Malware Analysis Report

2025-06-16 03:39

Sample ID 240526-kpnrbsde87
Target Capture48.PNG
SHA256 36ade5fcd549711465e810ae21da6cb2e892fea2f03eb9622c361fc3f8484c9c
Tags
bootkit discovery evasion persistence spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

36ade5fcd549711465e810ae21da6cb2e892fea2f03eb9622c361fc3f8484c9c

Threat Level: Likely malicious

The file Capture48.PNG was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion persistence spyware stealer upx

Downloads MZ/PE file

Sets file execution options in registry

Checks computer location settings

Registers COM server for autorun

Loads dropped DLL

Identifies Wine through registry keys

Reads user/profile data of web browsers

Executes dropped EXE

UPX packed file

Checks for any installed AV software in registry

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies registry class

Script User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 08:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 08:46

Reported

2024-05-26 08:49

Platform

win7-20240508-en

Max time kernel

138s

Max time network

150s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Capture48.png

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\utweb_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
N/A N/A C:\Users\Admin\Downloads\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\Wow6432Node\Wine C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Key opened \REGISTRY\MACHINE\Software\Wow6432Node\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\utweb_installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\utorrent_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED" C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File opened for modification C:\Program Files (x86)\GUM2BF0.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_en.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fr.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\acuapi_64.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_sl.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File opened for modification C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateHelper.msi C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_et.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_da.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_cs.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pl.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateHelper.msi C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_nl.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File opened for modification C:\Program Files (x86)\GUT2BF1.tmp C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sv.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ar.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateWebPlugin.exe C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_hr.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineIdDate = "20240526" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.ProcessLauncher.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ = "ICurrentState" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ = "IAppVersion" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods\ = "12" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{30612A81-C10F-498E-9163-C2B2A3F81A14} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\LocalizedString = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-3000" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBC1D02-EC16-479A-83F6-AA4247CA7F70}\ProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoCreateAsync.1.0\CLSID\ = "{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\uTorrent\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\AppID = "{30612A81-C10F-498E-9163-C2B2A3F81A14}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\uTorrent C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods\ = "7" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}\ = "Google Update Misc Utils Class" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\ProgID\ = "AVGUpdate.CoreClass.1" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\AVGBrowserUpdateOnDemand.exe\"" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\VersionIndependentProgID\ = "AVGUpdate.OnDemandCOMClassMachine" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine\CurVer\ = "AVGUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc.1.0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\utweb_installer.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\utweb_installer(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\utorrent_installer.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 1708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1708 wrote to memory of 2616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Capture48.png

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.0.1792131921\2112953594" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca49a5f-8559-4603-95f1-610f44e6aa14} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1268 11ff6258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.1.636883884\1609998794" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f0954f-428b-4fa6-b066-a0287d25994c} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1472 d72258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.2.1656374289\1688371987" -childID 1 -isForBrowser -prefsHandle 1948 -prefMapHandle 1944 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed911b0-b564-4cab-9222-385516ef43fe} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1920 19da1c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.3.1652117714\2063477170" -childID 2 -isForBrowser -prefsHandle 820 -prefMapHandle 1636 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c57e96e4-643e-4599-a8cc-f25ea3d274c6} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 748 d71658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.4.312293832\496485691" -childID 3 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0f01c8-aee0-40b6-aa2e-ec1d94f2f174} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2832 1ba2d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.5.1735877821\74353474" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3036 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2431e21a-dc8d-412b-9a1f-9886cffebafd} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3748 1e91ba58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.6.2007010677\968850626" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {682287cd-535e-4fa7-8137-019037799539} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3848 1e91c358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.7.1908570675\883105084" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd54420c-685d-4abd-ac10-94c0403cb817} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4020 1f030158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.8.1336577085\1212963709" -childID 7 -isForBrowser -prefsHandle 1904 -prefMapHandle 1864 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5d92f2-20b8-4a1a-bf40-cfb21e54057f} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4260 21906e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.9.1311697336\1688754047" -parentBuildID 20221007134813 -prefsHandle 4408 -prefMapHandle 4400 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {464da955-a5bd-4284-8c13-b63406be97f8} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4276 21fc7258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.10.1402949777\357644510" -childID 8 -isForBrowser -prefsHandle 4596 -prefMapHandle 4164 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adfba818-4a4a-4066-8d25-138ea2616bd6} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4052 1ccab858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.11.1763189410\2055283360" -childID 9 -isForBrowser -prefsHandle 2584 -prefMapHandle 2572 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {593c2901-de5a-40ca-b29f-2aef942b46d3} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2408 1ccac158 tab

C:\Users\Admin\Downloads\utweb_installer.exe

"C:\Users\Admin\Downloads\utweb_installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp" /SL5="$5016E,866469,820736,C:\Users\Admin\Downloads\utweb_installer.exe"

C:\Users\Admin\Downloads\utorrent_installer.exe

"C:\Users\Admin\Downloads\utorrent_installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp" /SL5="$7015C,840718,816128,C:\Users\Admin\Downloads\utorrent_installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe

"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110

C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe

"C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6dEE0oDaKTHJ2CXA5wmbo5eucSYsfeeCqzL61Nh8Jnml66qXjo7A5HNYAGX8HiK6bsgTidU9F86 /make-default

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5faEMABXNkLeGn9dVJ5FbU20GGyLVhANtsbn4WkWsUsbJTULIiSQF2LWrsY7sARBI1J9LHmYq

