca9cfc4c5e86d15446e79799291c7971a26254b84d2b03c8e42340a2176dad61acb045c6020e05a5286f019233b68fd539cba5
-
Filesize
6KB
MD516b6d0585de2d7093e5c245358b4b963
SHA15dce8cff1d3079568c5f1d13212f48bea810a4d8
SHA2563e595ce2230919be4598d1febe817e27ab175de78f858f2847f1cd7818d016fd
SHA512e85d1c9c3e3a52c3ef9d8adc2a539c8de1eccd2173edf62b3efa1480ea91483c8b2a846a5bdfc884cf9ff39e925ad5dac25b0f0fa5bc12aa6ef85c31374c3f59
-
Filesize
7KB
MD5af3da604d868074afc1aeb0d5f05ed8d
SHA1f06d49da1f3da3d8a32cd30e4eca71fbe00bb27e
SHA256a2eb9db9cbbd7485a114f02f187c1a04af7256a112683fe022437cea7bb74886
SHA5129c1c0da30eb708dbff891fb495966501d5071ca0526ec969d259125fc23fb2710fa25303efdb67628123a00713e85d76235e7b184ae0fed44fc4da8a4c4cbd99
-
Filesize
7KB
MD52b57630202b0bce095aec2b83ebe338f
SHA16aba25b9ef69d358eb8c98f070270f9ca5333285
SHA25622f8037c6564f0cbda25349508ed95886a323c9e2170780af23260182c0f60cc
SHA512a3112a6e2bef310658c0b519264825920bad618b29fb976e4076fcaccd4256259a4be85228c892ec4e879e92005a6909f167f6b852405b4d3a142282cdc92051
-
Filesize
8KB
MD58bf4a6a8a80fd37206299603b640c783
SHA1aea4dcbee8af7d35ad63a58b00db6511d6b901cc
SHA256bb8b6fb2d45277af2e502c1bc093980de6060dc5e658c42701efab69d4876263
SHA512fee86aa6a4e90e4afd70de9ac6da981a97385d03772c15e92fd308736f8ae485d356cab0783a3c70b33b840fddbc4bfa5fbba7200e132a8bf4ed73c1ef761ce8
-
Filesize
6KB
MD5e748b525c729598e9f4a59d18a45627c
SHA165897cc4389af4e3d174f51e643347da6628ea57
SHA256037c9385fa92c31d62d976abb0f5b607d3e847848070745a29a1d23db02df1fc
SHA5127c242ccb8c0ce1e0add2270953010b42ccd5264ccf53577d86bb0f5fa54106a6a75857dd1ea9da469dc788528dfd4ded62ab9b5e0639c20616ea6a3171caa95b
-
Filesize
7KB
MD57525e802c26836d2e7420b829b87ec49
SHA10b3aa4a51adda553af8b4902c924922f4b3de502
SHA2561e5b2454d165cbeee0d35b3509815228bc9738c5837a5d0a8a3faff93fe20743
SHA512434ab239e123b1d16ae77cee9b22a0d3b977c15674cfabc29a6d5f326e68e21b32152c39480ffa700f1509fa34835552f60fdedc29714ad267ca4f25fece415e
-
Filesize
8KB
MD539bf3d97aa6d7d546cf90b48ef83f201
SHA1fa675c63938b32a7b111a1cd5fa7448e3714c9fc
SHA256f902303bba6c59e70d2d90f158fec4fb7aa215e7f37b2988900c6ce0b6bb977a
SHA512a5a94abfc92f8e843fae8c7abdf59f85ad852d54f89eb7fabf82affe59afe1460d3b7d13c5fd85a22581b17811faf3d123a75d26fd07e406f12668c2d1666591
-
Filesize
9KB
MD55c7a9b22a74c4da80cae5ba8b9eaefcc
SHA12c972025437bbd4bdf886678dee96dd71bec2989
SHA256e64378d44d807fea12667dd1ef21955c4053f6c63aa0b73b98e3be2b1ac2f86d
SHA512c9f8a96adcb7d086e96d646c773f7f1315a390c71d6565a19eaa270dd11b16c61bf8c6022675c7cdfc9139f68895933e8fe5c63df17e0a59a09b93a1d13201c5
-
Filesize
7KB
MD5f6de32cdb1fcf6f40bbca2f8488c1b94
SHA1865167abf7f032dd721a2245c6dd73342aabc81f
SHA256feb280dc8efaba890ff769453238ca849337e39b22195efee5b1e6622ca81cb2
SHA512d5ceac689cbff390b98613f7ac4cfe9c50e46ea90559b986453b8d0b37b5e18349070d2e5f9394d8060eba9c30a1a2ad287bfa085764597c0b1481841112385b
-
Filesize
8KB
MD5b0a7d211f2f115fe7cc4dd1b54f6b7fe
SHA1b8cb126a071099747f7bc50c933882ead46de9f0
SHA256be48bb7da2737d5e438204f20322d1690f1b8aeee1323399367d44e48680de04
SHA512a370b5c97f47d3dbd28cba9220a8aef08a7414f76a65d99a6e8890defd3078594041ac6d1480bad7b96c52d4fa6b568e1b17a892163340f86d7814daa4eb3809
-
Filesize
9KB
MD5adabcb155273779b1c61b1157f876d9d
SHA1eab67d8b3d7bf19a77354f1c3f1a1e0481fb3a59
SHA25648dfccda4cc9db002c5f4855b9384c985d6a92a9144120ca0627ba8990f80e9d
SHA5126a0924f57818de1d810be949859ed4d94a2eb7ff4f83e12100bd3e4d8cf7904b5a6812369353db522b32f8bb44b780a874a71f6d9af534b0956f934430c1d4d2
