hxxp://softonic[.]com

Analysis

max time kernel
269s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://softonic.com

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 12 IoCs

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
7032	avast_free_antivirus_setup_online.exe
5684	avast_free_antivirus_setup_online_x64.exe
5812	instup.exe
5236	instup.exe
4912	aswOfferTool.exe
6680	aswOfferTool.exe
4924	aswOfferTool.exe
3844	aswOfferTool.exe
6940	aswOfferTool.exe
6476	aswOfferTool.exe
440	aswOfferTool.exe
5908	aswOfferTool.exe

Loads dropped DLL 13 IoCs

Processes:

avast_free_antivirus_setup_online.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
7032	avast_free_antivirus_setup_online.exe
5812	instup.exe
5812	instup.exe
5812	instup.exe
5812	instup.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
4924	aswOfferTool.exe
6940	aswOfferTool.exe
440	aswOfferTool.exe
5908	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 52 IoCs

Security Software Discovery

T1518.001

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online.exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

instup.exeavast_free_antivirus_setup_online_x64.exeinstup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "50"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "19"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "14"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "21"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "64"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "65"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: setgui_x64_ais-a39.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "15"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "87"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "90"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "0"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "57"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: aswOfferTool.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "67"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "71"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "85"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "1"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "12"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: instcont_x64_ais-a39.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "11"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "14"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "42"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Replacing files"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "100"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "47"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "86"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "35"	avast_free_antivirus_setup_online_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "DNS resolving"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "49"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instup_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-a39.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "92"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "39"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "69"	instup.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 69160.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 69160.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeavast_free_antivirus_setup_online_x64.exeinstup.exemsedge.exe

pid	process
1672	msedge.exe
1672	msedge.exe
3912	msedge.exe
3912	msedge.exe
884	identity_helper.exe
884	identity_helper.exe
6936	msedge.exe
6936	msedge.exe
5684	avast_free_antivirus_setup_online_x64.exe
5684	avast_free_antivirus_setup_online_x64.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
5236	instup.exe
6504	msedge.exe
6504	msedge.exe
6504	msedge.exe
6504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs

Processes:

msedge.exe

pid	process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exe

description	pid	process
Token: 32	5684	avast_free_antivirus_setup_online_x64.exe
Token: SeDebugPrivilege	5812	instup.exe
Token: 32	5812	instup.exe
Token: SeDebugPrivilege	5236	instup.exe
Token: 32	5236	instup.exe
Token: SeDebugPrivilege	3844	aswOfferTool.exe
Token: SeImpersonatePrivilege	3844	aswOfferTool.exe
Token: SeDebugPrivilege	6476	aswOfferTool.exe
Token: SeImpersonatePrivilege	6476	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe

pid	process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
7032	avast_free_antivirus_setup_online.exe
5684	avast_free_antivirus_setup_online_x64.exe
5812	instup.exe
5812	instup.exe
5236	instup.exe
5236	instup.exe
4912	aswOfferTool.exe
6680	aswOfferTool.exe
4924	aswOfferTool.exe
3844	aswOfferTool.exe
6476	aswOfferTool.exe
5908	aswOfferTool.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3912 wrote to memory of 1868	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 1868	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 2876	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 1672	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 1672	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe
PID 3912 wrote to memory of 4224	3912	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9272c46f8,0x7ff9272c4708,0x7ff9272c4718
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
2⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
2⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
2⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
2⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6932 /prefetch:8
2⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
2⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
2⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
2⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
2⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
2⤵
PID:6512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
2⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
2⤵
PID:6648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
2⤵
PID:6756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
2⤵
PID:7056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
2⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
2⤵
PID:6704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
2⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
2⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:6748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
2⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
2⤵
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
2⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4888 /prefetch:8
2⤵
PID:7116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
2⤵
PID:7140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
2⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9152 /prefetch:8
2⤵
PID:6884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
2⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
2⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
2⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9884 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9924 /prefetch:1
2⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
2⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10104 /prefetch:1
2⤵
PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9012 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6936

C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
"C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:7032

C:\Windows\Temp\asw.9982f27d1cc85c23\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.9982f27d1cc85c23\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_sft_dlp_007_906_m /ga_clientid:09ac5b99-1059-48f9-aed1-a257d72b32c6 /edat_dir:C:\Windows\Temp\asw.9982f27d1cc85c23
3⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5684

C:\Windows\Temp\asw.44912b3fc563b897\instup.exe
"C:\Windows\Temp\asw.44912b3fc563b897\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.44912b3fc563b897 /edition:1 /prod:ais /stub_context:daa2ad42-a5da-49ce-bbac-433c43767a69:9946736 /guid:49cb7e3c-b018-47ca-845d-525e37d2dcf3 /ga_clientid:09ac5b99-1059-48f9-aed1-a257d72b32c6 /cookie:mmm_sft_dlp_007_906_m /ga_clientid:09ac5b99-1059-48f9-aed1-a257d72b32c6 /edat_dir:C:\Windows\Temp\asw.9982f27d1cc85c23
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5812

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\instup.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.44912b3fc563b897 /edition:1 /prod:ais /stub_context:daa2ad42-a5da-49ce-bbac-433c43767a69:9946736 /guid:49cb7e3c-b018-47ca-845d-525e37d2dcf3 /ga_clientid:09ac5b99-1059-48f9-aed1-a257d72b32c6 /cookie:mmm_sft_dlp_007_906_m /edat_dir:C:\Windows\Temp\asw.9982f27d1cc85c23 /online_installer
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5236

