Malware Analysis Report

2025-01-19 00:36

Sample ID 240503-c66dpsfc42
Target sample
SHA256 1ca2b5d5da9a68b45449fabc07735f2225262e21a0c42c399f55386c10c498b8
Tags
bootkit microsoft discovery persistence phishing spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1ca2b5d5da9a68b45449fabc07735f2225262e21a0c42c399f55386c10c498b8

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

bootkit microsoft discovery persistence phishing spyware stealer

Modifies Installed Components in the registry

Sets file execution options in registry

Downloads MZ/PE file

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Checks for any installed AV software in registry

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

NTFS ADS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 02:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 02:42

Reported

2024-05-03 02:45

Platform

win11-20240419-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\notification_helper.exe\"" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVG\\Browser\\Application\\123.0.24828.123\\notification_helper.exe" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SETUP.EX_ C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\en-GB.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\uk.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\acuapi.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\mr.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ru.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\v8_context_snapshot.bin C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\fr.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SECURE.PACKED.7Z C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser_64.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\AVGBrowserUninstall.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\de.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\es-419.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\sk.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\hi.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\nb.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\secure.7z C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ca.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\setup_helper_syslib.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\dxcompiler.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\chrome.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\dxil.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\123.0.24828.123\Installer\chrmstp.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\chrome_100_percent.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\resources.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\initial_preferences C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\kn.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ur.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\fil.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ja.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\ar.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\cs.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\pt-PT.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\zh-TW.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\VisualElements\SmallLogo.png C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdate.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUMAC4.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine_64.dll C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\Locales\lv.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source5708_274881792\Safer-bin\123.0.24828.123\mimic.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240503" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3COMClassService.1.0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\ProgID C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods\ = "8" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine.dll" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback\ = "Google Update Legacy On Demand" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ProgID\ = "AVG.Update3WebControl.3" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\Capabilities\URLAssociations\microsoft-edge = "AvgQH" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1856190483-1022094809-400023910-1000\{E4EDEBC4-29F3-4462-8DF8-5422C3CA768A} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachine C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\ = "CoCreateAsync" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachineFallback\CurVer\ = "AVGUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\CurVer\ = "AVGUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreClass\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\AppID = "{82C85EAA-7C94-4702-AA75-DF39403AE358}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\NumMethods\ = "11" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\ = "Google Update Misc Utils Class" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\CLSID\ = "{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\shell\open\command\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowserQHelper.exe\" %1" C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{358EC846-617A-4763-8656-50BF6E0E8AA2}\1.0\0\win64 C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\ProgID\ = "AVGUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\npAvgBrowserUpdate3.dll" C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 341859.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b2333cb8,0x7ff9b2333cc8,0x7ff9b2333cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe

"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"

C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe

"C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUMAC4.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezJEMTU3Mzc2LTFBRkUtNEVBRS05OTg2LUQ4ODRCRDRGQkRDQn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntDNTBBMjlENy0yREY4LTQwMDAtQkUzRC0xN0Q5M0RFRjFGMjh9IiB1c2VyaWRfZGF0ZT0iMjAyNDA1MDMiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDUwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntGQThFRDVGMy0yQjUwLTQ5NTMtQkM0OS1BQ0UzQ0M3N0Q3QTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7MUM4OUVGMkYtQTg4RS00REUwLTk3RkUtQ0I0MEM4RTRGRUVBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2OTMuNiIgbGFuZz0iZW4tVVMiIGJyYW5kPSI5MjI4IiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2MDQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{2D157376-1AFE-4EAE-9986-D884BD4FBDCB}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5444 /prefetch:2