-
Filesize
8KB
MD5a4775fca2fbdfed894fc53e851666cc3
SHA1136ea9b79ecda72c5711febd593d310e29f4d9d9
SHA2562ef519e43ecdf159095ba3012182a76d875f76292e79a5809bec4c7f1b562fef
SHA512591505d152a690f04c74ebff1b2276abc08a5315ae63c6acec9f08b4a0f2f4a17fa59349681491dad734282f5d5ca6ede659840caa69bbec205a5952098c61cd
-
Filesize
5KB
MD5aa78df204d8734ac273330f4972d3a87
SHA1a20e4f0241e8af1923d302d240fc7a734664b665
SHA256ee08afe27fdbc3cb717ce01204bbf9d520bd1014642ec3bdfdf3e7c002164a41
SHA5124c4cde6b89991b5b4f124f42c4b6713d2777c20bedb21fedd4b9abccae36523deb7296895fd8088c596092d23143926a2603d9c366d48198b0968c52bf3cebdf
-
Filesize
12KB
MD51f6d7e861fb108592a63404e7d17fa93
SHA1ca4a78dbff2af3a370c2cfe93317122ffd907761
SHA256c35609d01abcfc0a6c97b73a75d5554b40724ae9f7797857dfbd71b404eef3c4
SHA5129d51df0fef6b482bac2b6fc3dda15aa9e68c1f5256cba631004e482378595d2cc76d708b705ee7370d6d95dcbaa5bb8ec96d0a994a65c652cc2e7989c55c0556
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\94167b58-770d-4abd-a648-810d4e9897ac\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD56645fc73765527a65ba9a3c7623ba4a6
SHA1c91e3b8f6663fa45ab39fb42d2e8026ab2ca1c79
SHA256cbf133a35c3f95a14b2b9f515f72be118070103b8649ef9cfeae853ccb997e1e
SHA5128c6f2a23998bc184cd9f9140b09978da907f789fbedf7831b3b1f57fac637c9e449ab065f8dea214664e2a8fd4074751270007d7e02ae7033a5810b06e1c719e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD59f08bea2d02f2d910f32e514585963f1
SHA1794582a9c1bc26bcc1de7beb39b2386f60207391
SHA256d38e74029d529e546fd9d2b5d1b9ee02973103b54064c12f75537b3bbe6b2d8f
SHA51255111e61202595b227724ad8146c9ba435d59ad38b1190cb37e0b50e4c69e97bf148c35aea0086be9f04a48f4a488c5864c0803d9bc72829078e29325c511b7e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD5deebe74ffba7010d43472427a537fcf6
SHA1dc6030c83c12a0b266c62fb617e5f2c00ba5ad3c
SHA2562dc73721423f7d006eda9c8e1de0c982bc495998a45d142eea760d7f2844200f
SHA5128cc73a4ac53072d3c6fcafd68eecfc8f18cad15d8beec444fe76630804b307417728c9763f0032a90469d4ff4502e8c38762b8d2e72fdda7c81b330019bfca91
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD5f88e56c93059b3d2dc6cc091d4266d4b
SHA1db8e40090e97fb2993e9fdc30751c0ba3038efd0
SHA2561ffb77417cef46650d70510f6f6a6fe7fe193313335a6e80c9e56e73d130d65f
SHA5123b77d3ba624895e16fc6606d54721e2408e9c32c49bf37c758bab5af8ccabf5325c15ea72a75f96d2aeeb8eb9b6b832c27d471ea26ad8b1be6d4171d103cbbda
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5802ba.TMP
Filesize120B
MD50a7b5c1f3b750150d78029ab02d7e4d2
SHA1521146763eb13685726d3636f8300371b56c6b64
SHA256274680183b793ba02b43ec68b3db78143b652792d3bf9c67e7a0420f864ce7ef
SHA512ba8c6f2488c27b60604c3bb5d02bae120736cbdd52bd749aa2263d72ed6bd32045ade7405ff1fb60c1c07ea9d1437ede92342a7cfb53aafbb97954edd5ee44b0
-
Filesize
176KB
MD50de3dab1ab72e6f7edcc7e3b908ca7a0
SHA14cd80ff9ff52e68e6b2f53a76784a1965a08492c
SHA256148093b994495e758827d0b7c0adc76da274b5ef39b9f3c8fc7cf41793d099c1
SHA512732fd939fc3b187738321e192ac8bae94bb697a849c445e7bfaec3719d7f441f9810a9400bf5be8e731c8962afb85edffd0a4da42c4fdc3e5cba4f88c7515393
-
Filesize
92KB
MD54ec6c833dd625fe8e83a2d91ce29bf5a
SHA17b4cdabfa89af2f2c8cc5378abf58ed26e114805
SHA25604cf10bd1429f418eb76724aa9db0eb44b028ebe390b624c08abbeba971cab0b
SHA512341f0c19c3b07958b8354aa7e051a6152822531cfd73e5b1877cf0bd9cecd58bb77597e62b72a0bb9f34bb37302e49df587f4fb3a3df4049a96c3e8511fefd70
-
Filesize
176KB