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" -checkGToolbar -elevated
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4912

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" /check_secure_browser
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6680

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" -checkChrome -elevated
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4924

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3844

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6940

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6476

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:440

C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe
"C:\Windows\Temp\asw.44912b3fc563b897\New_180417e0\aswOfferTool.exe" -checkChrome -elevated
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1123633247124059051,13893333138969223505,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6860 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x500
1⤵
PID:5680

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
133KB

MD5
2a9fc30f521ad22e2867b6708904c377

SHA1
85410a0f8e8a9c0f8af02ee64527eda17aaca5cb

SHA256
e5c86098875775d118a7d48380a40cc5faa1c282b350605855663368215377a2

SHA512
63f725c7f512128fe8e463b2f9658be19bf9d640f516adff38a8bd0acb0e977ffd31f4ce3c7b36cb3fa8c0567ce1e213be55a4218f3c66873ffe29c168f627ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
20KB

MD5
176409915527ecfea208547f134c8d72

SHA1
e050294f9e0e099f5c43e4202aab79e70e3922c2

SHA256
74f83bd50d3169b42fc1c8391fbecbb0c7f7d338c88231b0aebf6e93d4705b02

SHA512
9d4d83cdcbf6a45f547f390472a6459acf924f11fcdbe1bf3672dedfc20fd7025ed5683c596a15442b1ce8897015b7d65bf0805bead11d2c48c55afbcf47b422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
94KB

MD5
1d5502a76bd84b96ed92104156e9b2a3

SHA1
f505f8f731ad628a438b7ccd86f852bbb9a64eac

SHA256
2c8e130a11203c2f00a058de2a56cf191b0c3a688718fd6c26eacbf9fe4a5474

SHA512
f405b06a9a605c2fd4e89c95c8f870fb287d1fc124828704d79d6083e9be9e461e49166a60d5ce2b19235fee9d354b897f30def5f5f6658df97bcd5ed458b80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
19KB

MD5
1d05cc62583a7db7139e30dc7a7c24f8

SHA1
001c2cb08fc747cde1028a45b75e462ab333ea08

SHA256
35d0d6598bbfd4722ba330d6d957829de05c18706b4ea9443402298720beb854

SHA512
f4ebf61f3a49256e0a1c50e88d940d75891b54a6766d68346550d0fc04d65c63bc6224db35bc150a108d6dec981cc9b292aa90d7c339ff523e7d3a7f90b3d986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
20KB

MD5
01d6964fa1d3ab8f487f51efdf31f4b3

SHA1
b33fa213cb58724f59e7ec7b0388d1e629e963ed

SHA256
4cd7318fae6044deb19894f8a693bd1017fbb5775c369d767731d7ce37e304b6

SHA512
f78c89e912f35bd3e5d23058d0745d9f6e86aded629769cfbca7618eebe37eb8109a54ceef5314829c2481ba99a2fcb9eb88c1b3062be88c4b38196b088c5fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
16KB

MD5
b6bccb44eee52c305e15fc4ffd07f25c

SHA1
42253c60ddfbd6a2042c67ab33669d8f71ca53f7

SHA256
f6600fa5a55813db44f67fca9454794b9cad4350e3df34046d8f26fcfdc71558

SHA512
c9e1b9c1c2357f7624e78af8c27631c02fd67a2f744126d6a5f1cada9cb74f2020eb633cbb81897736af1f1b676b26fd2174eea9ee1526e9971d4255d2257213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
103KB

MD5
144854e84da83ffea974a51dc947756b

SHA1
50ad7fa26be4433392808f4e3f0f79ffc273cd78

SHA256
8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12

SHA512
515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
29KB

MD5
ea0762b0127041cd0e4fd143f7197585

SHA1
85dbf3edb1063c420cb0200086997f73e4148a36

SHA256
133fb8255fc9d77754885c0270dfab8c6e5e7c59055ffe8f91dc95e8dfd2115d

SHA512
8151a9a5ca67f77cb4824be3869699dbcbf0933c027f60cbf170b5d3bf925c94cdebed9d86a4e6fe2c978dacae78d0522e873b86d77c4bac3d19c7920f1dccd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
94KB

MD5
b2ea366a1b246ce0c29df17c198e9091

SHA1
4a64fcff1bc2c5eb6715fe3f341218b8a0c93f84

SHA256
0f523e3d526e3c8a2db0c2a76aa52d6443d3e1fd6b52f754b2533e071e308fb1

SHA512
4c4f263676a79f820a12ae44e3a2ba005a635f10a433ad73a871f08809bd226baad50c85fde224c3309b32b653ce49a0f1cde7da6e2fb3fbadc89e725587a3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
130KB

MD5
1fa7c4fdf650aebc04887233bc83c300

SHA1
f210d463b9d77a8cac5690af5f8f4fd30fc2bdbf

SHA256
4cb9d50daf3018416f00302314a53745fc8941b000f6ceffb081c2cbb0fa955d

SHA512
a087343ca711547f62d19513b8c0e8cd3eaef6bb2dc8ef3912051deb7435b840a0069ef4c149c2d9b729712f69f424fa40b6b7af67a0429d0d8a29cd14252704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
80KB

