Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-05-2024 02:42
Static task
static1
General
-
Target
sample.html
-
Size
12KB
-
MD5
e3e42330497189d189e04424c0f9c706
-
SHA1
e441d1ae4a62cd12f5c7374a4ae7cc7360811354
-
SHA256
1ca2b5d5da9a68b45449fabc07735f2225262e21a0c42c399f55386c10c498b8
-
SHA512
f20d9ac310fceda5b9ba1fb607d2f86b2219bad8aa18bd41730256cce0751bb87032f8b225479eb554c2c5a61cf1cb15aafcc0b78e51f5f61bb23f36a8af276d
-
SSDEEP
192:361idXdDk2srELTTP4lt8jcjLDcOW5rQFXtP0azVQXyFa9W0q0yThr+Ce:3614duPlLk507FFa9W0q0Ohr+1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" setup.exe -
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" AVGBrowserUpdate.exe -
Executes dropped EXE 15 IoCs
pid Process 4744 avg_secure_browser_setup.exe 5580 ajEA4E.exe 5464 AVGBrowserUpdateSetup.exe 6080 AVGBrowserUpdate.exe 1384 AVGBrowserUpdate.exe 3180 AVGBrowserUpdate.exe 2988 AVGBrowserUpdateComRegisterShell64.exe 3328 AVGBrowserUpdateComRegisterShell64.exe 2152 AVGBrowserUpdateComRegisterShell64.exe 5908 AVGBrowserUpdate.exe 5652 AVGBrowserUpdate.exe 5928 AVGBrowserUpdate.exe 5564 AVGBrowserInstaller.exe 5708 setup.exe 4904 setup.exe -
Loads dropped DLL 31 IoCs
pid Process 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 6080 AVGBrowserUpdate.exe 1384 AVGBrowserUpdate.exe 3180 AVGBrowserUpdate.exe 2988 AVGBrowserUpdateComRegisterShell64.exe 3180 AVGBrowserUpdate.exe 3328 AVGBrowserUpdateComRegisterShell64.exe 3180 AVGBrowserUpdate.exe 2152 AVGBrowserUpdateComRegisterShell64.exe 3180 AVGBrowserUpdate.exe 6080 AVGBrowserUpdate.exe 6080 AVGBrowserUpdate.exe 5908 AVGBrowserUpdate.exe 5652 AVGBrowserUpdate.exe 5928 AVGBrowserUpdate.exe 5928 AVGBrowserUpdate.exe 5652 AVGBrowserUpdate.exe 5928 AVGBrowserUpdate.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 23 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\notification_helper.exe\"" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\notification_helper.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 AVGBrowserUpdateComRegisterShell64.exe -
Checks for any installed AV software in registry 1 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast ajEA4E.exe Key opened \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\SOFTWARE\AVAST Software\Avast ajEA4E.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 ajEA4E.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SETUP.EX_ AVGBrowserInstaller.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\en-GB.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\uk.pak setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\acuapi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ja.dll AVGBrowserUpdateSetup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\mr.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ru.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\v8_context_snapshot.bin setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\fr.pak setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SECURE.PACKED.7Z AVGBrowserInstaller.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_it.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser_64.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Application\AVGBrowser.exe setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_fi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\AVGBrowserUninstall.exe setup.exe File created C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\de.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\es-419.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\sk.pak setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_lt.dll AVGBrowserUpdateSetup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\hi.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\nb.pak setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\secure.7z setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ca.