MD5b601bdc1dfa112dd4ff81e1f98236a5a
SHA1675a2b518d9c551f4b578e1b996f45d942207afb
SHA2569f0235f806900e4b2cfa9bac7596de0053b21116d348be313b7afa739b2dba9d
SHA512761c52fd4eaab0d75cc342506ae6c3bb7b10b5f10ae73c781a3091a38c447dd334263b6fca5038c603a6e55518d785ca3fdf5f683aa268505a0d65936d478b76
-
Filesize
176KB
MD553c85fcb870bd1ef27a72e0d4155a331
SHA17f775d15f561675cb33c75cb1976d76f48152c81
SHA256ab6b1bf8367858ffac13202c0336f59a78a3a906911b0e6df5a3708f027a1c87
SHA5127c6d40659cb313017100f654573fa28779758e62d551f8d272cf064cab9e8b55447bc8209b75f76b677b62f14726b966f2ef9423623ee98fa7018632a2f2c14c
-
Filesize
92KB
MD5e4505847c7f285910192f4ecc7e80fda
SHA1cf52cafe992a1fb64eb0a9510f1b242d5648fbe8
SHA25615706034dcbade589e1f754af97af871d4090e0d1a2f618afabc12a37b13ecc1
SHA51252f1f46f5b09cde2df7c0d14d9580cfd537425b25fa411898ac7c173b145db4c3906cdc5e18bfa81bc9ebc3c4b33d59165446defad79d2e102921f7cfc26a26d
-
Filesize
92KB
MD53ac81da672ca3b541df13a9b700ee0b1
SHA1a6165369b99033af184cd97f733b542bf6c6d9c5
SHA2565e5e15c610c560ebc0f51bf82fcedaed164bbd5198dc3b88e1da79e90899b8e6
SHA51216006c991999e5b5a5d2093219581ba7c4c8ed2f2c99174db5e2a726333c8acf6f3cb6e43318ba22b5d1dc69abf53816e9b1633afd82483f5fcf5064a81d0dd1
-
Filesize
176KB
MD5ee6ee62a0a60228e8dd7e34156d68c63
SHA155a5fe374f5c6fc4bfe12963fbf7795aaf440b57
SHA256b7785161aea0cde012353b70445e4971cc50cf136244f3e1f54e377691cca8aa
SHA51293cf7403824961ab76c493e582bf4e05098af42ba1099bfc6f9308b39bf8cf40c9a318d2e38a3a97c7841fcdfe1fdad82758cca29d69e81f2ba616eeb6a3f1f3
-
Filesize
92KB
MD54be61b63195b6019f6b3f10b8cda4315
SHA19230270af60aeeb86ebed98f1a83895bb77bfdee
SHA25687ce40c74ad09ba4dadd37ec8235f431a72e77537a0a913deb9f93f2a11ba53f
SHA512766d279bafe2633491d45a109fc7bc5b4c45df6d15b6c8b83479e9bc80e9993d1ff0320805d50a92e5d39e737d6f403a91d59645f8289ee33a98c82bb2d27cab
-
Filesize
92KB
MD599ee5a565cfbcd14d51be9dd5673d172
SHA124bd6b78c437512e3b9eedf560614c62f8ef1459
SHA25653616fb366ec20e5827f36cc241d4429664f33b19dadf97e04ea83976e19dfa5
SHA51233b71b1e2bcac8ae6b642540b1ececa074391ff2873c5bc107efe9ad2596d35dd1b1d63adaee699102d0168714772e74320fbbd0a8f2607609b9a4b039441a34
-
Filesize
92KB
MD5cde90ab367f90a1dce83e4e5a9fa0f31
SHA1418b2869ee6fc5f183558f452eae93e7819dfbce
SHA256fe960e163b7b5c6b4869e97fc9ea8f83689e615eb747474fc10746bec48dec09
SHA5121602e61256ed78f7c141d82673fb53fb1b53a67a303f34d707a4e8d28727179be867323ee10c570c652bde22bbff8a4dec77f14583de00ae1f4124a2227a7cb2
-
Filesize
92KB
MD503fde741deb4d4b1c2a4abf2c76287d2
SHA1d6d2cd91266079565effc4aeeeca9b8ca35f36de
SHA2560ab06e3544baa7a37883051110dd9db485661c5859db5efd0fcac1bfe7fe7c58
SHA5120ad9ae6b6f412b7a5ec0df8938a64f8a3d06db415f6712813fb6805d95dd5baa347428fbb19a9e42431e26b305385771d78a71376623cfc8d9ee337a31036c13
-
Filesize
92KB
MD5525631968fba26768c4b9d96dd325c0b
SHA18a7466c291e9ad3efda50e0bfeaf9594fd24ff6a
SHA256a80c4890002b6d2080359c5052eba167b7d7171dd5c6eae8e3f3581c344d75d5
SHA512607993c28b18bf0c4b36bcad8d8e81292150252d1ab6f40e432fca8287e48477a62d63142a639f0bcead7898abd069301a0711bd42dc1666a910b76502bbb333
-
Filesize
108KB
MD564f7e6db8ab43aa5841269e0d9351005
SHA1a33098735af68797b2d8ed673e90911260148fc8
SHA256a6c2c22779170d620f14b064190551fa115959440c377e53f81d2572d825cfd6
SHA512b9098bb2bcfa677f85bc1a14a4046d96f9de69bf18434830062f0ad1efe77345f37e3bf85fe1c48f94af8efebd334655c77f36f3cd41f108f1f0ba28dfc42949
-
Filesize
98KB
MD5401470d562871be731001e6f4afba662