C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{10AAA463-EA3A-4DFF-9A4A-9CC83D62CA75}\CR_737A5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=123.0.24828.123 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff7434d23d0,0x7ff7434d23dc,0x7ff7434d23e8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5392847234490760375,17545385264334718195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
BE 23.55.97.181:443 www.microsoft.com tcp
NL 20.76.201.171:443 xbox.com tcp
BE 23.55.96.62:80 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 152.199.21.175:443 acctcdnvzeuno.azureedge.net tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 20.189.173.17:443 browser.events.data.microsoft.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 8.8.8.8:53 bat.bing.com udp
AT 18.66.22.14:443 c.amazon-adsystem.com tcp
AT 18.66.27.33:443 sdk.privacy-center.org tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 204.79.197.237:443 bat.bing.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
GB 172.217.16.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 28.110.32.13.in-addr.arpa udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
AT 13.32.13.215:443 www.datadoghq-browser-agent.com tcp
AT 18.66.22.14:443 c.amazon-adsystem.com tcp
US 172.67.41.60:443 btloader.com tcp
GB 216.58.212.219:443 storage.googleapis.com tcp
AT 13.32.110.65:443 config.aps.amazon-adsystem.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 2.18.190.80:80 apps.identrust.com tcp
US 130.211.23.194:443 api.btloader.com udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 104.26.3.63:443 wct.softonic.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com udp
GB 142.250.187.193:443 a1322f5f49b49191f90a10b92ea9285f.safeframe.googlesyndication.com tcp
AT 18.66.27.85:443 api.privacy-center.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 34.120.63.153:443 prebid.media.net tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 52.18.168.73:443 ad.360yield.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
AT 18.66.16.134:443 aax.amazon-adsystem.com tcp
IE 34.250.225.36:443 ap.lijit.com tcp
GB 142.250.200.34:443 partner.googleadservices.com tcp
US 104.26.3.63:443 wct.softonic.com tcp
IE 34.250.225.36:443 ap.lijit.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 73.168.18.52.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 134.16.66.18.in-addr.arpa udp
US 8.8.8.8:53 36.225.250.34.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
BE 64.233.167.155:443 stats.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 cdn.ampproject.org tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
BE 23.55.96.24:443 contextual.media.net tcp
US 104.18.38.76:443 cdn.indexww.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
NL 81.17.55.123:443 ssbsync.smartadserver.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
DE 37.252.171.52:443 secure.adnxs.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.208.108.23:443 match.prod.bidr.io tcp
NL 35.214.181.132:443 csync.loopme.me tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
AT 13.32.110.8:443 api-2-0.spot.im tcp
US 54.158.42.6:443 sync.srv.stackadapt.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 3.223.41.121:443 cs-server-s2s.yellowblue.io tcp
US 35.244.174.68:443 id.rlcdn.com tcp
IE 54.170.186.220:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 23.108.208.52.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 132.181.214.35.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 8.110.32.13.in-addr.arpa udp
DE 51.75.86.98:443 onetag-sys.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 104.22.51.98:443 spl.zeotap.com tcp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
DE 18.195.38.227:443 rtb.mfadsrvr.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.2:443 cm.g.doubleclick.net udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
GB 104.91.71.134:443 cdn-download.avgbrowser.com tcp
GB 104.91.71.134:443 cdn-download.avgbrowser.com tcp
DE 3.122.57.250:443 match.sharethrough.com tcp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.38.195.18.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 116.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 250.57.122.3.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 104.20.87.8:443 stats.securebrowser.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.22.62.125:443 update.avgbrowser.com tcp
US 104.22.62.125:443 update.avgbrowser.com tcp
GB 104.91.71.133:80 browser-update.avg.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 34.120.63.153:443 prebid.media.net udp
IE 54.216.157.131:443 ad.360yield.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
DE 46.4.139.58:443 s.richaudience.com tcp
DE 46.4.139.58:443 s.richaudience.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0f25425fcda7474bc74cf6b914ce2262
SHA1 541620b08eedb97ada0840960b2c59391ba9a530
SHA256 b170ac8e893bcbc87746d28c5068393019160b9f798db01d364812cac69f1cbe
SHA512 f4c7257d8729f6d6338872ca36ed128349944c9efe8989dee267230e5ebae8675a3fba3ac3038a88d5b70977b767eee0c2423481c526ade354fb335592d80b7c

\??\pipe\LOCAL\crashpad_1644_DSTLHJFBBKHPETLU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0354ef8afd53bc4c27ab99144970a9c9
SHA1 7105316ebb6a50dc71cc5402c64bba847a7c95ae
SHA256 acef151efdca7eef151e0cc9e45d5945737c4ab7cd8493e3dd9acb49d8df6020
SHA512 af6d8f1010ab8181c6cbe4c64a0d72c20ddfc56257cb862570c410546ddc52d2f1a67e58b93e7548573091b0e7173f230868c28bc6ed0abb8116f850f7122893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cd0c73f7f634a340893b23e97a75b6e
SHA1 42ecfc482ce084defefc98fa935a954e1d98e6c9
SHA256 ba169426640897c858b5e5abf95c7e3b9077b4ebdedb6219d9c093dcfeb65704
SHA512 732a55f7cc51c1452272e6da592fea33677e7ec4a834b861e8af4318352b5aee54fc2cd5f10de5beb07289bbab9fe52ed93b0cd1f71417c6e9cccacb6a387126