MD5
c049f7fbceb4309be4b514768f86e3b7

SHA1
83e78ecdc01310557f98dcbd3656c870c4dfadb4

SHA256
0714229f4eee03cc22cb01eee6b5d0031c4ed50b5d5ea6b234aedb8ad3e78467

SHA512
acd0fcbb4f5e4461a6dd8e9750fd009708206045b8725775b5b05d5503af9571d294cf367009219ea96121a5f80d359719fa324ae417927085b812c65db5f1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
141KB

MD5
36f7564a6c76ffb3eb8edfb55482925b

SHA1
12cb4d0a9a8fd30d0f5f6a464357819e44aa0928

SHA256
a22f49b61a3e623223df7437e6d4abd70a1705281cbc924bf9aba6ddf550c624

SHA512
f1f37bd3f7863eb520440c6c77cabb28297de169664b4a17d74de4e6c79eb7e1c4326b11a7ec450cb5ceab1627a506e0f9cc35a92aaa106a4d1f790ad6400dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
47KB

MD5
43938921463080ab6ad15073c1131ec9

SHA1
12138123cf8888d1d1a89a204b6eebe7feba83bd

SHA256
ff2be8e1a72c8b3f3d18f4993b09f5b29bfc0c5164271c381c839043b840f947

SHA512
bcd9bd2442d0c8b169336b03ee1a3a4a1a5a75bdebff7d239ab8d9f07350bc875b06f5adece70d8bdf71a9d1cd02659e5953034c090d3654e2b077616d4d12e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
18KB

MD5
f192cd468256839b23a05b27cdd52928

SHA1
c86ae8a54efe81dc7e375c31162132998e5d71d3

SHA256
1166767b7ebda96b81fefa630c7d510b31e32bac219ccdd10c7c78d1bc516abb

SHA512
90bf50c66a039082708b30a773586c6fec4be37c38ea29b936e7402d61f26aed6fecf4d7b97499de22476f04536a0f5857f2c9eaa8c671af841caeca33692c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
74KB

MD5
9ac891752347fb47ae16b92b18ac9607

SHA1
996b6dbb94de162d26fb4681d6d8cc9a94b6e28e

SHA256
8c2628f881a1f61a44375a44f5481daeee150f55ef0117a8f0928f3d2adc8825

SHA512
b228ea6722ad99f053d716db47aabebed8d5d2c1f123b38e481345698b3400eb6c105dd09dd6d60ce2767cfb0b810978d9b4e5f98909201d5d4c899b52fb927a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
80KB

MD5
1215a1528f3fdb1ced02757381c2aa77

SHA1
fc433350258c9ab0438f919fa68f4aded8e96df7

SHA256
c381a3dcca5ce78366911a63c7810320f1d4ab65a2c71d151e4f115a393151b3

SHA512
a285bd76a36a8684162031a2202e6e613b333a60df8e3c19521bccab88f7ce5aeaa7a4403d46bdd2a235b25492f78ff80b4dd019a458394d50e54ce1cbd3810f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
26KB

MD5
bf4dfd7188f21de3f39f4756dc1e471b

SHA1
31f81c064d53858e2ed48e18ae6da690824cf7d0

SHA256
4719170f5ea4c8ad27d161b39ff351c2a5ab28c22a27859dc8184717a044b22d

SHA512
9ffdbebe0cc8fa1b4dd1c61953f259df8dd134d3c58b5f3c2d794f874a63604031aea05581c7c0d715baf5225de0c3f00b56287218458b0acec423bce2be4dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
26KB

MD5
159be154b0c6a30c75f4f32d27f2e0e9

SHA1
656d75888330c85405f7d107175858fa7bb08230

SHA256
f24d5ad304b1430ccafd63cefd033e8e8c17f4864eb8b7984041c3cf4da961e7

SHA512
6319f3fa6ff4bfe58ad34acde79207c72210f5594fd1f3895451811c8fc3d163569bf8df21b0fcdc123b8676e766af4955d7f0c67a0601fb00f4841510a1898a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
19KB

MD5
b776233322697ee26b8834e35359764d

SHA1
327a743d304c4b27f243a5d4738c401e5dec3e24

SHA256
15e5a253f62978e07e4823d23bb97d956099ccde8704fdd38aba02b11cf7e40d

SHA512
73eec5c89887b99f089c610826dbe273a86f9f4c0f5f0f987d87b7d9ed12e78a1cb5741d30d23d21aff6536dc34a1258cb3eda9a811d2294e96af4fcda1637a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
Filesize
1024KB

MD5
6e52940e3dd334911fd10bfa1aa5d26e

SHA1
8b2364e70b7639432283a280292ce4ff6921903d

SHA256
f61cb9636f269a715d357cd71b4b1877e90b10d5dabcf2b4126a100801e6863e

SHA512
7225fef22cf3a080d8835b0547bc7fd80a90062ed31bf95c62bb7f8b30b31e2bbb2f9e2db71541e0eda9979d908a4f0c966e9516fbcccf47af7110df8037f8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
Filesize
1024KB

MD5
a4dfe9c38bc60a5ce0c71b48b5f76e79

SHA1
43661d677c5b1c203229aa612e54434d11a50076

SHA256
5477dc8e7bb9174b4eba6eeebed25645f2db479df6187a8b5768aedc7ee0a4f0

SHA512
cbc1bbc6f4c1689e735099a3513d3ea2205cb2ffc237379aeb7d23f2d501c41b015e7eba808d6f6c88dac287beefb0358c8189bf6dc241a811b98c97185d1221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
Filesize
1024KB