C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezI2QUNCRDZELTVFOTQtNEZGQi05MzI4LTVDQUYzNjkwRTYyNH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2NDBBQzk1Mi1FN0Q1LTQ0NkMtOEIyQi1DMDIwQzczRjcyNzZ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA1MjYiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDUyNiIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntCQkZCMTcyNS02QUY5LTQwRUItQUZGRS1GNjBGMzEzRkNBMTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIzMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNDgwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{26ACBD6D-5E94-4FFB-9328-5CAF3690E624}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B55348_820294101 µTorrent4823DF041B09 uTorrent ie unp

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B665C8_1674117706 µTorrent4823DF041B09 uTorrent ie unp

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B68428_552567487 µTorrent4823DF041B09 uTorrent ie unp

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B34E60_1155527349 µTorrent4823DF041B09 uTorrent ie unp

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47084&pv=0.0.0.0.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3440 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 452

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe

"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B68A78_970458692 µTorrent4823DF041B09 uTorrent ie unp

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 127.0.0.1:49192 tcp
N/A 127.0.0.1:49200 tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.utorrent.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 d37p7e9mldky5m.cloudfront.net udp
CH 13.224.103.116:443 d37p7e9mldky5m.cloudfront.net tcp
US 8.8.8.8:53 d37p7e9mldky5m.cloudfront.net udp
US 8.8.8.8:53 p.typekit.net udp
SE 184.31.15.57:443 p.typekit.net tcp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 utbench.utorrent.com udp
US 8.8.8.8:53 use.typekit.net udp
SE 184.31.15.74:443 use.typekit.net tcp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
CH 18.165.183.54:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
CH 18.165.183.94:443 utbench.utorrent.com tcp
US 8.8.8.8:53 d2hg6tk38qvc67.cloudfront.net udp
US 8.8.8.8:53 d2hg6tk38qvc67.cloudfront.net udp
CH 18.165.183.54:443 sdk.privacy-center.org udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 api.privacy-center.org udp
CH 18.165.183.60:443 api.privacy-center.org tcp
CH 18.165.183.60:443 api.privacy-center.org tcp
US 8.8.8.8:53 api.privacy-center.org udp
CH 18.165.183.60:443 api.privacy-center.org udp
US 8.8.8.8:53 d1aodu4gs77ogh.cloudfront.net udp
CH 13.224.98.212:443 d1aodu4gs77ogh.cloudfront.net tcp
US 8.8.8.8:53 d1aodu4gs77ogh.cloudfront.net udp
US 8.8.8.8:53 d1aodu4gs77ogh.cloudfront.net udp
US 8.8.8.8:53 d10v4za288sjg2.cloudfront.net udp
US 8.8.8.8:53 d10v4za288sjg2.cloudfront.net udp
CH 18.165.185.3:443 d10v4za288sjg2.cloudfront.net tcp
US 8.8.8.8:53 d10v4za288sjg2.cloudfront.net udp
US 8.8.8.8:53 d2ordzmbswux6c.cloudfront.net udp
CH 13.224.98.147:443 d2ordzmbswux6c.cloudfront.net tcp
US 8.8.8.8:53 d267hdkwtkt57i.cloudfront.net udp
US 8.8.8.8:53 d267hdkwtkt57i.cloudfront.net udp
CH 18.165.185.128:443 d267hdkwtkt57i.cloudfront.net tcp
US 8.8.8.8:53 d267hdkwtkt57i.cloudfront.net udp
US 8.8.8.8:53 d3u3l7ezf06ydd.cloudfront.net udp
US 8.8.8.8:53 d3u3l7ezf06ydd.cloudfront.net udp
CH 13.224.98.63:443 d3u3l7ezf06ydd.cloudfront.net tcp
US 8.8.8.8:53 d3u3l7ezf06ydd.cloudfront.net udp
US 8.8.8.8:53 d2m2x9npp408zn.cloudfront.net udp
US 8.8.8.8:53 d2m2x9npp408zn.cloudfront.net udp
CH 18.165.185.229:443 d2m2x9npp408zn.cloudfront.net tcp
US 8.8.8.8:53 d2m2x9npp408zn.cloudfront.net udp
US 8.8.8.8:53 d1l65h99sv20xf.cloudfront.net udp
CH 13.224.98.190:443 d1l65h99sv20xf.cloudfront.net tcp
US 8.8.8.8:53 api.playanext.com udp
US 8.8.8.8:53 api.playanext.com udp
CH 18.165.183.45:443 api.playanext.com tcp
CH 18.165.183.105:443 api.playanext.com tcp
CH 18.165.183.45:443 api.playanext.com tcp
CH 18.165.183.105:443 api.playanext.com tcp
CH 13.224.98.190:443 d1l65h99sv20xf.cloudfront.net tcp
US 8.8.8.8:53 download-new.utorrent.com udp
US 67.215.238.66:80 download-new.utorrent.com tcp
US 67.215.238.66:80 download-new.utorrent.com tcp
US 8.8.8.8:53 i-6000.b-47084.ut.bench.utorrent.com udp
US 52.204.102.29:80 i-6000.b-47084.ut.bench.utorrent.com tcp
US 8.8.8.8:53 router.bittorrent.com udp
US 8.8.8.8:53 router.utorrent.com udp
US 8.8.8.8:53 update.utorrent.li udp
IS 82.221.103.246:80 update.utorrent.li tcp
IS 82.221.103.246:80 update.utorrent.li tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.86.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 i-21.b-47084.ut.bench.utorrent.com udp
N/A 10.127.0.1:5351 udp
US 8.8.8.8:53 apps.bittorrent.com udp
US 52.4.185.34:80 i-21.b-47084.ut.bench.utorrent.com tcp
GB 87.248.205.1:80 apps.bittorrent.com tcp
US 52.4.185.34:80 i-21.b-47084.ut.bench.utorrent.com tcp
US 8.8.8.8:53 update.avgbrowser.com udp
US 104.22.63.125:443 update.avgbrowser.com tcp
US 8.8.8.8:53 i-70.b-47084.ut.bench.utorrent.com udp