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9032b78117e18056d30f6c84c0c51c51
SHA1 f14fe5d53042f1dd8abeaa8164025c03a9f6542d
SHA256 13364ddf12595c23d983208b66c41abc00155d1430750bc253ec2726e6257afd
SHA512 026e55dc668de94620cf02e69852d43480fe3a590d6c8ef4c8bfe788db91e8990d80c53db728d599976e486a79c7e3df6e801a0bd7b8b505d1c88ad06f65f72a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2258e4b6-b711-4982-b6e6-2aea65fe05d6.tmp

MD5 4ac6d73b7d61043a8aa84509f228e9db
SHA1 d3f2c37637cae44e38cbceed2ee0be80bc12db32
SHA256 73f9ea5e6a67e96249a5485451032faeab116e57fbdfa7b97af06160689b709b
SHA512 959e2b57e36ac19805f31df64a1a7062daf6387536806bd041b2393ac50316ca79d0135fa4d5df7a12f07e2d064d980c41065b695ce7e3351b7f7061819601c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3a0e5b1b43b34988daf2d3c8469178b
SHA1 fdd79330756b114f7e8e770ea01ddaef289c1677
SHA256 c57054994d87b1cece9927ff940e2bf7440d0e3e34ea71c829ef3cd8674c984d
SHA512 b177a5f52a7b8d676eba09b580f5fabaec853eb1785f32782786116cd268bc0861bc061cd165c0fb0afb64f096c117fb909b9887726d405bf846090ce5029ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bde26ab65d015d5c836cec18facdc3de
SHA1 02f4ea3b22355520b2b32d58b1b69e40e2eb2e8c
SHA256 266f8c5015d017b79e1911e241cf42d7922ce45f4f81d4119ca6615ab7ca918e
SHA512 5c02098723597d6ca8d04644725de21656765e1b916e68f687fffa4a1a0c719aeda597c621867e636cc4542738b044af2a38ca40cbac95f5cb8fdab0edf0d570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fcde.TMP

MD5 24be6ab9cadecf05847c6fc6d6bad34d
SHA1 a0a505214f96363e33a5d313c3ea1baf53dc8538
SHA256 cd3e65de9982a851c64939f0bb09eca83d7c392a768d541908ed675be59604e7
SHA512 1f92a56fde159b0e31e1c149802b78c1f7271b9a9413877727674de6b40dcc32547d69594b6ab620e88261e77213519bafb5d491f6e300efe38e834e3c4df9a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69d8cc9934560841cc9ce1de57dde714
SHA1 fc0634eed989ecb756bf706a57fb4bf2c3f2ed13
SHA256 3c0615514f1f25f972f52c146baa9d2689d67d5f6893293b3854ede98db0168d
SHA512 6eb96f1352076b704bb9bc15486d0c9a2211a1c8d4dc74eff48c3c48bc5af99d6dc93240e24bb2c5365559d8591d75d42921777be8466bc7b9b04c1ab55700f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 66cbb747a0b14012eabef5ba26bf1e93
SHA1 f599d8a0bfc0e3e1ef28b8c6b3429cf0c0b4cbb5
SHA256 adb1e3bb6fb825d7b4a6966d51bc53cb2278060c0ab58cd822e644502710027a
SHA512 637ac648ab3f4184ed51955bc0d00a2c1aa723c7f596c22a9a27012dbbc58c7fb6c1b3ccb039b5fb5a06b02ad11426c51ea47314ac16cbab62d3a08ed2402bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f24d62ba3dbdcf168d46ed3d10125c52
SHA1 5b767994bff2dddc823428c9b08bbc41737d7088
SHA256 9c6bf2e63bab0b06b689e8ad279b9edd9529ef3c57f19aca3292400e76e8dbb1
SHA512 49014d7439d45c99f1e3d918c82999529f7d059519dee5fb1a79fea82bf56b9cf41c542feb0cde1b09f4c5a2fc0342aff4f3530946b6644f5d485e75e96c3225