SHA12ec0d533e22e3be1a547a181782df5299803087f
SHA2564e69002af8ac45df7cec482ce1f382e8c81e5be80022e03ccbd6ddee7a99c3c3
SHA512569bcce59ac2773b8c950f7ed7e013007eaec2d729e1b443b581f40ff9389cadf6b8e86eeba142ec70e2c47cda3f01760954d62078767d2193b14c5fa4386dfc
-
Filesize
100KB
MD5830f959a9fac1315069d7ecf1abcbb49
SHA139d0a2650eec3df6931b51147fc800cf4f99298f
SHA2567424f49690e065234af556eee6d0fb5d05c60099b41cb60674c5311ed88cb2b8
SHA51263d1fe0043d2250fe3f0c61d1fa83939046c7ed823dc6889f4bed6955549a22d9a37335b66791f07202fe23d4c090aa9fa036d2cb8173f584cefa330366a97a0
-
Filesize
107KB
MD5c9219e419a6b2cfff05c176d6867552d
SHA1f1cb67f1b7c4691976d2bb63974b0bcb670f82f7
SHA2564a3aea1b1ba00434ce9f353a6f7a8e18e0176c3b533e4e049a86bc07ab87456d
SHA51287966adac29206362392fe241c34b938cd45bc08f3adaa375f242553975de6da430367847678c600ae1c2032df64976e186e8a491f04ca28f552feef401592be
-
Filesize
114KB
MD56dff8eec3228bbf15c7524bdc6d00aa2
SHA1bc106b354ca79d0266e7b09b5679cf079ac88e9f
SHA256e401d918af8c6b155c66821f3569b1ebb6f7ecb1d951c777c392458c8f839995
SHA512236ddd31b14b394964d611b6a348dc9beaa10fff9fad1a81341759adb6c12844cbfafdb0a84b11d34f9c5bd709e9b3dac236ea07a7e9ee2a5fb34cd2db0fac3b
-
Filesize
93KB
MD5b8d6da7d073ae1b5219b1f2677d7ac48
SHA1ef44992bb4ffe5ff0d38d8a27aae68d98e15f0c2
SHA2569bb02e279bc39c9e58184df1e6b7a822a4823c9184de867513d73e6220c5b61c
SHA512dde77e002f81f8d3f4012113f442cf4c7066fcbe18a70ee477c1a6bee4b0ba80b84cb90922aea2e733e58dd37bde802d4e398643ea573124e03cf2411376f1e9
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
Filesize
85B
MD5bc6142469cd7dadf107be9ad87ea4753
SHA172a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA51247d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
4KB
MD56a693a8bd0f844ab27090f4a92cf24ec
SHA13e4a56dd8bff065280a2e966a3e5464ebfca7ac7
SHA25630693c9904acb869fbd168fbe815640314a74f1ad6f56b0877f50c550d0e1619
SHA512e296481138fa38ba56bdbc24fe798aed8253be538bdccc21a8e4cced57c1ba0ad007b629be1ea9bd15532c7d290ca68121d695a243407e1c11dfccef4ef5c768
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\1ythyngk.newcfg
Filesize2KB
MD5705a7737d3c3315095271a674901f409
SHA1846f27454a0cfc10fe90fd1708f6ac88fedc8527
SHA2561ace146e5f94014dbf4595a5c1a9773d739b2139105b5d4924545258e8e63d31
SHA512105456057cf16ce03e2a7be7269c663ca68a53469ee26634bb9e19eb7627b7a1d26d90ef0a179f6728ea0061f19819fc712e8d51e898a158cc5e926ef4ab2a2c
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\665vyc3w.newcfg
Filesize1KB
MD57c1e2fa646b4cd024f84780eab71fa96
SHA18eaa1cfbce0b2741db17bcd7e82d1a2e683e7b95
SHA256344e20ec032dd49019f57186186c0144eaffd6db89e0f082c7b29fee6123b8cf
SHA512a6071c3b62f479fe4b3fc04ccfafd776c27774722a1537b343a6fb9eb6748cfbcc51a2aff378498959a14908ae6053cec29c9d71044e47edaa1929f098d7783f
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\bdt6oppo.newcfg
Filesize2KB
MD5f201e9bf75e08878065362c45bf7acc9
SHA1e82839d11a7fe0853aac81cba7e74771fe11b613
SHA256f9dc32bca0a5229dd95c83f168e28125ab7984f6bbf469f6fd6bfcb313857774
SHA512d2beca02f82a85ff1d0c9afc1a46d6dbfcf25934d179e2b7694d3a0ee91e3eb1586844a112489ecec0edfebc34d4bca9cb5cc37a2e51006af3ad76b32ec4887f
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\g1tccses.newcfg
Filesize4KB
MD56f099a1f43c496f3f32c6374dbd4b35c
SHA1ee8979b9455fac129a5b851ffc7194aa0e787c36
SHA256a2e9e3bf730c2f56e1d0a07259aec0b29e5d7b0c5eb6a89fee3085e3bbd181ed
SHA512e173248620b35ad88becc7eef6b8822d95bf2dea044c73dbb0d3ecf7ba7ae372492d16a4ae3a6b540ce50a7df60156a6b1c525012a43b671655250d07fbd8e60