MD5
4c676a7cb985fe844877d999e9454007

SHA1
66a4e345e72b352a12f5fb0c0d7bb56d9ae4d06f

SHA256
31d339c48f62a1a95554debe86249d129bf336989659a014e19f01ffb49dbda9

SHA512
0642c8e99cc7434d7c5a61345dfbded58d6ec78748a6e3dd4b7845b83b6aea0e4239cac43fe88bbfdbee038d99326f0d910ca9c2a4d377ec092d09a69973fc31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
Filesize
249KB

MD5
ca6ce6979514711b3875b2df2714718b

SHA1
733b12f38635033c5347e5203c9613a5ae713d69

SHA256
319ad59e36ce2063396f5a2edeb65ec856947ef382871338be0ba594249a956c

SHA512
15309eb6243f3093a49add4385b3c07d6c392deb648ed989974b9c06f76b97dc9fef7ddaec1d72c31f23004f868144328f725637bd9769ffe26d450207b0bd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
Filesize
437KB

MD5
3d95f990cadcaef41a61206562717ee5

SHA1
f1d5b1a17dd8b79a5107ef1a28ad1f4340fe5f49

SHA256
6113d445a471c8e7f8bf82e68ff46be9bfd1a14d45254a086e2a128a6c9bf0e5

SHA512
2d7aba8e2508650bef48fa1adcd859950b3b15fce659a7b00cbde471aaba90e42f1f6e2bce85bbf883ece8b5af5b840e652ef4c02ced4f0ccfcebe23103c9c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
Filesize
16KB

MD5
ddf9e6b63630bc36d67d1253a926ee48

SHA1
63d5e02dbb16b05885c20dee9541bbc6f939eee5

SHA256
228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61

SHA512
c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58a7798e8b9ebcd4_0
Filesize
228B

MD5
81330ac899dcac8119351d9af87ac090

SHA1
6396999d82c2d8fb64a857ee723a7c9b4ada23aa

SHA256
b4e84c40a60da9b364b8dfb2fca8dabe874b2f19ad9eafacad5f7b9b556d03d5

SHA512
851abb3c25e3ecf556739eea59782cd808153179ad8d3be33f84076de68b6dd023c5cb73154c828984473d1a90e2b833f9082a6436b03c03e45ab48ca4d2cd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b245d4bd8b929f1_0
Filesize
32KB

MD5
ad9c693b0c81bc62adfd0ec2dcc12732

SHA1
261c8492b7946601e1060cacc412dec6cdb57ca0

SHA256
9ddf7ba95da4a7127517994c864de595c47b066acb51823c929003ca924e249e

SHA512
a00f7789abc57b0ac3e68bd1d31fafa30f6ee19ad5a7a583d587125aa26bbf576761f2054ab622cdc700a8d0bf907e8414cd11fa3f5523802dde0c42e9142f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62e93011fe6d8bee_0
Filesize
389KB

MD5
5943ddb11efc8030234742cee16ce4ec

SHA1
f90a0d8e037edae288dc0d065b2aeb8530e65fbe

SHA256
ea6519b1b9b71699ab1e88826b42e9a1e87dbc86203230f81ebb39e28d6dfe33

SHA512
425ff3a3ca82d4ae7c4e3b5d6a642a8b63bcc063895356903cf23f978c8c87c896871d5245d11d3e98bc5551b25802dade1c0f1d5c58fe2c332b36e7a1561406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9801e0ca8efbb0cd_0
Filesize
5KB

MD5
5a2b95376d9c782ef1fd73d82fb70a0d

SHA1
b0766d701030160d9216a6e56f5354020cc7a95e

SHA256
991ffbb0c3bcb09c06fd53c06f389f2a85fbda982a6d2b5c535a905b1150b78c

SHA512
04259c72ac4d6597d6b6dfd6c1ee13b08c3388d6363405c0324523ba5d6e79ee43dd3310480e297a5fcf218e25e0f56b7d4dcd16fe0ba5d7c2a49df8fa13cded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0
Filesize
300B

MD5
4cf66880ac1f2ef74d26122b4e28a11e

SHA1
829a17558a8e8de57103c2fe9b4637d9477357ec

SHA256
4b8404084e446a8621e7f51cdbb4e0e542dcecdda36afd4a83cf28b31d1dad99

SHA512
d8aecd2d978c41c3bbf5cb42c265b59ec4a5faefb04d3dd4532005c26f511422ab82f9e00caec8d730efdff2ef7e8079017688c00749a1dbd975c911720324ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
4KB

MD5
3f78cf4bfd72333d74f25d4d8e77ca02

SHA1
84a5d9b5e09ad970f51c4770d9a46aff11550c41

SHA256
7d0f182bc45b6809b8f82397f2a7b209fd6b497c5aab1a12fdf028575c493582

SHA512
9de3691c92dae247a9b69352592e5c700355d59ca2553d344b6818d4c4c8e29f74e490f35ccf3a421eb9715a4102644668a8e377ee3f3fd0769663fb26991ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
19a1cdb8fecb09259c329914b388f957