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ac587cfc15757b870d234d57e970be3d
SHA1 ca379f5af6a8c62bc1392d2785ff4a9004881c99
SHA256 025496d9bda1bd9c30933f55bbb83997391b73d2b23f3f829f821feaeaf95ca6
SHA512 be909e95dbd00cea1bd92ed37c0c50eb68628f9de63827bac576f7c823e70b1c68539dd439491f315d4e216ca812eaaea2eb5729c90496ba66da806d500e4f58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 91cef35adc9d4fa1ba9415d8b77a6b9b
SHA1 4e2e1d50bec1bd658d14f03f1554c726e9d02efd
SHA256 eb11e610212667929b5162c1774c7d5b8d3a9b1a59c21bc661fb17a9ea561885
SHA512 45ccada71cd934b7d055fb5a3db987303351eba475b2375888cf07563c2811ff459026b4d6fb61e93f6a3fe928fc31e08f462609df09ad9773d51084bacd63ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e943e521cae781068196f841f3e3ac9a
SHA1 ad23a363cbe00e8b9cd66c4a583e6fc010914f5d
SHA256 1d591373f68ac33998d6a43a5b8e6221b2ee84bc8c48ddedeb883c6f71ccbf5f
SHA512 5507d3504f89e08e5b2dd563d64a24eeb96aacb628eb168d35439fcd5647d4d60d03497351dd142dc152665f9502ba42a64f875a50e201557f2d455cb5a566b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 72d29470153d5e5782ea93886bd2a455
SHA1 bee1191570371bdf1147b76469e42e8599adae49
SHA256 6cf1cc33ce3b9484bc9a8741c24398b3f2e279a705f87a7ecd88824621d74879
SHA512 f036cff8f05902f1e2d90ae36964eb45ca34d60364811d125dcb243ea20670eeb21a4b2caba06c563d94547cf3b7ec9c0415e6436d1716ee196dc76232d56b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2408ed0cab1a8ce903dcff5fc4986f3
SHA1 fe35f364a9e395aa6e18713a02f602fd4767e87b
SHA256 cb526469cb2146d956d9c680aeca788bfa1d4338302be8b505bd407f93f4790c
SHA512 326df545bf602a28228ed9c459309c62a0c054c0560fd29b8eca8efb5d1e8cc98ef1f4ac1969c0010fa4c429816ce9dd7a79ff31a2edf7d8db182bbac6b80938

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5bffc02ccadd2365578f9731b8206910
SHA1 615cc2b54ec9bf5dce48d0afab6829a31e15948e
SHA256 ba29dc75b1288b9bfb1ed415eca583b83182c4463267806ce5b6ab44989a566a
SHA512 1b501c1d03302ccd5536c62c7d9efe59f3256697e8309141ba752a15fa0ff450151b548b1cfb393fddd715d625086f5cd19ac36d616bddf45c20f85643bb688d

C:\Users\Admin\Downloads\Unconfirmed 341859.crdownload

MD5 e126e85516c400f91c7faec6de177490
SHA1 364d5712f99012549c4c0425bebc0c6cd6bba218
SHA256 9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07
SHA512 028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c51598c358ef0e34e58d81335602902
SHA1 06e358491907a2162769339ee7b45b2f8ab56c7f
SHA256 657a3934fc296da8f0d1804069dead112cfa61a2f1cb26355ae9be488fa6c580
SHA512 bcc71836326302c7efc55cd610fd01dbef7a6a3940b48f5da56c80e16459daec0765a156d440917a51d8c66b4ea7c942c25f99cda0682ccc24c0d6ddf64d9324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 021946e5c97eb1007a9ff22e64329157
SHA1 5e7d51acd48024b9daa33d898fea5597a5c48b4c
SHA256 2cefbb2fa2e1febda715235aac5e87ef1a7b492b9802b993524131550305bca6
SHA512 fad7743529c8a45acd841c87f4325694f131d98197399a9352c9d2aa01dd83a31f60a22bcbc56c6b0b9f769dc74dc5fee063eede302ce544c521570bc7760637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70ac6c7d670980e48b1a37158c008738
SHA1 b2ca19b7776946f1201b31b29cac398921b5c483
SHA256 7414c108ebd35b93a7e76eb6a267076d844ba496f2a81d39a877c9389ef5d503
SHA512 6f4d17938ebecc8219498e3cacda0cbde97ef90dfda00dc702da3af424ae60c85103a220d2a45d63c4feac9fa510fc2084e15f59e0547aff693bbd88be6133aa

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Temp\nsmE210.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

C:\Users\Admin\AppData\Local\Temp\nsmE210.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\nsmE210.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nsmE210.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

C:\Users\Admin\AppData\Local\Temp\{FA5651E7-717D-45A0-90EF-CE9C9074F984}\scrt.dll

MD5 f36f05628b515262db197b15c7065b40
SHA1 74a8005379f26dd0de952acab4e3fc5459cde243
SHA256 67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31
SHA512 280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

C:\Users\Admin\AppData\Local\Temp\nsmE210.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