US 52.202.107.113:80 i-70.b-47084.ut.bench.utorrent.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 104.22.63.125:443 update.avgbrowser.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 i-44.b-47084.ut.bench.utorrent.com udp
US 8.8.8.8:53 update.bittorrent.com udp
US 52.2.17.230:80 i-44.b-47084.ut.bench.utorrent.com tcp
US 173.254.195.58:80 update.bittorrent.com tcp
IS 82.221.103.244:6881 router.utorrent.com udp
US 67.215.246.10:6881 router.bittorrent.com udp
US 8.8.8.8:53 i-24.b-47084.ut.bench.utorrent.com udp
US 52.202.107.113:80 i-24.b-47084.ut.bench.utorrent.com tcp
BR 45.188.46.171:49032 udp
RU 5.166.180.254:22547 udp
UA 46.211.149.255:7669 udp
JP 119.174.225.120:15153 udp
US 8.8.8.8:53 cdn.ap.bittorrent.com udp
MY 161.142.150.67:10256 udp
BR 179.130.155.52:6889 udp
KR 125.137.232.3:47702 udp
CN 49.80.131.217:51413 udp
CN 171.88.111.211:55371 udp
UA 188.163.46.127:44420 udp
GB 87.248.205.1:80 cdn.ap.bittorrent.com tcp
US 8.8.8.8:53 utorrent.com udp
US 52.2.17.230:80 i-44.b-47084.ut.bench.utorrent.com tcp
GB 87.248.205.1:80 cdn.ap.bittorrent.com tcp
NL 83.149.106.135:58859 udp
NL 46.232.211.25:58047 udp
GB 86.150.223.201:6881 udp
BD 45.118.246.241:27271 udp
BR 201.71.167.45:19062 udp
KR 211.213.233.48:8021 udp
NL 45.154.86.140:54413 udp
KR 121.188.208.204:7977 udp
US 107.149.205.110:6999 udp
FR 62.210.74.109:5870 udp
RU 95.25.41.12:40341 udp
BR 187.62.77.74:41604 udp
GB 79.135.126.78:19853 udp
ZA 169.1.248.153:41983 udp
US 98.143.146.7:80 utorrent.com tcp
US 98.143.146.7:80 utorrent.com tcp
US 8.8.8.8:53 i-64.b-47084.ut.bench.utorrent.com udp
US 52.2.17.230:80 i-64.b-47084.ut.bench.utorrent.com tcp
MX 187.190.205.74:44078 udp
DE 34.89.135.129:6881 udp
US 35.232.31.198:6881 udp
US 54.214.62.55:6881 udp
US 54.70.28.180:6881 udp
US 35.163.251.58:6881 udp
US 52.2.17.230:80 i-64.b-47084.ut.bench.utorrent.com tcp
FR 188.165.210.225:36123 udp
US 47.89.251.173:6881 udp
US 8.8.8.8:53 www.utorrent.com udp
CH 13.224.103.119:80 www.utorrent.com tcp
CH 13.224.103.119:80 www.utorrent.com tcp
CH 13.224.103.119:443 www.utorrent.com tcp
US 52.20.225.138:80 i-29.b-47084.ut.bench.utorrent.com tcp
US 108.181.3.9:6881 udp
CH 13.224.103.119:443 www.utorrent.com tcp
IN 152.58.35.243:46569 udp
CH 13.224.103.119:443 www.utorrent.com tcp
US 52.20.225.138:80 i-29.b-47084.ut.bench.utorrent.com tcp
RU 176.195.152.232:51413 udp
KE 41.212.104.234:18150 udp
ES 85.209.180.155:6898 udp
CH 13.224.103.119:443 www.utorrent.com tcp
BG 85.217.207.156:36144 udp
JP 221.113.70.192:54172 udp
CN 114.231.153.238:19943 udp
NL 217.121.66.245:51413 udp
RU 188.243.183.202:27136 udp
NL 94.75.234.248:28006 udp
CZ 86.49.252.94:53873 udp
NL 212.102.35.17:28971 udp
US 76.217.85.175:51413 udp
TW 36.234.69.136:19150 udp
RU 5.18.148.190:9691 udp
FR 188.165.244.11:51976 udp
HK 113.10.131.90:20875 udp
FI 95.217.120.87:50000 udp
RU 109.169.128.232:54777 udp
NL 169.150.223.207:14309 udp
SE 185.236.42.56:55336 udp
RU 37.122.31.240:18856 udp
NL 185.21.217.60:50274 udp
ES 83.47.47.42:53126 udp
DE 93.240.80.150:43749 udp
CN 218.89.251.196:51413 udp
US 173.53.7.32:43125 udp
BG 77.76.179.204:24302 udp
NL 178.162.173.94:28001 udp
JP 113.147.89.203:51413 udp
KR 121.159.248.224:40890 udp
RU 89.221.52.137:23518 udp
KR 121.182.75.228:8297 udp
BR 187.73.188.212:12669 udp
FR 109.10.164.244:49429 udp
CN 112.46.73.149:20492 udp
AU 121.208.222.63:18735 udp
RS 77.243.23.240:26688 udp
DE 51.38.122.220:6881 udp
FI 65.108.78.54:6881 udp
PL 95.214.53.172:1688 udp
IN 49.42.36.244:39486 udp
ES 213.60.128.108:8622 udp
CN 171.213.17.39:18888 udp
FR 188.165.253.73:15688 udp
PL 193.34.212.49:19218 udp
RU 37.23.151.153:51413 udp
BR 177.40.139.157:31858 udp
UA 5.248.75.157:13783 udp
CN 113.123.2.246:14433 udp
BE 83.134.121.11:40323 udp
UZ 213.230.93.248:17201 udp
RU 81.25.76.216:63955 udp
CH 193.32.127.220:41605 udp
RO 95.76.3.192:15898 udp
US 8.8.8.8:53 browser-update.avg.com udp
US 2.17.251.40:80 browser-update.avg.com tcp
DE 5.189.166.86:10240 udp
SE 62.102.148.189:12744 udp
FR 94.23.249.222:21198 udp
IQ 151.236.162.35:37316 udp
BR 45.170.36.244:46913 udp
KR 121.187.163.177:13212 udp
PK 121.91.35.177:13722 udp
UA 213.59.163.177:11776 udp
CN 171.113.229.206:35264 udp
US 73.194.80.181:45024 udp
BR 181.224.30.63:31738 udp
FR 93.16.30.63:43377 udp
IL 85.64.222.63:7507 udp
CN 175.10.55.248:9901 udp
PR 24.50.234.210:6565 udp
MX 177.245.154.145:12695 udp
IE 54.194.135.233:6992 udp
PR 24.50.234.162:11739 udp
DZ 197.202.100.244:53752 udp
UY 179.28.162.35:6209 udp
DE 109.250.36.244:49369 udp
BD 103.237.37.102:54001 udp
RU 5.139.227.177:14612 udp
BR 45.187.163.177:39425 udp
MX 189.197.2.43:49032 udp
CN 124.226.39.91:1024 udp
AR 181.1.20.79:48103 udp
BR 177.71.12.161:37668 udp
HU 149.200.40.157:17859 udp
BR 191.254.174.74:50321 udp
HU 91.228.212.129:50069 udp
RU 5.18.146.86:3124 udp
PL 89.75.33.82:44624 udp
TR 78.179.124.162:49001 udp
UA 31.202.177.221:14851 udp
CN 58.52.14.247:23370 udp
ES 79.116.26.40:39097 udp
KR 211.248.247.219:7845 udp
RU 79.139.254.20:1175 udp
CN 59.173.132.133:51413 udp
SE 81.234.110.155:40733 udp
NL 45.87.251.132:28040 udp
ZA 197.229.2.43:5079 udp
NL 85.148.69.110:6881 udp
RU 217.150.75.228:7683 udp
CN 116.23.99.250:51413 udp
BR 191.177.136.149:10215 udp
CY 213.207.186.3:4322 udp