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\ijf2jnq-.newcfg
Filesize4KB
MD59d5545e9cba9ec6d07a2eb3fad50af2c
SHA15ff503f73f0f87b05127a1be6d83f2cb7ac29aee
SHA256164e544885d36fc8ded6fd39d1e248d9c25b06705622f20ef1950d76c589d978
SHA5129520822478f96d370ef121e3bb82d58ffb1078be0e84e39aec9a6b3f958470bba324b0c874186d5e15cd93f1f8d67f7d0f2e944129e6f47390117a6dcfda1d0f
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\jezqhmt0.newcfg
Filesize4KB
MD5a24f15efd660c4337cfd2995a58f4113
SHA111f6536a26bb3b04a744dee3a73859d7e600e793
SHA2565721f4e17ec8c5324d799daff98ab57ec4344f54adca220d261defaf19b6467b
SHA512a8449c6634b67543296156653a9161d99527739b45a934b7f50a29e90ed2c1d723e90e40357f3518e29065fd4ac7e96130d728ad183d8ac514dfbae1d1f065c8
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kkjxqlse.newcfg
Filesize3KB
MD5ed5a8ee3c7f0f09c78d246bd8ed3a6af
SHA12c4e021729ac603ceccbef49da4c8a863f724397
SHA256f2d21dce4e72c18cef0acd3302ce5689aba32d0ca0b9f4bd650b2724a1cdbc94
SHA51201525a06c855a3b9a83afd16774d728a49fc3e453e9a3c1dcb53b3b729b9cedd04df8604daafd0caae3d6afbe5d54573a4a29f2183e3cc043d84b705d4444155
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kl1qvc75.newcfg
Filesize2KB
MD5b3c11a7d023d23615c2b5dd5a64004d3
SHA1821e564de57ec3d63d4779e15bcf3aefeeaa662b
SHA256e64991a803d8c6ccfef583f1814f4da8f5674c2358cfab02db388a014b99742a
SHA5126a0deb84aeea4aef7af219de383c60c6a5b315e36e87efbab95c92568460d3712c33de304e9608173bd9c89594a279d003f2e03c0541bd5ee997738e26ab2780
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\kxeyrvqe.newcfg
Filesize4KB
MD531e78a5e9c6bcd3af02d72fd84284c17
SHA1e5f56606aa6884c90bc8bfa68c63212d36a02068
SHA256b6d2ce12b865105917a08c02af56165e2e221df38786b65033ffe4376d8dd595
SHA512f89d3849aa388932d89af776f7f2a0e2b41b9328d189a647261c9939f2a4d8cead3047447204eb52fe1772b78d450fb69c96d464887fcbad80dbf3da85b604a5
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\laaeny_s.newcfg
Filesize4KB
MD58757ec7755f2f66c4513bed54628aa21
SHA17f4c42cbf799bf5541539f525ac6fc9f8662f57c
SHA256955bbd3d372486e8703b579e5bedd44ad0ae89de0573e6f2f54af6e68ffe76fc
SHA5120306858b90440a59213805bbae779479452aaa26c91b7c5acc62fb6c1f052ab7407a3fed7c3b59f75fc1e5dc45cd45220ee3674ddd998fab35c416d3c9279a11
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\qejqiqjj.newcfg
Filesize4KB
MD5c9dd30295b84fe631df2c584d206cbda
SHA15490d840ff24028e7885b6ca3454272ed9035b8b
SHA25605b25d2806b69e167b7e865550b6f92f84c1153666799f67ec1d48ec7f95526a
SHA512001c646a149f1a073e892e975848799f2378a1e836ae20fb020fcfb05c5bb48d40bf0a363b725379258b100bb8e8d4576e62bed54fd4a334a276b2abee3b7ac2
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config
Filesize341B
MD5173c8e5d53012fcd93034042f8464a19
SHA1226fafb255a07ee20e0522a8902638844afb88f1
SHA2565ba3803c178a75c84f9868bae53edb497f63869de941dc21578546185c269d77
SHA512d1ca7efbb86066cc8e1d0dc91b122d3b7f98c56f49f449da405d36304e73905986eb697604360ec4bf6b2fa6603ad3020624428d2a67db050cd141e23780eeb5
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config
Filesize3KB
MD5b1a5d7f763aff18271a76d775b88f918
SHA137408da4f4ce0dd5671d305799078b68f13d99c7
SHA256203e84d9982e9fc6e86689cb84c5e6d9ec42516e65207c9d89ae9c25923e51c4
SHA51240564c01bdbe26fae7fb68f1a5abff9f89edf4b4178b301435245e66c97a2de5f18700624aef2240bb346f912d88ce5573f97052d0bfcb0666bb18afdd101388
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\user.config