C:\Users\Admin\AppData\Local\Temp\ajEA4E.exe

MD5 acb51434fd82eb460b052f05950b8dca
SHA1 707d192db2ce7cefdefce3037dfb85a18b8811f3
SHA256 29ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055
SHA512 013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e74932604c41e3e3eccc4f71c3d97870
SHA1 c4893cd4290778b2938b97a3619e4d66e35def9c
SHA256 f8f8fba0daccdf579e1cf9c93c23f435281f850ba755056004aad1c29a4833ef
SHA512 37d6e011f0ee6644dc6cf8ea4efb00d5d6f783fd8d82587d111f2c11365cd125f9e77cc8157e0772cd06404880b84e448bde21bc25badce01a6165682d63fc5d

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\CR.History.tmp

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\FF.places.tmp

MD5 938eaee6387851af95b2ef7827547a70
SHA1 98d7d48e089c983d86c07238fc1a392380bbbff2
SHA256 7cd23c314b9996be6335bc34e3557c65d9ae2ab27f1f54185f2dd586d6b6f0fa
SHA512 87f3c410d9725bfd051c34234071b12a5b0a3b7f06bc5157b71280ae2a1ff4f84821a6e4c0994ac25432ae1a19318abc97b96bad6d1c1fd09995c38f3c01f745

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\CR.History.tmp

MD5 ef3499bb7a1b7c2e25578948240fdf51
SHA1 dfc4d4f4233d9b901095e63cbefbeab5625b4c01
SHA256 7c9cacc44d563769baed67f1d5bbab152c0b92b2b345700e49e643ccd3ae9675
SHA512 4f2c2d93c377b1c978f697ca5b20259cb26435e11b8b61e37ee7206f9fd36c1c1a1c050f5fbf1e8b5128c09d3e2d7170f43cb7fba11001ceac0c9ac2c6a7f222

C:\Users\Admin\AppData\Local\Temp\nsqEC22.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader

MD5 1b21c6289779989d6646273dd9c2eaff
SHA1 3ab5df2c168c33609cb4b59b449b5b3e2d96ee59
SHA256 b749ccea7f330527f27691e0b1cb6d46b63fd7e7287cc8b348fffe8020ecd11d
SHA512 187738d1885f17affa790d1453daa7a89bc49ef83ef0797a7340f6a93346a1faf6ca6d1cd48b83f03a369a966bebe4b092542bf07b79e8ba0dd28f4263a21cc2

C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader

MD5 4647bbe73ad36cf1cccc9de2704bdda2
SHA1 a7c14655cdc93dbc9fe0b73e790a02fd0cd6c55e
SHA256 af22d7e568fe73c694505e72619c5d58662ba8e55813345c301487a88f396876
SHA512 085a1bd828dbb11687ae94ddf60d79bd3f2f1d790482ae1c15322fa12e80d626ea9b63daf513a239e4585d58dd61e8b0ab9879195f96fb503896dd25386aedcd

C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader

MD5 244414574ddbd89afa0fb8c7b7dc6d6e
SHA1 2df961a51c13886a9cb53868d5ac1ec3c6b767b0
SHA256 bd35f097a801a3c234cb868fec228d169bb25f6c5dcaff5efb2f9d81a4d523f5
SHA512 1a8014954385bead00003b8c2b08bb90643b62ca60fe4a091bcd6a16086c084b040e800f311f167941bec34bceb39572add7cf533e386f910d1f40e3f21b1d99

C:\Program Files (x86)\GUMAC4.tmp\@PaxHeader

MD5 fc8ee03b2a65f381e4245432d5fef60e
SHA1 d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f
SHA256 751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4
SHA512 0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll

MD5 c6a2bff8e96b5622bf6841a671f4e564
SHA1 fb638e9c72604cc1b160385fa803b0ea028e5d5e
SHA256 7a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992
SHA512 22a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f

C:\Program Files\AVG\Browser\Application\123.0.24828.123\Installer\setup.exe

MD5 b4fb7b4e93e5f564e953e5a225a711e5
SHA1 27dee69da6379e54fc94516eaee3cfb3a34fe240
SHA256 e93a3b3e4609c966fb8c8c5233a86e206a4924bae4f59289614f2f9ffed29a9b
SHA512 bcc82dfde782621d37e37e14794d3431c0990a2bd3869c09905597824b0b140a3c6bce89150acb7e465ab942a102c8ee5d618817c053afd3442ce5f878c1d163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b56e5b12a3bcd1967809e6a2d2e0188b
SHA1 a1a34106ff5f4a67fa1ac7ae0e819edb44eba53a
SHA256 e7e22c02a7d53e8abd49bc9be828b41555fe9db7989f048233afda271b1d7447
SHA512 294d1af1467ac875d215719ebb400bfbc8dac01664234d6e53182a3e31c5d50718ef1194a940c4f36b29adcc6a60d413212cd477c4e174210d1e91c73b29c475