Files

memory/2220-0-0x0000000002230000-0x0000000002231000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\66df0252-3b41-4063-b37d-defa094b000c

MD5 6033d54aad85b9efaa6bc5afff111f95
SHA1 2967587ed0d2f5d1dbe9b6ed8c67403803dbb71e
SHA256 c4e32716721209caca728b73e4c5d3ab4e3acd967f022b61a29913637819fc3d
SHA512 28eb3b001b80338c436283c1f4495f46da2d5543304179ef3e698492d29e2de610507c7301c1e2502518991181b87e2d1d7906c5ec086cc6cf7c5afa80a95c04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\e39475a4-1f2f-4045-9f74-53a90d224bd7

MD5 bfc1ce3c32a1ac81b334348581b6cb95
SHA1 4fa70e18b592083461776d52c21be06953aae9f1
SHA256 a9bb4c6072778140e852b0db9460f9d4f35d4dbf4b87a2744278993557298c71
SHA512 a4d53be336210b22fa88f3faee09f5fef134fe47f875bb9451c0758c10b4d080f6ab23591a574ead5bb7f6619e9742b3c8071bda64e2a1da4df8db36841776ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\db\data.safe.bin

MD5 b407af0bcebb7d5d4cea82b21b35dfe1
SHA1 6d63c1dfeeb8f22731fa30b6c5156c4c4fea192d
SHA256 bf5e7df9ba061a4d560743e37117c77dac29609be5f9d37ed09ddcaa16d462e9
SHA512 31f61442965d29c34216d5b39e54a4fe737cebc9826de10dc960f2de502bc6b867d8111c2a3a07ae653ae38d42e8f4fed31c00f96f915e5de56e695b35a6776c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\activity-stream.discovery_stream.json.tmp

MD5 0b19f5f261bd447a81a5b2c9188a2d5a
SHA1 106510080bac30f5a41e07093171c881b0bf7ef5
SHA256 ab8f47136ba2e1138b5523be3d66c746f5a387f5464567fef576cf509992ba78
SHA512 6cf7e2aefc03f08581a20dc89d3a70e8f793a032b2925c9b26148da3051b41bb4f0172bc688d907eb4500796cece27d3272e59b405aa2e7256b0a3a7c7633cba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5eb3c0ba922d839f4b290fef64e7a55a
SHA1 6f5fa07c9ebadb710b255c8c786d024e5c2717a2
SHA256 c9b273ec0c25f67512cfa31e38e090f20446158a64de4ca059de78000f2db3d0
SHA512 cd7bdaa231d1ae4878ca34cad79806499bd7e69015cc9ca53ba404f3f52b830ad37d9280a2152409fc72efec5cdb22c3804add19f5d88c39ff356fe651771efc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js