SHA1
23e81b7759a08cc8c7115c5110cb341e4254af7b

SHA256
0066880ed1df0a90b01e94085ca374859c399d621e08b3931067809ad5b27121

SHA512
99cd1a74e442da0ce3829c08b8555025da000d14c2751995683e4c895c7cf91c6d9059922ba2da8620856de26e55da82832f177337880b00c2f8538389d17c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
7cfc7561386e10952f765e2391a15f76

SHA1
df9fa0f1863392f33551c72f9f7b9ccdab092913

SHA256
3084f58c651f0b794e6f46f9293b3495e4a5bdaa015e97f779d7a0eef6132c97

SHA512
63eda0b0fd065e3ca860d45207ec59974b34e3ae66e66bec8959ca5b1a776e513f5ab0f0faca58156d0c482e26f6d6d9e9e6215f388a021ab3ce0ffccb6033eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old
Filesize
391B

MD5
48522260a294991cc49309f190a66351

SHA1
9abc6b14c874443d40a206afe4d5d9d3e6649749

SHA256
6a6420d4a48fffd244d61e012f035a91fe78df964db520ebb22849393bb01e50

SHA512
c5e8abdc46fa9c0c2c5b689fff7b851f81dc88643b90dac528c5b63003d34fa8ec2819810105681b830f318e59c26ff926d09ff9243b642ab8642e5d622b56d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old~RFe584f92.TMP
Filesize
351B

MD5
08534a1f49aadf3bfc9000d1e9a4de7a

SHA1
cc4eec816917c853e6aaa38e551e02bb486c7acf

SHA256
f2447cae90fb4edc19dbc83228bc14d1918a7e106f581cbb645118ad4df89c6f

SHA512
281c4d15e0585525f8c834ff7cbdb035a5846ce2697f3f324171bcf8dc06990004daed37f3b64a574dcb0ba6389bd639672eb6dbaadc106b8675b09c8c878dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
7a9bd4e923bc91c5977c7e2cc8540459

SHA1
9421583dc686a050c3c89fe5defc25c2417d186c

SHA256
1997fbfb8cbcc2ea02ab36afc139af9b671392c4d58739347eb76ddced484082

SHA512
58042a8a18f4f53081feddfc4d562055b6db8efe0c41cf28f5cfae7951a1190e5279b351ab7dedd6e09d02260cca30f1d264a46dfb252edd48928676052eaf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
e2a1a246474224418b20f50280d84f4f

SHA1
5ffd3079ee50e1446a49b200b57b51e4cdfca32d

SHA256
39717bc4b6d1930b2be7ab7c160b471a60a5ed72ef2716063e6e20ea17ac5c5d

SHA512
fdd0123c20292ada65f34b857f9ac5109b998841d6159d34e1994d4dfdb8582699f57aeed347e3ca25c0d86258895db261dbb1431298fd9010f5c32a4a6363b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
218fe99c7071207409127f6392158b38

SHA1
64192f6a2439d165b10f478a7a6795eceaa82301

SHA256
f959a467b7ca23864129474cddcc2a2c51677ecab9c00c097f1848fc649ca679

SHA512
aa3eaf6f40d3d6f8d8ddeda8a67201229f4e80d40d06753ad79ea0cafda971f3467696dc3656917dd477abf25e8fc5ff388fa813ce2da94569439787b64932eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c64d567183f6d89eb43e82218b3c9039

SHA1
9e14e811e2091321473f0efec83de2a7fc304ecd

SHA256
6c4dc4f77b9c0164022bde1be746e991dee1c3b675e656d7ef3eec1f8330ed41

SHA512
d072f199ab39075f64772a7ad63fb0b01264e916b655a39d328f7fac70d4e9fb0fd6bbd9464d68e2ae945bbbd3652e36378d2e353460c5590188c8baa30365f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
91b6057c476874e5d4346ec986c1e102

SHA1
26b4fd9edd5b5b987840041ec0bc79b26f082a56

SHA256
af31d20afab37d8edaca5c58b0f6703b5876066291ec0a1e3a7a14bff67c2e24

SHA512
8952b531b412b572601d462b9bbd2bb3d4d0ef89c611960e9b86685d84916d2b73e621b823da2463416a304e3319b8713824fbc45e249a2dcb3312d5d788dede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
84bb5dc0edd38b2d0e4a3ff8d605fd5b

SHA1
232a0968f4bd2b1f4dd87efe2aaf7dc3244f8695

SHA256
68e3d108e8e42b72952d83fe83f69d8eca21d06c08198e39e9ca7b52f9d29a7c

SHA512
a32d3247f73658dba038e33e407c84cb59996ad18013325eb4bbea4f1050b72cc580f61c7a9750e1014248b256c70d15d713a8adee8307d57fcb9165f92ba6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
30c7cdd128992d8c7c7d8cb0642713fd

SHA1
70a1c08d58de8ba056bf1fe665de441392da91b0

SHA256
cd109fc6e22c34acf37056017062d7e2822b82712a9f067436073ce2487e9057

SHA512
87ed2a5e8ec2f16195794151cfcb66e38433cdd9cdc0df38c541e53e34ac1b69f9a4f7546729905637d761e6243bba37c9d03425e558729d6411e237e07d5c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
f8f6135bdb50a19773b127a89582836d