Filesize4KB
MD5c3f965ae44fac66c6464eb6516f34f51
SHA1ecf28ee12b29e4d8dd6b1770cbcf702b025c2ff0
SHA2561f774a441b4129b59506bbfcff1c9dce357436912f4dfbeb75811f63a0a301e0
SHA512a64f815dfe60165af5ad80220590f8fb2e5d44aafe775aca28920e85416f41661d37bfb33e590b8d8d5e3a51cd7c631b80875f2785e0abd66b54c65f80f98d5b
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\x3tdn35w.newcfg
Filesize2KB
MD5efbf09de0ca277aa357c007dca29b09e
SHA149f1bb34fcadcefd40ed3f676846747fdd668b1c
SHA2562a81c805d9e997dd73d71feb0e22025160bb83bfd889d946d14fda7b416ba122
SHA512db3b07c69e010b9d23df47ed739e66d78dc64f148342710aab221b36ab4c5d3b3bb4b3e9f25764ea890d81d7236490dd632d31ba1993ce00c8de9ed1009b2755
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\xhxpzdcp.newcfg
Filesize470B
MD564c71bbabbada7b8824b3c637b404ae6
SHA158908d0f0a3dca96ffed1ff36da5bdf761f56338
SHA25658b78f4ef263136491df59bcf5c510b03116bd7c18ae319c868367296c7041a7
SHA512e8fdd3ff659bd7c1b581b6245dd059247bd382c0971411347bbbc8adc75c1108671a3b019021d615739ad8aabef92acf342b72316647ea324eef78f2b3161337
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\ydj-sokn.newcfg
Filesize4KB
MD5c914fc247bb7c8d052a9d4001e730f0e
SHA1df3eeff2446d266b0bfdc3636aa892773e4179d8
SHA25671652dab472a9c910a9c933131113eadf0e8ee14f14e6b53e3301fe593a85901
SHA512d9f1d70913d4952b3e0326d5d45fbfc6df37a18be6cd78a2630d71111a62ba884be2a15fb75f3bf4cfb97b0be0166609d076d5b99dec296a85ffd50cbd2e6b57
-
C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_gmu1m0gq0rh5o2nzjzcq3icmpmnmdp5h\10.1.2.519\z5l01-qj.newcfg
Filesize2KB
MD516c90305bdc8cd111d6f498e86ec404d
SHA1a69ada4e30e34412148543d9b7b12f32e6cb5f45
SHA256e7a7a1e8c0285ee78f5b1485dd1022a8d87cae0d40fef64ab2e520869daf1aa5
SHA512904a8c4abdefde1b903af60ea6356ca0f9fbbcab58293aecfe4f690db4c73593f958c81105bf00725931a0545fc377bba2ca37312456a12425ceed1b52676ac3
-
Filesize
6.3MB
MD54f7b95ed60a1d7af420ab4f64008f04a
SHA12176551d8975a2d7ff1e6316e98caaa0b7b2997a
SHA256efb60ee7df09a336952570b3645b5125994fd57db504fb1edf9e451fed038d04
SHA5127260a334c558673180aa7ab337c32eebafbca4c9a3ef9dcf60a3d8c20e854e76bc9d44d9e2fb21db44c400314923c1ec14c088612e1d0cf5f14e72221fb84a89
-
Filesize
26KB
MD581cd20ec0ef548964b8cc25c959633e8
SHA13a2b113fde85bf599aa5636d1024042e721d1d88
SHA25694b950cc656333930f6bd95ee474dbd067b9a0840677fdee8c53f7d738656a6b
SHA5121e571eb53ccc72d40dc44b46d4d110c4e79460b2ea198f8d739ce7057b114c4ad56332729283f0beb4694a94ba59732768d7de11487ab25109c365e2b6873361
-
Filesize
1.6MB
MD5aa47427ef91955ca851284c59d32b29b
SHA148629191e099df41a0cb750b6ff0701fc0e07346
SHA256d54f5d408a4a2d3b80dff71af9534d2119cf5284bd3ffb67ef48ac75419e5436
SHA5125fdb16f918cb6bfea8b3b80dd3282c2f02f50f1710df6d9dfbdbfc7124df331ead05a3ec2fff1857d18559dbeb20bded5fda80c0e3ef38ea3bb359c28ca3f917
-
Filesize
160KB
MD58f6d0af8b8619a44462ba10f9f871a75
SHA12dde2f96f87d29fd3d69c0df527c840981e10c16
SHA256ed468e2e61dea0885e7788b73483c8dd0da77d931f715ca2dd6af6a4616d72d8
SHA5129dd8a8df0a8bf6dc733585dcf09491985fe023b54ccf52992e3eb7aaffb6efe85e43a18c50f16375e84881c17d84c9510a1d4031711f67aeb0b8441fad1ef95f
-
Filesize
2.1MB
MD504091b9dc274a8aeceaa250d9d5aed4e
SHA139a8988a05b866ec3505be1650e521d2b3e71c1b
SHA256dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb
SHA5127b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b
-
Filesize
126KB
MD526ae155bc699bb8d535006d9889366ec
SHA147990e176505ba8fe8c9aa43018c71ce84702ed8