MD5 b7eaa96511720acee1e76c77628b9bb9
SHA1 5d475dc0cee28dd568ab150b38e798aa2951a655
SHA256 4fbde19fceb1ca8ff74bc016c7f974791374ddfa78fa1a03a12914096ac586db
SHA512 3d1d6e714a290fc9e031cb0e9d66d7d4f074e6ba6d48487005a99a1d713f40c79e19dfd376e187bd24b9a4ed5afc07f3613094d12cac4b7556be0921c26b5bf1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\32257

MD5 f6a6e222a3cb1a73f86b95b6fa29938f
SHA1 173adea667de0ec13859a4fc8f05ad41d7cbf992
SHA256 28b15e601e8cc8d599cb441ab137ee595d324c7705ed6149979fcfe793571f77
SHA512 a7f21527a969237e500ecd8c956301ee4a0c16efe9e88b5a47dc296e3518da56050ffba531d818845813db5a6e6ab95197fab4ae2f5f0c8814dd92c2e064d2e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\5908

MD5 f1ccbd94efd2f56417c2d4b1b3cab912
SHA1 e4e10106552d969aeba386a31782eff89a5553eb
SHA256 30c487a395137f0a91b6d72930691ba5c041427b5d5cad29ec6c878a80f1803d
SHA512 19c0d4392645a108a6297e0205603d3b9fa4c4df83c2f6a2c112cdb9bd3d7c3f0d87e68db2fc281ab59d9b538025312547e8d323df4a460c20668691e8aec948

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\18970

MD5 7455586ab0bd0e516f6ddf5f65ccfed8
SHA1 133b295464b536303728053f3c7a60995f64eef5
SHA256 6b3c7bed22b50b479e5aa96ab2b0f0960722fa6038667160bf0820e0be3a3d48
SHA512 a46c7d7558af35a8c146a3c3357077b3de1a5481246fa3ab669f93d5c3f6779fa8cb94ef01a11bc1ebb2f76b7a3f9bc9df180e890cc62bd8e08292507b00e8bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\15480

MD5 9296b1114c53cfd6d02a89386b2f1e01
SHA1 df143b3246072df54f7f34b4d76b2b2e62b6a4e8
SHA256 412e5fc4f79619dc33074fb4d5bb11b5ca8bce7ff16dd8c630fbc4812f58ad3c
SHA512 a3275d4d30a99795efa979f3e5ba84488630dee9b530855a92a9d5d33010941ed9de8d31a0fb76e3a699b2f020a8e200a22f448456ec569eca8d3102de517636

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js

MD5 bb70715d99f249106617a7b6bf4183e5
SHA1 837754e6883b38e7d35a4ee3f3deada5f6ecb9a3
SHA256 dcec83c3b151b005be1972bd11fbf6511548647cb000fd6b04744bb82ab1c418
SHA512 143d424b444620a99ee818b4bcda01c3707a637ef2f08cf6f7de0b69b0a2b04d0a82d7e405a0af820072ed86bd07aa15350cae53773044b77e81f47a853b3d4a

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 c3416cf84f1844617d7b9f5542c88824
SHA1 1845675f14c18640d250f4cda37f60450f771d23
SHA256 5dd327572003c4ae0201f7db0fa25edc1da92048a8f57d9f66ee201ae67cbd5a
SHA512 d8bb4ead8179986ac467d2fcca308a098e0a1f48248f80c245c97cd5946aa24f2db49a4f8583b0bb03196f55c8729f6783d245c889edc1d14559b7e7a6b625f2

C:\Users\Admin\AppData\Local\Temp\CabF681.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75c9277ba7ebd57f2802ddda1a06e43a
SHA1 5b46b7f88d5c08afc3856655f9e3aa257f9bfc52
SHA256 ae0b53245156862c47c786ab5df17150fe71fc17a70ca84ec20d2ab9023892e6
SHA512 a815e9f6127b5bedb93a2685ff1eaac6fa4f3ae56d9c27a938e2428dcd747382cbeebb9fc819137295b7006f502b10c9380dc366bab6c675510437d0d6a0e624

memory/2068-461-0x0000000000401000-0x00000000004B7000-memory.dmp

memory/2068-458-0x0000000000400000-0x00000000004D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp

MD5 eb8be772f6b5c9226b354bd145c14f3a
SHA1 ea6fe89daf6180f4f37b5ccd8527bedd5a7e7786
SHA256 202d6b0679d7316893a1652e3a6b890288f6f00050324f7ea9ea86c04ac08c0c
SHA512 6dc63bf8db8292e03d30930a9b8dfd73109c0bc87f81864fc9d1ea5749aef1bc8586de80a885aa3e33e21db18b695c811245e0d877dcc9ecd21653e6816f2fd2

memory/2360-467-0x0000000000400000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tar233.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6423b374f7f887a2a008582a6d87ee52
SHA1 9424e841fc9d8f159c30d99d8662211b99acc6ee
SHA256 39e548d8bdd2e1b91cc5f725f9f9a16066bd9f407adeb512d287f492094fac3c
SHA512 f471624758e96895cc68ec4b484f70a6a7f68d2e3692355c78e3b81e31abb8848c15a964e3a4557e3a10dade708978e730ca582ff799db2569d4fac646223566

memory/2360-602-0x0000000000400000-0x0000000000711000-memory.dmp

memory/2068-604-0x0000000000400000-0x00000000004D6000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\7347