SHA1
89e5600d4c5ac09cd79d8d4e361e88cbcea8631e

SHA256
5be291ad07c4756f398e73b3a4832a1426d17d11ef9cffbfdf35f79049aebed9

SHA512
4a32923f22178568126879385f29c5296adebf4cbc058150ec00cf93264b4e33390985c081f3a1138642d2a3ca997a61012cd57ef1b4bf1a0c548eb19f340078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
bddf88ae65db10b87aa72da32156fd0f

SHA1
095ffa23634e1124fc898671620e37c0396822a5

SHA256
79c2a044297cf24bf2a60a38213dd4a4de0ff8f40b33ab8871c5863b9f42bf35

SHA512
bc33b7d056892945a08bf2e68c56d973e30982a2335ab5280b2b32851964ae6eb38f978a3fcf51964de9e1ef6366a3fc0bab83f05a37b8f921873a29454cca66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
69f16f1abb6f3209be9871fa6700bd7e

SHA1
04ba693c7b5906a7aab724a1f8b58ea08a7ccf94

SHA256
5698e4ace3591937cae41edbc9cd96e398358e03b73eaeee65b7527e4764bb6a

SHA512
90f68369f80aad7e2b4c3481db9001e1ea377627adab979121637f0171da8ac8d6d28fbfe7f28532535e9b5fac102dec1d7c14c4b7c1253be27b05b035110625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e8a9c8fef157d19b2d36ccece6f585cc

SHA1
cb1359ba733cf5c8dc93e9b345e2a33c89b949e0

SHA256
f06f740c7ca8c4922f9ca1d1b874d98c230eeafff609dd17ef5c74c3f18a3f5c

SHA512
00cd9ccd29441a18c1015b24b6721f05f3023d5b19321510399942717598351e74911cbf7374c23161778051df25358a78a769216c4b66763ada66303a7cb5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
4ce020163d659196630f3e4e285aae5a

SHA1
25ecfb1e512d7fd53d5d7bd90670320be0ad9301

SHA256
adb18f81551d8ab95367c5da405f02e9ce714093da15222784615876c916fe47

SHA512
d509be33471cc7bd74c83d07e7047f7e13b5db18f97b54a3b3384e79044569bec6b3aa1c5f73e373e2392d649e72a784e8acac50758673b5451687f7e25bd27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
2cd2b4c142682bc006c3e25cade716a5

SHA1
d3441a24cdaa3e2102ab70b6c209c25b2b290bfc

SHA256
7fad6de06496b70c0c53b53984c15cb14321f990338f13ed1bf03326fd9d67e8

SHA512
cbe1531de70f27b30dd44ccf9dab20bf09a9fb3a4bb3cae755ca0ccec071aaf0b32d5908be3ec62848943a2fff65d9e0b01e0bb2b354a9657594dc834c468870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b585.TMP
Filesize
1KB

MD5
7a25fdcd6ec160d5e1a9b4ad9d710ea6

SHA1
38ae37b1fd000538fff413db7b319cd7ddad170f

SHA256
7bf2bc45a47eb1404f91a3dbc8d961a7da8651b11f707177522e9e84bf605188

SHA512
64ce0c17d0c606e389e69282c7d65e0ab67e6e64f6392d3834da7a2552544484c4161843a18616d9b48e31fa8b9b7ad2e8d381c7b47c5c938b6640f9383267ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b664f20f-737c-43f6-a438-7a286218c7b2.tmp
Filesize
5KB

MD5
80a9c84c764d418e8c2d3ae7940bd948

SHA1
3c4394b1af7a297d69076089606a74fd9cbe53e3

SHA256
f34bcc64cc3e93d2865b8ce28eb249fb9179f9132f613b30b6c620b3e825ba0a

SHA512
87f0a1b6817c2628d9fba7fc8c2b2fbe67b361860b4711de2c29947491b5b5206f50d1bcfb51fb5793d10a0465e1a3440426445633935e85d713b936fb85a03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
12aa8d765e66e53f8ac72578811ab9cf

SHA1
4c6870618c04fbf968c6fe6898cb83f800ead632

SHA256
9057bf1cd91087eedf7106804764b9094f929c22d26cebf1126764750367d11d

SHA512
f9a5b108449d7ed972156a6f1f6dd9fe9f73b52ae1b49d46576dddc18cb35a73b9da346a24b81f782ff564c0040cac51d3f70b53015418422b2a0d54d5e6313a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f6ddfb5fe3914dc476375d07e0abfa47

SHA1
fc181b908806fbdea58653d678d61a10143cce45

SHA256
4f361c3e9b178644c76e0d163114b55f5f5e732da8e070e0f4a1f3bf9f81e2d2

SHA512
b633b7c128ad1521b2bfb0323c67f9ee2f8e159c24c54c632844444b5316dda65f507ad58269ed0a6b6b3925e4ab836aa4354e6e14c65ef53befb24c43774a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b0b198a6859edd759a21ac08660809f4

SHA1
0867d3e8b03348b0c55d1a27546c29ae8f181a5d

SHA256
3774e7da261c87050f36af4751f89dc2fcab1622b6403db963d48675fe2c9b60

SHA512
1b59a13a10344b0080ef05e9a199282052104c6702e58f967ab4bfa074912434e426ec9c44611e278fa58b2255308e6e7309aec7a5d5c4e4a8cc6fc017dc90be

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 69160.crdownload
Filesize
257KB