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\setup_helper_syslib.dll setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_tr.dll AVGBrowserUpdateSetup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\dxcompiler.dll setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\chrome.dll setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\dxil.dll setup.exe File created C:\Program Files\AVG\Browser\Application\123.0.24828.123\Installer\chrmstp.exe setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\chrome_100_percent.pak setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ar.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ur.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\resources.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\initial_preferences setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\kn.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ur.pak setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\fil.pak setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ja.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ar.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\cs.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\pt-PT.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\zh-TW.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\VisualElements\SmallLogo.png setup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdate.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ro.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine_64.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\lv.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\mimic.dll setup.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 2 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ajEA4E.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ajEA4E.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" AVGBrowserUpdate.exe -
Modifies data under HKEY_USERS 10 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240503" AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" AVGBrowserUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3COMClassService.1.0 AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\ProgID AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods\ = "8" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine.dll" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback\ = "Google Update Legacy On Demand" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ProgID\ = "AVG.Update3WebControl.3" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\Capabilities\URLAssociations\microsoft-edge = "AvgQH" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1856190483-1022094809-400023910-1000\{E4EDEBC4-29F3-4462-8DF8-5422C3CA768A} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachine AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\LocalServer32 AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\ = "CoCreateAsync" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachineFallback\CurVer\ = "AVGUpdate.Update3WebMachineFallback.1.0" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\CurVer\ = "AVGUpdate.CredentialDialogMachine.1.0" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358} AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreClass\CLSID AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ = "IBrowserHttpRequest2" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\AppID = "{82C85EAA-7C94-4702-AA75-DF39403AE358}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\NumMethods\ = "11" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\ = "Google Update Misc Utils Class" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\CLSID\ = "{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\shell\open\command\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowserQHelper.exe\" %1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32 AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ = "IRegistrationUpdateHook" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32 AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32 AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{358EC846-617A-4763-8656-50BF6E0E8AA2}\1.0\0\win64 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\ProgID\ = "AVGUpdate.OnDemandCOMClassMachine.1.0" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\npAvgBrowserUpdate3.dll" AVGBrowserUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 341859.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3852 msedge.exe 3852 msedge.exe 1644 msedge.exe 1644 msedge.exe 4060 identity_helper.exe 4060 identity_helper.exe 2512 msedge.exe 2512 msedge.exe 2928 msedge.exe 2928 msedge.exe 6060 msedge.exe 6060 msedge.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 4744 avg_secure_browser_setup.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe 5580 ajEA4E.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs
pid Process 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: 33 4204 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4204 AUDIODG.EXE Token: SeDebugPrivilege 6080 AVGBrowserUpdate.exe Token: SeDebugPrivilege 6080 AVGBrowserUpdate.exe Token: SeDebugPrivilege 6080 AVGBrowserUpdate.exe Token: 33 5564 AVGBrowserInstaller.exe Token: SeIncBasePriorityPrivilege 5564 AVGBrowserInstaller.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe 1644 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4744 avg_secure_browser_setup.exe 5580 ajEA4E.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1644 wrote to memory of 892 1644 msedge.exe 80 PID 1644 wrote to memory of 892 1644 msedge.exe 80 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 2516 1644 msedge.exe 81 PID 1644 wrote to memory of 3852 1644 msedge.exe 82 PID 1644 wrote to memory of 3852 1644 msedge.exe 82 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 PID 1644 wrote to memory of 720 1644 msedge.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b2333cb8,0x7ff9b2333cc8,0x7ff9b2333cd82⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:12⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5988 /prefetch:82⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5980 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:1996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:12⤵PID:240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:12⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:12⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9040 /prefetch:82⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6060
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4744 -
C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe"C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5580 -
C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5464 -
C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome"5⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:6080 -
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1384
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3180 -
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2988
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3328
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2152
-
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezJEMTU3Mzc2LTFBRkUtNEVBRS05OTg2LUQ4ODRCRDRGQkRDQn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntDNTBBMjlENy0yREY4LTQwMDAtQkUzRC0xN0Q5M0RFRjFGMjh9IiB1c2VyaWRfZGF0ZT0iMjAyNDA1MDMiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDUwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntGQThFRDVGMy0yQjUwLTQ5NTMtQkM0OS1BQ0UzQ0M3N0Q3QTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7MUM4OUVGMkYtQTg4RS00REUwLTk3RkUtQ0I0MEM4RTRGRUVBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2OTMuNiIgbGFuZz0iZW4tVVMiIGJyYW5kPSI5MjI4IiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2MDQiLz48L2FwcD48L3JlcXVlc3Q-6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5908
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{2D157376-1AFE-4EAE-9986-D884BD4FBDCB}" /silent6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5652
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:12⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵PID:5996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5444 /prefetch:22⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵PID:2368
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2312
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4204
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:5928 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --system-level2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:5564 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --system-level3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:5708 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=123.0.24828.123 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7434d23d0,0x7ff7434d23dc,0x7ff7434d23e84⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4904
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
506KB
MD5c6a2bff8e96b5622bf6841a671f4e564
SHA1fb638e9c72604cc1b160385fa803b0ea028e5d5e
SHA2567a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992
SHA51222a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f
-
Filesize
204KB
MD5cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA5125f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e
-
Filesize
28B
MD51b21c6289779989d6646273dd9c2eaff
SHA13ab5df2c168c33609cb4b59b449b5b3e2d96ee59
SHA256b749ccea7f330527f27691e0b1cb6d46b63fd7e7287cc8b348fffe8020ecd11d
SHA512187738d1885f17affa790d1453daa7a89bc49ef83ef0797a7340f6a93346a1faf6ca6d1cd48b83f03a369a966bebe4b092542bf07b79e8ba0dd28f4263a21cc2
-
Filesize
28B
MD54647bbe73ad36cf1cccc9de2704bdda2
SHA1a7c14655cdc93dbc9fe0b73e790a02fd0cd6c55e
SHA256af22d7e568fe73c694505e72619c5d58662ba8e55813345c301487a88f396876
SHA512085a1bd828dbb11687ae94ddf60d79bd3f2f1d790482ae1c15322fa12e80d626ea9b63daf513a239e4585d58dd61e8b0ab9879195f96fb503896dd25386aedcd
-
Filesize
28B
MD5244414574ddbd89afa0fb8c7b7dc6d6e
SHA12df961a51c13886a9cb53868d5ac1ec3c6b767b0
SHA256bd35f097a801a3c234cb868fec228d169bb25f6c5dcaff5efb2f9d81a4d523f5
SHA5121a8014954385bead00003b8c2b08bb90643b62ca60fe4a091bcd6a16086c084b040e800f311f167941bec34bceb39572add7cf533e386f910d1f40e3f21b1d99
-
Filesize
27B
MD5fc8ee03b2a65f381e4245432d5fef60e
SHA1d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f
SHA256751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4
SHA5120837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4
-
Filesize
3.4MB
MD5b4fb7b4e93e5f564e953e5a225a711e5
SHA127dee69da6379e54fc94516eaee3cfb3a34fe240
SHA256e93a3b3e4609c966fb8c8c5233a86e206a4924bae4f59289614f2f9ffed29a9b
SHA512bcc82dfde782621d37e37e14794d3431c0990a2bd3869c09905597824b0b140a3c6bce89150acb7e465ab942a102c8ee5d618817c053afd3442ce5f878c1d163
-
Filesize
152B
MD50354ef8afd53bc4c27ab99144970a9c9
SHA17105316ebb6a50dc71cc5402c64bba847a7c95ae
SHA256acef151efdca7eef151e0cc9e45d5945737c4ab7cd8493e3dd9acb49d8df6020
SHA512af6d8f1010ab8181c6cbe4c64a0d72c20ddfc56257cb862570c410546ddc52d2f1a67e58b93e7548573091b0e7173f230868c28bc6ed0abb8116f850f7122893
-
Filesize
152B
MD50f25425fcda7474bc74cf6b914ce2262
SHA1541620b08eedb97ada0840960b2c59391ba9a530
SHA256b170ac8e893bcbc87746d28c5068393019160b9f798db01d364812cac69f1cbe
SHA512f4c7257d8729f6d6338872ca36ed128349944c9efe8989dee267230e5ebae8675a3fba3ac3038a88d5b70977b767eee0c2423481c526ade354fb335592d80b7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2258e4b6-b711-4982-b6e6-2aea65fe05d6.tmp
Filesize5KB
MD54ac6d73b7d61043a8aa84509f228e9db
SHA1d3f2c37637cae44e38cbceed2ee0be80bc12db32
SHA25673f9ea5e6a67e96249a5485451032faeab116e57fbdfa7b97af06160689b709b
SHA512959e2b57e36ac19805f31df64a1a7062daf6387536806bd041b2393ac50316ca79d0135fa4d5df7a12f07e2d064d980c41065b695ce7e3351b7f7061819601c8
-
Filesize
67KB
MD5d2d55f8057f8b03c94a81f3839b348b9
SHA137c399584539734ff679e3c66309498c8b2dd4d9
SHA2566e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA5127bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6
-
Filesize
37KB
MD591cef35adc9d4fa1ba9415d8b77a6b9b
SHA14e2e1d50bec1bd658d14f03f1554c726e9d02efd
SHA256eb11e610212667929b5162c1774c7d5b8d3a9b1a59c21bc661fb17a9ea561885
SHA51245ccada71cd934b7d055fb5a3db987303351eba475b2375888cf07563c2811ff459026b4d6fb61e93f6a3fe928fc31e08f462609df09ad9773d51084bacd63ed
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.1MB
MD572d29470153d5e5782ea93886bd2a455
SHA1bee1191570371bdf1147b76469e42e8599adae49