MD5 ef437b24bd5e19cb158fd5214ed1d95c
SHA1 b08c205e4f0c95ca15bc70cb5b8588413849ef06
SHA256 961180e17ef0afc60c2200767c03dac2091fc83aea3dad066b111fb1be022b76
SHA512 329bd1c7baa89d0b396b1af2c28594522dc8fd06da956031ab9a345ba538e8b7177d47e0f20e654921a42e5724fc4490438f0f67177483aa55fc22ed6ff90adf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c31e7abc936d4df047c560e262936240
SHA1 8a187f1bb7099b2b4ccc5a46a3db35bdedda1308
SHA256 ba5913333fc4971e5816b54fb21cce611fe2e1de34bf25a56a60c56990cdbbe9
SHA512 403c8639c6c27135f30d1f03e9285820aafe1d98290c25f5c94567566da2ecbd7eb6dc2941aca8ec289c64fe06d0c6c956f76c68c10bb74d2a976d442de78a72

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\28599

MD5 19f4b1e7312b163e97c87b1cb77b6927
SHA1 dfda4beb576abffe1035f4728bc63a5699dac64e
SHA256 a98689f2b8c791d01e1b1e81b43b2532762dba96aae9e12f5362670bacb61f88
SHA512 63f4586ac58db872ad83662bd978ced56f01cfe7343b06870e15baf1171bef47b764076bc4aa8b66aea2df1f8e4e09b624cdd17b61482a664d6ccbddf0b9e462

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\27477

MD5 ac64c6d70c337dc2e8f2e95b6b58d73a
SHA1 59bd5b63376ad3683cf96def78cfee922841b35b
SHA256 b021c593167a13d6fdc75706dfa17fcb3ad6e1ae1f9b230b9e7f4d6e2ca410e4
SHA512 e1f142197b973c796cd4724785679ffa850b3db597125c2fdc218c7934b92bd89f59ac627bf64a3be13053fe7697b985dca81e44dc5816f489f4724ed211fcde

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\10364

MD5 c5e1a5ed3c3336338e17a02daffbc689
SHA1 219aacdaa24fae3e3492f672cf0968b627041b6b
SHA256 d45af7c2e5ce23a1715be8dda59d0875060f54762606e177e7fb95f7a141dea4
SHA512 bbfbbd65347fca2d171802afec7a2e52ce33a42caf2a6313a0f36bb9eb02269298227f004e53fb527e84e9a7e370b5ab35ae917bd542f53c73db969bfcaa8786

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467

MD5 972729c61e514d89a330ab604164a52b
SHA1 111269c356eff9b0c2a377b1dd3f12b0a6b4958c
SHA256 df5ba297f36237c6cd67b72489e24b4b374c0168c54517d544cddd37ea5c028a
SHA512 0922a76da9a365dacae6b1325a1ca8a8c4587ff4568eb0f928fbb152c52ee526a6127d9eecaaaf563e3f18de3c2da5aadae23c513b7df2b19d85e55d6144e981

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\28868

MD5 2629f15f6179a64b3e7ffab28ec822dd
SHA1 df53aa7e3daf6ddbd09eaeade685ff9dc8119a73
SHA256 7112a300e35a04c50c7061bb8a48e74d6fd37fffe6a62708374d536a347250c6
SHA512 207dec9f4047a417bb1df0ed47989588ba9cff6140e5db7fd366932232c6da4329beb3f83096d014875c239c7d59ffd6ac9fffd2c5a3a929934965a61f39a982

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5 713d31484b94134f0d9800e289c44710
SHA1 b7fc45c0aeba7598c71123c02b6f9f9421239a57
SHA256 4d1e730093ecf16e6fcfa75f0e8ec4ce7ef11df1909eb326f29cf9e88d59446a
SHA512 232cfd058d02e9ff0ad0a7c35addb2277a316eedd9f6164e4074e23e21c58b0533b8f4189f93a37fe22bc7327b6f916ad4368cad0e8695e64365fa876bb024be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\26464

MD5 d1535bbbfe7bfa5ed6d85a3d91e78807
SHA1 06e8d89009eb530f47e2438c702b58117209c3b7
SHA256 5441398ff4ee1b22d915c3a2304fa1a4855dbb8b7465aa528e4119de7220bdd9
SHA512 755b47b768d082620eee9d542d05763728698567e7807c6854915258b2a599a87511673a9e51fd95afed827076e1b6044fb953537dd2237793eb4d1373ca165e

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-6334

MD5 697bc354700d83c1cf1b7cb9f8f78562
SHA1 c5ae31f0eca486cc407aad1a66166b82959caf12
SHA256 d0e7dc142a61010c020983d2dca511133d1722c55c0511cd1acf89a35970aa50
SHA512 f61b420314f8d5f380afd94abdb7fe6c4ce5a60a4a9f351d1de8818125dc87fb1a84112be0b0ffd05767f90aae526e790a8c8cf08b86e889f98e40e4a640ec34

C:\Users\Admin\Downloads\utorrent_installer.exe:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

memory/1368-747-0x0000000000400000-0x00000000004D4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3f8800a77562c3c0fd1ace1bb9e72185
SHA1 c8fc96b31cc4db20b140aabdea318dc7d83f9460
SHA256 098e571a0453f6241a0b3a684fdf3008e124ce2660247736a7978d9385eb8790
SHA512 a8806d364ff3e9543a036235c81b0c5dff87348c7302c43e00a490e8fb4cf4c4fcf8463f83a53a23f4e031bbec07164107ee174877df86c902683af1c28a8531