SHA2567fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9
SHA51203a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161
-
Filesize
195KB
MD5f6e528af6e8b1e819c5c9f8138d38098
SHA1f4e3e035648be7711aade5d1ae594d1069efd816
SHA256e0922e33fdbc433e36fa069791b6ced6e8d3177544b1331bd0e181ad600c628e
SHA512389bed7716d725f598a85f5e8a3806a351c40992dd5ed9bc1c4e4450b150d0d74f28df61d7cb0cbf6ebf681f49a454f9b04aec86a88fac9b7a33e6cdf964bb48
-
Filesize
127KB
MD56b740d7060e09cfee3523704436ba00f
SHA1f369460d22992b8a468f08fc19f208de52e2cb18
SHA25665c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b
SHA5122c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486
-
Filesize
36KB
MD50acda819bacbed7d368f036847960ae3
SHA18a4367182e41076e28870ef60efa8630ecdf846c
SHA2562508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800
SHA512d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321
-
Filesize
93KB
MD53f2dd5b3899d0abf2ed4e7749d85900a
SHA1682f8f786422a25ab5f525fb1d30928ab3f094c7
SHA2566d81bd6f69d6005d0ebeea74ff185842dfd1df5ec1c84304370b88bde38da497
SHA5123474a8e6d9550dff4b75af772248b2f48a95820554d10f27ac9dbc9178c659d8f7fde4ecfec26f648d5a93bdac3ec838b8ff581fb65f36d5b9e2475b16f659c1
-
Filesize
403B
MD5691f636192a7197ade4dc9282fd1e0ac
SHA197fe89cd631ea29cb377b00a78e7cd813925fb36
SHA256ad89a0ee1ec0b949cc50e7d7f3ad7dadb7daa2ce827a8427702cc291ddb82689
SHA512f5267dfbb9dbf1e1d4243c765e3d3bd5010e2bdc642fd61ac9bd152908229cec59a7e989e414a221b7650e3081bbeca0cb0372665785c67ceb6639c1680cd1d5
-
Filesize
403B
MD51be0e54666309c71c39a1d033923499b
SHA192ba7f03aff75e02ee1e9f74902d25953aadbaa4
SHA256dbba639c007cde5b8d0c7e93fc90307fea189f4ba52d2fe824af77ba8caa4bfc
SHA5128732c5a58b15b431486299cfe0c72e29414372886052648ba44313e0b2f4be82bafb9227cae5e3f8042fd6341cb561f091ee1d3f67d59fac0fe26f1ebab2ea71
-
Filesize
310B
MD5d1c66668d86b8017500d2a93977e2dc5
SHA16e86edc442ff9e0fc8c1664a4ee3bb02b66c6f68
SHA2568b48ce0254b019bde1cd7e308828b71a8e70e22296cde4edd73292644ffdecff
SHA5125f9db5e9a50744c6d9ac5111f939907592cff292c46684415578cbe2a0ad91673e90db8a9290572766ec5c86e7d8b357546186e7be6fd1a000a1678e08d28be8
-
Filesize
630B
MD5dd77880cdee99276df2c8d31c75f0558
SHA16863a3d1a012ef005eb3baeb5b8f000e562b0d0c
SHA256b9b89e768bf452de0926934e1a8ccb2428ace6fe73f66b44015405656488807c
SHA512c911aba6b8af1ad29ba9b6d7c8528c1be9cab05140118da83539a062ba9b0b75c9ffb4ca4c3e2707d5ed890978ad963b3653e63db26969f0ac02f4b54f3a80f9
-
Filesize
6B
MD5f5bd57c383ba95f77ad910dd0200e081
SHA10595d53ee4839cc59f5883fb1bc42098024f9b7b
SHA256abdfbffecbe18ed94df9829819e596ee285b52a94aa108514452a9121721c789
SHA512f9f0a2040f85cc0338b9fb6770180d3d7cdf0f12d8e3bdf01b9a27c1c03f6653a768ba73fa427813561ea8b221b349e11f64221366841b602c3618f7197f283b
-
Filesize
186B
MD530c7c2ef4fb7087f061f375cd581a975
SHA14b788b4afa1db09d2eeda6026283f3caf05af0cf
SHA2563fea3f520b341b504cb4fbbc501456899becad0aec526025b19ec63b986e06c3
SHA5126ffddd505fdadef35032c1dbe9bad08e18b78cc69d61290b8c56bcd8872375f948758a4af87a5ff49cb7e562fce4aa4444aa3619bcfce13b5790185557ecdfdd
-
Filesize
308B
MD50cb1cc6ebd3113ffa4d08cb8e611b0c1
SHA1c084178a890875d41c400e8950537e1f8a58a50f
SHA256b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2
SHA512c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3540ba49f82ead5d.customDestinations-ms
Filesize7KB
MD5ff00dd245a611608226112296cab0bb7
SHA155985c151cd2b24426a7818d9d803c121ef12bda
SHA2565899507bcbc4c69705e9aad2d3371f93a9c49a25914237f8b5b819f3bfc0bede
SHA512513e4370c8744aa870c0696de740a6b1bf518dd39e7219d9f49d0ae4ac8c13da012d68a5199e38f34467891a77c0019595ea9c6c6e3de55c885e5b504d57c934
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3540ba49f82ead5d.customDestinations-ms
Filesize12KB
MD5f3b7892e51ad69dc867e4a93587e72c6
SHA1a2796b482788fec5b7edd6b34a2814823fa4d177
SHA256659f575502aae0825e7e47238df45c3fba70f7d4af5de2c9c6fb245a3013a21a
SHA5122caa542c7a7230eb8c20f32cc083ebc8359b16ab1d8767333cb4609dbf81bb105302d04bdd8de29f9bc0f6dd01112c84a2b1dd99548233e7de7f4fa75ab8c96d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3540ba49f82ead5d.customDestinations-ms
Filesize9KB
MD5ad76dc1b1723891617d23ce03cef52e5
SHA146ca6e4070c893a57dcebac33dbbf99784679bec
SHA2567afd7d0fe9fb72b85b8cf8c87f04ac978e6f146bf1423e8fdd68a6b2d7f2d36e
SHA5127a110b6a6be090a0f8ab3146916e70d0d86263942e26eb9d91433e1b305c6026515aff7b093715d215097e7b05624d0b041b240cef90ff98364a958cc1e15387
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize12KB
MD57fc154d1bf5ac8edf6c4e930f5786ffe
SHA195015023e454d4bdf51efd159bc168da9baa1b63
SHA25617c42488da829b0ff69492905a203eb96abd8d006ecfa598dce7cac50e14ddd0
SHA51216f8989de95b1642618a8debc467659618248a57c3e97388b45db9117260a74ab597ff90e56221d1cbef0edf10b73d744abc560650e0feb847bf65ebc1d5126e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize14KB
MD57aad568ec4b67273e7201a9205838826
SHA1d90a72e5357fcfb72641d9f267a762c86e7134f0
SHA25603ddd4473b094151b52ebdce93b766614971aff1f2c5bd2978fd75067439b38b
SHA512fd5b8743665f6636f3b10fb4f01b7adfcf18d8ee1192930efdd28b8f9ae6930f154e0dbdfb2d76a9f947086ec4c0a1e65698eadc682229b9e03f178687c678b3
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize12KB
MD59d82c507e8f0efe12e799d4bd7cca76d
SHA19dc9f28bf7ca160a033f3c08437854bde69d3c0a
SHA256079217ce377b142d4b4a2db0f7c88431752d4595862b3c4486a0041044e2369b
SHA51211cea5379f8872e4d473b47d69bb484b32075aa1f6bcbe332406df43543aff928f20a07bd8a349ae7109ac50c0b7d6caf3fd2dea1d90c2ad72dac3e617161b25
-
Filesize
5.8MB
MD5930fb05cb0c2580d525e8cc5256a3eec
SHA14fb6477f7c9ebe997349cf1bc29c4397c0cc667f
SHA256c617dbe8123053dc00a59cac92a13e8265ca44c43cb59677977d1b4199d8a5f9
SHA5129a2c3ba82c12957320caefc8e909b1fc67ac4a53c60e39317bd3e52a66c93eed66c0d810fb15a51d2836c0c06a2294ab9a0c81fac60030b50b0bc57b18c08861
-
Filesize
553KB
MD54eca15b277ea14468a15c13e5ad27fe7
SHA1bc457fa758af1f9f1cceb1504b8d15f4cbbd5b77
SHA2564bb16776c33eb099f170c2204279268cf79a55ebd12891a114f63e11b0237b2c
SHA512f9b0467643b66b4c479389291942310b4d3672aea85bc2dbd3f4705a3ce034788231cb1cc449d29063e3ae0719adb5ca71aed803db7d36ce5986d04885b947d1
-
Filesize
22KB
MD580648b43d233468718d717d10187b68d
SHA1a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA2568ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9
-
Filesize
32KB
MD5ef1c6be2e8262f676dbf8609e5a2704a
SHA1fe2c19a070749465b5e1bb2d3c14af29004cf34b
SHA256283626acb52e60c9b06d2a5c1a115c2c07dec6ad3fa6eab4f0f243c5287e3018
SHA512f87396d25add33d31ae3524f98f219df097ebef50e0c17611c88a041eb39f737895144173783d017a5afd5a53e151771516e12f15c0367517911528e2d8df399
-
Filesize
466B
MD56ee8a00d70617c6ce031bb2b0f05c2ea
SHA12d7a71e7aa63f916fed0838fdb0606baa719e3de
SHA256239d2274079e57495d84c3a0de081b99759a3c6d1aaadfeb4890bef3b8419e8c
SHA5124ab04c9d6b57fd1ffc056eccfaf5872dbdbb5c1d89542159e4ddbd49dfbd9771d97e3633ab4c0c33fbd155d4c24820c7ae2beaaceefbb806cb4d4b46502ae338