SHA2566cf1cc33ce3b9484bc9a8741c24398b3f2e279a705f87a7ecd88824621d74879
SHA512f036cff8f05902f1e2d90ae36964eb45ca34d60364811d125dcb243ea20670eeb21a4b2caba06c563d94547cf3b7ec9c0415e6436d1716ee196dc76232d56b70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD570ac6c7d670980e48b1a37158c008738
SHA1b2ca19b7776946f1201b31b29cac398921b5c483
SHA2567414c108ebd35b93a7e76eb6a267076d844ba496f2a81d39a877c9389ef5d503
SHA5126f4d17938ebecc8219498e3cacda0cbde97ef90dfda00dc702da3af424ae60c85103a220d2a45d63c4feac9fa510fc2084e15f59e0547aff693bbd88be6133aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5ac587cfc15757b870d234d57e970be3d
SHA1ca379f5af6a8c62bc1392d2785ff4a9004881c99
SHA256025496d9bda1bd9c30933f55bbb83997391b73d2b23f3f829f821feaeaf95ca6
SHA512be909e95dbd00cea1bd92ed37c0c50eb68628f9de63827bac576f7c823e70b1c68539dd439491f315d4e216ca812eaaea2eb5729c90496ba66da806d500e4f58
-
Filesize
10KB
MD5021946e5c97eb1007a9ff22e64329157
SHA15e7d51acd48024b9daa33d898fea5597a5c48b4c
SHA2562cefbb2fa2e1febda715235aac5e87ef1a7b492b9802b993524131550305bca6
SHA512fad7743529c8a45acd841c87f4325694f131d98197399a9352c9d2aa01dd83a31f60a22bcbc56c6b0b9f769dc74dc5fee063eede302ce544c521570bc7760637
-
Filesize
5KB
MD52cd0c73f7f634a340893b23e97a75b6e
SHA142ecfc482ce084defefc98fa935a954e1d98e6c9
SHA256ba169426640897c858b5e5abf95c7e3b9077b4ebdedb6219d9c093dcfeb65704
SHA512732a55f7cc51c1452272e6da592fea33677e7ec4a834b861e8af4318352b5aee54fc2cd5f10de5beb07289bbab9fe52ed93b0cd1f71417c6e9cccacb6a387126
-
Filesize
5KB
MD5f3a0e5b1b43b34988daf2d3c8469178b
SHA1fdd79330756b114f7e8e770ea01ddaef289c1677
SHA256c57054994d87b1cece9927ff940e2bf7440d0e3e34ea71c829ef3cd8674c984d
SHA512b177a5f52a7b8d676eba09b580f5fabaec853eb1785f32782786116cd268bc0861bc061cd165c0fb0afb64f096c117fb909b9887726d405bf846090ce5029ec6
-
Filesize
14KB
MD55bffc02ccadd2365578f9731b8206910
SHA1615cc2b54ec9bf5dce48d0afab6829a31e15948e
SHA256ba29dc75b1288b9bfb1ed415eca583b83182c4463267806ce5b6ab44989a566a
SHA5121b501c1d03302ccd5536c62c7d9efe59f3256697e8309141ba752a15fa0ff450151b548b1cfb393fddd715d625086f5cd19ac36d616bddf45c20f85643bb688d
-
Filesize
7KB
MD5e943e521cae781068196f841f3e3ac9a
SHA1ad23a363cbe00e8b9cd66c4a583e6fc010914f5d
SHA2561d591373f68ac33998d6a43a5b8e6221b2ee84bc8c48ddedeb883c6f71ccbf5f
SHA5125507d3504f89e08e5b2dd563d64a24eeb96aacb628eb168d35439fcd5647d4d60d03497351dd142dc152665f9502ba42a64f875a50e201557f2d455cb5a566b3
-
Filesize
6KB
MD566cbb747a0b14012eabef5ba26bf1e93
SHA1f599d8a0bfc0e3e1ef28b8c6b3429cf0c0b4cbb5
SHA256adb1e3bb6fb825d7b4a6966d51bc53cb2278060c0ab58cd822e644502710027a
SHA512637ac648ab3f4184ed51955bc0d00a2c1aa723c7f596c22a9a27012dbbc58c7fb6c1b3ccb039b5fb5a06b02ad11426c51ea47314ac16cbab62d3a08ed2402bba
-
Filesize
6KB
MD5bde26ab65d015d5c836cec18facdc3de
SHA102f4ea3b22355520b2b32d58b1b69e40e2eb2e8c
SHA256266f8c5015d017b79e1911e241cf42d7922ce45f4f81d4119ca6615ab7ca918e
SHA5125c02098723597d6ca8d04644725de21656765e1b916e68f687fffa4a1a0c719aeda597c621867e636cc4542738b044af2a38ca40cbac95f5cb8fdab0edf0d570
-
Filesize
4KB
MD5a2408ed0cab1a8ce903dcff5fc4986f3
SHA1fe35f364a9e395aa6e18713a02f602fd4767e87b
SHA256cb526469cb2146d956d9c680aeca788bfa1d4338302be8b505bd407f93f4790c
SHA512326df545bf602a28228ed9c459309c62a0c054c0560fd29b8eca8efb5d1e8cc98ef1f4ac1969c0010fa4c429816ce9dd7a79ff31a2edf7d8db182bbac6b80938
-
Filesize
5KB
MD53c51598c358ef0e34e58d81335602902
SHA106e358491907a2162769339ee7b45b2f8ab56c7f
SHA256657a3934fc296da8f0d1804069dead112cfa61a2f1cb26355ae9be488fa6c580
SHA512bcc71836326302c7efc55cd610fd01dbef7a6a3940b48f5da56c80e16459daec0765a156d440917a51d8c66b4ea7c942c25f99cda0682ccc24c0d6ddf64d9324
-
Filesize
1KB
MD569d8cc9934560841cc9ce1de57dde714
SHA1fc0634eed989ecb756bf706a57fb4bf2c3f2ed13
SHA2563c0615514f1f25f972f52c146baa9d2689d67d5f6893293b3854ede98db0168d
SHA5126eb96f1352076b704bb9bc15486d0c9a2211a1c8d4dc74eff48c3c48bc5af99d6dc93240e24bb2c5365559d8591d75d42921777be8466bc7b9b04c1ab55700f7
-
Filesize
5KB
MD5b56e5b12a3bcd1967809e6a2d2e0188b
SHA1a1a34106ff5f4a67fa1ac7ae0e819edb44eba53a
SHA256e7e22c02a7d53e8abd49bc9be828b41555fe9db7989f048233afda271b1d7447
SHA512294d1af1467ac875d215719ebb400bfbc8dac01664234d6e53182a3e31c5d50718ef1194a940c4f36b29adcc6a60d413212cd477c4e174210d1e91c73b29c475
-
Filesize
1KB
MD5f24d62ba3dbdcf168d46ed3d10125c52
SHA15b767994bff2dddc823428c9b08bbc41737d7088
SHA2569c6bf2e63bab0b06b689e8ad279b9edd9529ef3c57f19aca3292400e76e8dbb1
SHA51249014d7439d45c99f1e3d918c82999529f7d059519dee5fb1a79fea82bf56b9cf41c542feb0cde1b09f4c5a2fc0342aff4f3530946b6644f5d485e75e96c3225
-
Filesize
1KB
MD524be6ab9cadecf05847c6fc6d6bad34d
SHA1a0a505214f96363e33a5d313c3ea1baf53dc8538
SHA256cd3e65de9982a851c64939f0bb09eca83d7c392a768d541908ed675be59604e7
SHA5121f92a56fde159b0e31e1c149802b78c1f7271b9a9413877727674de6b40dcc32547d69594b6ab620e88261e77213519bafb5d491f6e300efe38e834e3c4df9a3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59032b78117e18056d30f6c84c0c51c51
SHA1f14fe5d53042f1dd8abeaa8164025c03a9f6542d
SHA25613364ddf12595c23d983208b66c41abc00155d1430750bc253ec2726e6257afd
SHA512026e55dc668de94620cf02e69852d43480fe3a590d6c8ef4c8bfe788db91e8990d80c53db728d599976e486a79c7e3df6e801a0bd7b8b505d1c88ad06f65f72a
-
Filesize
12KB
MD5e74932604c41e3e3eccc4f71c3d97870
SHA1c4893cd4290778b2938b97a3619e4d66e35def9c
SHA256f8f8fba0daccdf579e1cf9c93c23f435281f850ba755056004aad1c29a4833ef
SHA51237d6e011f0ee6644dc6cf8ea4efb00d5d6f783fd8d82587d111f2c11365cd125f9e77cc8157e0772cd06404880b84e448bde21bc25badce01a6165682d63fc5d
-
Filesize
5.8MB
MD5acb51434fd82eb460b052f05950b8dca
SHA1707d192db2ce7cefdefce3037dfb85a18b8811f3
SHA25629ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055
SHA512013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d
-
Filesize
2.1MB
MD5bd94620c8a3496f0922d7a443c750047
SHA123c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68
-
Filesize
195KB
MD57602b88d488e54b717a7086605cd6d8d
SHA1c01200d911e744bdffa7f31b3c23068971494485
SHA2562640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a
-
Filesize
127KB
MD54b27df9758c01833e92c51c24ce9e1d5
SHA1c3e227564de6808e542d2a91bbc70653cf88d040
SHA256d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4
-
Filesize
36KB
MD5ddb56a646aea54615b29ce7df8cd31b8
SHA10ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA25607e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA5125d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8
-
Filesize
93KB
MD5070335e8e52a288bdb45db1c840d446b
SHA19db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA5126f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c
-
Filesize
1.6MB
MD59750ea6c750629d2ca971ab1c074dc9d
SHA17df3d1615bec8f5da86a548f45f139739bde286b
SHA256cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA5122ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b
-
Filesize
128KB
MD5ef3499bb7a1b7c2e25578948240fdf51
SHA1dfc4d4f4233d9b901095e63cbefbeab5625b4c01
SHA2567c9cacc44d563769baed67f1d5bbab152c0b92b2b345700e49e643ccd3ae9675
SHA5124f2c2d93c377b1c978f697ca5b20259cb26435e11b8b61e37ee7206f9fd36c1c1a1c050f5fbf1e8b5128c09d3e2d7170f43cb7fba11001ceac0c9ac2c6a7f222
-
Filesize
160KB
MD5f310cf1ff562ae14449e0167a3e1fe46
SHA185c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA5121196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad
-
Filesize
5.0MB
MD5938eaee6387851af95b2ef7827547a70
SHA198d7d48e089c983d86c07238fc1a392380bbbff2
SHA2567cd23c314b9996be6335bc34e3557c65d9ae2ab27f1f54185f2dd586d6b6f0fa
SHA51287f3c410d9725bfd051c34234071b12a5b0a3b7f06bc5157b71280ae2a1ff4f84821a6e4c0994ac25432ae1a19318abc97b96bad6d1c1fd09995c38f3c01f745
-
Filesize
126KB
MD5581c4a0b8de60868b89074fe94eb27b9
SHA170b8bdfddb08164f9d52033305d535b7db2599f6
SHA256b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA51294290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d
-
Filesize
5.7MB
MD5f36f05628b515262db197b15c7065b40
SHA174a8005379f26dd0de952acab4e3fc5459cde243
SHA25667abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31
SHA512280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8
-
Filesize
5.8MB
MD5e126e85516c400f91c7faec6de177490
SHA1364d5712f99012549c4c0425bebc0c6cd6bba218
SHA2569742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07
SHA512028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98