\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp

MD5 52edac6ed082dfb72449aa3b7683cc2f
SHA1 a95d2e3aee85a89c6df861d3edcf68f8a47be687
SHA256 0246ddf46c4d17bdc46db391dfcc959ff790e2a87e4751e75a3afd4a3112d042
SHA512 13c0db63cc864939f1867ce24fc4d2bedb789e316fb72d9626c37240316160d5a374467ce3fb6071e533201461030df80fd0c74c24c8cd3372e858d6ad898adf

memory/1368-777-0x0000000000400000-0x00000000004D4000-memory.dmp

memory/1516-778-0x0000000000400000-0x000000000070F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\AVG_BRW.png

MD5 0b4fa89d69051df475b75ca654752ef6
SHA1 81bf857a2af9e3c3e4632cbb88cd71e40a831a73
SHA256 60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e
SHA512 8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

memory/1516-784-0x0000000007610000-0x0000000007750000-memory.dmp

memory/1516-792-0x0000000007610000-0x0000000007750000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\AVG_AV.png

MD5 b582d76d71da0734a777fc8376fd0150
SHA1 687de4b5b0844bd720619b39c65f9078ae72e7cf
SHA256 1ce2b90c05299026d66af72b8d1fbf4c2abdbcbbd03959b8f05986a48f9034c6
SHA512 0d9e2680bcf159446704c82c514320f76af962281dd5e5738c6e56b93c900a43bf2fc5cd5792977ae7bee5ca904774ecd0ff95dab7470901997af4fb6a666053

memory/1516-794-0x0000000000400000-0x000000000070F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe

MD5 747c6360ae39a36b25aa8a0567d252bb
SHA1 f0ce19505aca76a1f06ab3a9e1ca165dd36667f0
SHA256 0c8db28daadcd988a8eab8b9d8ac21c3503a5198ba2e35b116a06e7fb53b01c5
SHA512 ba4f074c09359d215b78af496c6108c84b5f32df7cf1d8ad7e9e4b6c7c8fca9dfea0082a29bb71f397ddc500aae0f33b761e66fa35b58072f1fca7f99d8b4b59

\Users\Admin\AppData\Local\Temp\nsu1585.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\bt_datachannel.dll

MD5 dfca05beb0d6a31913c04b1314ca8b4a
SHA1 5fbbccf13325828016446f63d21250c723578841
SHA256 d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153
SHA512 858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf

\Users\Admin\AppData\Local\Temp\nsu1585.tmp\nsisFirewall.dll

MD5 f5bf81a102de52a4add21b8a367e54e0
SHA1 cf1e76ffe4a3ecd4dad453112afd33624f16751c
SHA256 53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
SHA512 6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

\Users\Admin\AppData\Local\Temp\nsu1585.tmp\INetC.dll

MD5 640bff73a5f8e37b202d911e4749b2e9
SHA1 9588dd7561ab7de3bca392b084bec91f3521c879
SHA256 c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
SHA512 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe

MD5 5cae7cd13223416170c5aa7c1cbe46d8
SHA1 1699b7d372ed6b82629139b7542fdede7bc6be8e
SHA256 ace0be5f95df26cab3eaf5ad4a9eaab804e35b7fc6e01b14517fd22fe9045ec0
SHA512 757b503582f9f7fbcfb05ed30894c5c49ed6993660f137a64c6fae2dba82e4c45ca44995a55bb1c64a3c24ce480036c1ebbfdf9aa014b79e0d890bca895d8174

memory/1320-842-0x00000000040C0000-0x0000000004682000-memory.dmp

memory/676-843-0x0000000000400000-0x00000000009C2000-memory.dmp

memory/676-858-0x0000000003180000-0x0000000003190000-memory.dmp

memory/676-870-0x0000000003180000-0x0000000003190000-memory.dmp

memory/676-863-0x0000000003180000-0x0000000003190000-memory.dmp

memory/1516-875-0x0000000000400000-0x000000000070F000-memory.dmp

memory/676-877-0x0000000000400000-0x00000000009C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0.zip

MD5 6406abc4ee622f73e9e6cb618190af02
SHA1 2aa23362907ba1c48eca7f1a372c2933edbb7fa1
SHA256 fd83d239b00a44698959145449ebfcb8c52687327deac04455e77a710a3dfe1b
SHA512 dd8e43f8a8f6c6e491179240bdfefdf30002f3f2900b1a319b4251dfa9ca7b7f87ddf170ba868ab520f94de9cc7d1854e3bcfd439cad1e8b4223c7ee06d649f1

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe

MD5 591059d6711881a4b12ad5f74d5781bf
SHA1 33362f43eaf8ad42fd6041d9b08091877fd2efba
SHA256 99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65
SHA512 6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c

\Users\Admin\AppData\Local\Temp\nsz2445.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

\Users\Admin\AppData\Local\Temp\nsz2445.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1.zip

MD5 56b0d3e1b154ae65682c167d25ec94a6
SHA1 44439842b756c6ff14df658befccb7a294a8ea88
SHA256 434bfc9e005a7c8ee249b62f176979f1b4cde69484db1683ea07a63e6c1e93de
SHA512 6f7211546c6360d4be8c3bb38f1e5b1b4a136aa1e15ec5ae57c9670215680b27ff336c4947bd6d736115fa4dedea10aacf558b6988196f583b324b50d4eca172

C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe

MD5 26816af65f2a3f1c61fb44c682510c97
SHA1 6ca3fe45b3ccd41b25d02179b6529faedef7884a
SHA256 2025c8c2acc5537366e84809cb112589ddc9e16630a81c301d24c887e2d25f45
SHA512 2426e54f598e3a4a6d2242ab668ce593d8947f5ddb36aded7356be99134cbc2f37323e1d36db95703a629ef712fab65f1285d9f9433b1e1af0123fd1773d0384

C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

\Users\Admin\AppData\Local\Temp\nsz2445.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

\Users\Admin\AppData\Local\Temp\nsz2445.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\CR.History.tmp

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\places.sqlite

MD5 6e9f527909657fc05028ae51bb42547f
SHA1 0709bbdbb44875e4b164aa9a3fecb91363de9cc1
SHA256 c7ba1f9ee85e8af3d3c91a5a43d4e0c84ed6e0331c41803464133a17682ddee1
SHA512 26da76af1e35f7c1b4cdb243cd56fb355aa8eb6354270d8be83453f9440b48d355c4c22dd35cb24f794bb2e2ec54687efc44310c8f33b6794aa3a7e1a48682a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 877d726e997d257bd17213ec5e8991e0
SHA1 287ffebfa08009bf320461df2647ac41da29e2e5
SHA256 6e32c23af25a6c0a2c5d6913242cbe085914db83e0aeea0346dd14f0705b9281
SHA512 3581e104c1a127113e4c14c6d0f33ccc450c43dd3b14b8c5beb17da721713eb3d9efe7603ada508da2877691ff85e8fb26c01961121f7f04bcd94689a3bd2887

\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\GUM2BF0.tmp\goopdate.dll

MD5 04a6438c50564146e880c5eb9d57905e
SHA1 edf5d454de99159d832cc9bd0d8dbe132d749804
SHA256 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA512 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_en.dll

MD5 418853fe486d8c021d0cca2e85a63d63
SHA1 9504500a7b5076579d74c23294df4bdb1b7c517d
SHA256 4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3
SHA512 dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3

C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateCore.exe

MD5 dd5dc945cd848bf503862d0a68c3ea5d
SHA1 9b277a0c733ed5698b0656da8c3b99d2f90c7ef8
SHA256 8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f
SHA512 f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1

C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler64.exe

MD5 deef1e7382d212cd403431727be417a5
SHA1 fac0e754a5734dd5e9602a0327a66e313f7473bb
SHA256 7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088
SHA512 6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateComRegisterShell64.exe

MD5 2a3ad7362e6c8808fbb4d4ccaba4ed4a
SHA1 3f896f7df7fe202f4a717713c503665bb4dcaed6
SHA256 4dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759
SHA512 892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_am.dll

MD5 ba03b29d5d44341084eb06bea8f1e702
SHA1 7d8dd7556ea5e299b55ddc7477ca758fe2c64f48
SHA256 6a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b
SHA512 29f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ar.dll

MD5 9c77be0843f0fe4864a04f8d5f24a593
SHA1 be03adb4d3c33520e652c7a6ee45f09d5ff54a54
SHA256 39547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1
SHA512 f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_da.dll

MD5 9a421423686559027e4301d36bcf58b2
SHA1 9669424f4e7c765ddb917a515d5a8b1486f87daf
SHA256 9d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69
SHA512 f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_cs.dll

MD5 7f3dcd851645d3d75f636c8440fb057f
SHA1 85debe41ddcb46555a0d00795e41e460a35583c2
SHA256 0b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043
SHA512 d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ca.dll

MD5 f951cf3ca93e5ae5fc1ce2da93121d98
SHA1 15bc869406857437babe41cd3f500c356913499b
SHA256 eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746
SHA512 b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_bn.dll

MD5 aedf6d96ccb64f488379bb1fe65f697a
SHA1 901bbb7873d8f698f49c4b6be74fb50b353d7b5e
SHA256 941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90
SHA512 d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc

C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_bg.dll

MD5 c0b41217fc33a6a53ec69ae7399460f2
SHA1 d7dd8d543b7297f1a1e138efa1806972c9489c3f
SHA256 d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b
SHA512 37abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253

C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler.exe

MD5 f73e60370efe16a6d985e564275612da
SHA1 2f829a0a611ac7add51a6bc50569e75181cdfd58
SHA256 9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e
SHA512 2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

memory/1516-1373-0x0000000004BC0000-0x0000000005182000-memory.dmp

memory/3816-1374-0x0000000000400000-0x00000000009C2000-memory.dmp

C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47084\utorrentie.exe

MD5 b37bf218608a501fb9fe9376d3dac3ae
SHA1 6ccf77360821ebaf051e6f4f4c300ec4940872db
SHA256 df2c70310cc68741d7e157918698631f9a22c1151debc19ae51a74d32ccb96b1
SHA512 3c93fffb86d299d14ab8127b05d0c1f6b5e7f856da8986086a93bcbbf1ccf2c23d7047001e89d15273370d6baf4acf656714354314f612b5caca436cd6062998

memory/1516-1514-0x0000000000400000-0x000000000070F000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\jumpListCache\HYg6ytjr8IzIfoRsgspHUQ==.ico

MD5 a5286a9606b163ee8848ccfe3992c208
SHA1 47bc67948ff59783f92e19011164d625ca0867de
SHA256 6bc0dbf7dd9b6046441700a4d4d2a25ec6e2d4727ea1ddc4dc53c62aeb904f7a
SHA512 e9140efef12fb300e5a52faab8188822a88cc68afcdb1a604cf85315764520be8df3ee848a0d24180af65c0bc125405752ff28806a1eedbda8136619c1c17905

memory/1368-1527-0x0000000000400000-0x00000000004D4000-memory.dmp

memory/1516-1525-0x0000000000400000-0x000000000070F000-memory.dmp

memory/3816-1528-0x0000000000400000-0x00000000009C2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 08:46

Reported

2024-05-26 08:49

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Capture48.png

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Capture48.png

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp

Files

N/A