MD5
87063dcc56e57be5b89b378b804565c5

SHA1
1a3cd801c9002ddfae555589dc6db4142e8b2c62

SHA256
6a18508e3f651a3163dbdc9936409b33f03e27402f86bd5d55b380ec8973f4e5

SHA512
fd4f545dd4024b14bcc6f53d129029ac3a57715d9050b529e08508236d2b0fa735dbe248a9d62bedc8b0cc159287f5134a34eb2bdb50f6939819095380c69bb2

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\asw27bd0d88d1a4c346.ini
Filesize
846B

MD5
745f777699bb106e55f885d5763f91b5

SHA1
38f35955ab1f89df0360acc6524b39c34c4f7c71

SHA256
204e4db9879dd87a855f4f8ae5746fe0d92cd4890d2c5c366eab5a5214378daa

SHA512
5edd8d125d16d94389e71f6fddd69a01a0c11dc2a5b689de71841552719737cc9d2dc0c0ff89bc49a464b0e1377c9985ce914566d34aba999fa39a9d9858e068

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\aswe26c2b4c3fc3bf7b.ini
Filesize
1KB

MD5
69846a087a572e47b7575f474c5ace91

SHA1
a9ad54877d9e104fbb6056144798a1f14458a70a

SHA256
d3fd5993e2b965799cf2c81769bca399e86d6c19eb28005a072ac41a7d3e1fc4

SHA512
13d3d9e5ccec8d3714273b238f7f16c39e4c2a2833a7c8adf23aff588e7d28554fa595412a0a68e47cca0aa53504bf798297fb8b6c41ea22cc0f8db1c21aca4d

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\avbugreport_x64_ais-a39.vpx
Filesize
4.8MB

MD5
306bfbbe50ee620436b4e522eda1d3e3

SHA1
3f15e345ac87613c2bd911f000aad53cf8cdc6c0

SHA256
1fad5705c6ba3778495c3cccddd1040e5f5cc2e94c5da28011379464046bf486

SHA512
cde802e5585929183a0c57c381b9847f1329fb10957d32ce04c82d28d1af352610d7b7ea52e4899dfbfff1ec4ffff7ff8273ce2af97abf0999c00cc58cc99b75

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\avdump_x64_ais-a39.vpx
Filesize
3.4MB

MD5
cd3748f9c9f8f4a3a032ac901c4f0586

SHA1
9fd01b70bac4234c7126507e9965b9297460662b

SHA256
fb61b0d20f2905f10058ee64a761c21b53211ff996ec75665b74cd2055cd6b41

SHA512
e2b9305108f1548c0f6653ce567253f05eda371be41de5f6c6f321e28f58d2fe8d982c0bef8d22d6ff95d5724152454732902d60a65eae9ef20243e26cc06f55

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\config.def
Filesize
35KB

MD5
6c55c3f1aa70200d2a69101f6e63aa74

SHA1
6036bf596169744a0f0437f2e52e3d1fc7e8dfb5

SHA256
52a7c0c789319e42284b7b34afe4e366957c8aacdafd343d4ecd25ed6241bf2e

SHA512
ba190c1a9e7a0fa16cfbecb2ceff431cb86b558d37e46e2fb0eb0402d35341d1afd58861b93505fb13dea343779d342a3f833031049b0963ea2b30c2ed0a6267

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\config.def
Filesize
29KB

MD5
bb55c6feb475ccd94a7306dd9f84690c

SHA1
9c2c4848a9e6f8d26c7fffd07d412b3ffe568d9d

SHA256
a2e275e39de9ab45754221e79d94c0988db56672db6ddc5e0f54e6298eee1e26

SHA512
3d5cb82781d0a998e2f1232224a48bc5d5c1d01154ae88a59fbdcb55bc5ea76d0e658848627dd5f435237a1c38245dbc57a8db4567b1f5052725999a3e5f4c11

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\instcont_x64_ais-a39.vpx
Filesize
3.7MB

MD5
aeeb5645d1a42d73c10d466e071904a2

SHA1
8011cb95b74f202f3f931f42607b7c78231da219

SHA256
feac318f5a0b1e9a78f7e83a708edc3e66bf43c84803426dff4c8567e3895502

SHA512
d9803a1f3466b528a067e39fc514bdd8615f842da5f114436a058ea5efba5775f292598f626e7ae372e8d1d0dc2af50f26424034c32ca6519ae56017d859883b

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\instup_x64_ais-a39.vpx
Filesize
18.2MB

MD5
615c4826108fad74f098d8afdd2a10b6

SHA1
7ea9f49b3da4961a91ca7027b5361888c6edfdc4

SHA256
46296f4c587013ef7ea0a7a263becb8b50fa824fbba938ab106cd48ab329de7a

SHA512
9bf90d6dbdee30629605a8c9f32b0201e37e86c44a5a6b48c4f422bfac7224d47a5e303625fd110f212972f231240564ebcd9fb81ab51c6a4d9cc214bd8e25cb

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\offertool_x64_ais-a39.vpx
Filesize
2.3MB

MD5
44645c9f6d213d0f87608f4461046731

SHA1
c5b6af10b2abb6e1422f27102f1ea1fac59099b6

SHA256
42ec9cd1f6ea316265a93119c865692108ecfd2ab6f007e6d4a2725214e56079

SHA512
27d7d698099ff3fe1c0200093174765f1f8e56c5b011cf2bb5ebdb60b3b2fcb3fe32bdac5cf79f349eb698cad269a3d75f6410c82b1e05e3a9ace1b9a5e1f4cd

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\part-jrog2-7b.vpx
Filesize
211B

MD5
2e25d09fe6709983aca15e8ce39d0bf9

SHA1
6e384f2bb8b65b46724a02f99e066178caa7b575

SHA256
ac3a3da24e88549552f0c32f266c98154d20762a2076217936971e4a2c565501

SHA512
fb10dd340b283e3eafb18e0e3897abe4bf2f8ae638d75ff73e0529cdbb31d925ee870fcf60328aa0373c027e957a97e06b44820a8d4aba3e8a3f45fd98e9fa74

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\part-vps_windows-24052205.vpx
Filesize
7KB

MD5
b039dff6c71a2de840628876213f6492

SHA1
6ee9e207fb52301a857da4dbd6bc253f2e3d2f18

SHA256
1f45d9ec71eb469de2c1266d3283baeccf097d99582a3d8ec9c1be2cf2a46b0c

SHA512
94157897e5ca72e022db831cf870621aa60d43db93c67cb4a90944b90299c27b51c4f78bce07db3b88304775dbbf046ecfed49fe7ae2edccb613394a5b93107c

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\prod-pgm.vpx
Filesize
572B

MD5
f767ec2c67fcb174088857a0e5a7dfe9

SHA1
1f82e0ebabc7a81b8440f2cc658bc36ef80aa058

SHA256
026792f688139128de68a232bec5b0d59c002460d9aa1ab2cba6046be17b300c

SHA512
ca2bfe5360f28d21336338f4fc5d993cb6b2c1b3109522c607f9c784f05edc159f4fe44156171dd93e9f86a166469ccc4120291ddf1d14af4c77f096bd998d12

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\prod-vps.vpx
Filesize
339B

MD5
819a0495cf2d326e07dc41d3a5aeb8c0

SHA1
6c25a80a44b8fa7f39ea315aa3dcb9ed47c7f8e1

SHA256
1a9cc2a45dc178bb4f34a896e9df165255d4da61dc7d0e9649dd50b14ab0bdfb

SHA512
4ccf12278b2802ae630cd02fb902b3118d78b39174a552572ab3d810766b03e40c5acf532f6f33fffa08a47e41177af3928d8ba79cdfcc476790348fdecc75fd

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\sbr_x64_ais-a39.vpx
Filesize
19KB

MD5
e20c13667bf44e64a92f7b5c4a9be981

SHA1
4afc6572ec14b44cf541478bca2b2ebfe5c6b4e1

SHA256
05c29bcc4f1cc3fe8e77b9ba4e57ed93d66de1ceacc2519150e994b9b9fc236e

SHA512
11bcbd1292a1136ed6bb6a47ccc6c30b8b0b2ddfb80222a2e2d9522fc24e35eb91105dbac9747a4758881c3a523f8d1ca7ea71b441c54625444058b7be1f277f

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\servers.def
Filesize
29KB

MD5
8625cc598545b4313acb4c34cec05821

SHA1
5ff65be78f84c547f43e7109604fb579c98c0f2a

SHA256
4659553d6de4bb8fd5cb08f436274215b605dfc788824073721812bf40c7308d

SHA512
04a2c0b88a2e9248dc6b3292b52818d7cedded27b7dd76aa2c36755a8c35dc4b551f799076d4bcb2c4bebaf551ab7dc9ed1ca984c51c9824ffe0e7935427c9b5

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\servers.def.vpx
Filesize
2KB

MD5
ada78e665ef2fcf8709bdd7386974119

SHA1
594d311379ce3373b4470a022eb0bc723b0caf53

SHA256
9a0e8da65a6824441e1deb5533ee21c1084398a2c8023d3b730d63e49d3861bd

SHA512
23aa516fb8edc6e090a2776a75da9c92a3cf97b4c002df305f07364da17ec53607016e9ed90ef814968a5b651a9b05f9caefd588c58f06495975ef8f27915de9

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\setgui_x64_ais-a39.vpx
Filesize
4.0MB

MD5
5ac44187fb8ed4771a028a4f206708e5

SHA1
c9aaf33b0a1b0bef82e17197973ed3839472e0ca

SHA256
6100f12a2fd4267326da4ea65ff29935f8d1f8be3cdde9e2a895560e40192df8

SHA512
6537d0145037f4addbb480d6b8b44e8213b81093d3e751646103897c8b581559db5704b31948861893b73a9df1053bf12fd9522af7a888790162899e5b7e3eb4

Download Submit
C:\Windows\Temp\asw.44912b3fc563b897\uat64.dll
Filesize
29KB

MD5
852a3b7a54e53295b24413aad55e1459

SHA1
1b2cf1d539e249c6014841dbea451e21f13a8515

SHA256
067b4f049fe07ea3af37c5dfdb7b237e49db432035361a3d0afdc527fa5d6a2c

SHA512
5df4a7f42814f069205d3f5e6337b250b287089e9d48a3711b8d5092b9ee04526a5d1b08c8b6a58d58b44296879001569747d9470542d8db17e3df14b3b3e843

Download Submit
\??\pipe\LOCAL\crashpad_3912_OQAEABVPDYRLSNZH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit