Analysis Overview
SHA256
36ade5fcd549711465e810ae21da6cb2e892fea2f03eb9622c361fc3f8484c9c
Threat Level: Likely malicious
The file Capture48.PNG was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Sets file execution options in registry
Checks computer location settings
Registers COM server for autorun
Loads dropped DLL
Identifies Wine through registry keys
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Checks for any installed AV software in registry
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
NTFS ADS
Modifies registry class
Script User-Agent
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 08:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 08:46
Reported
2024-05-26 08:49
Platform
win7-20240508-en
Max time kernel
138s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Software\Wow6432Node\Wine | C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Wow6432Node\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED" | C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Avira\Browser\Installed | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_zh-CN.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_zh-TW.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GUM2BF0.tmp\@PaxHeader | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_en.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_mr.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ur.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fr.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_iw.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_kn.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\acuapi_64.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_lv.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pt-BR.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_sl.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pt-PT.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateHelper.msi | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\psmachine_64.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_et.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fa.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_da.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fi.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ro.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_cs.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_pl.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateHelper.msi | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_nl.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GUT2BF1.tmp | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_fil.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ta.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_el.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sv.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ar.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_it.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ja.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateWebPlugin.exe | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_hr.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\psmachine.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\psuser.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_hu.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
| File created | C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_nl.dll | C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" | C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\endpoint = "update.avgbrowser.com" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\hostprefix | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\ | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\devmode = "0" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineIdDate = "20240526" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine.1.0\CLSID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.ProcessLauncher.1.0\CLSID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ = "ICurrentState" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ = "IAppVersion" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods\ = "12" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{30612A81-C10F-498E-9163-C2B2A3F81A14} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\LocalizedString = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-3000" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEBC1D02-EC16-479A-83F6-AA4247CA7F70}\ProgID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoCreateAsync.1.0\CLSID\ = "{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\uTorrent\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\AppID = "{30612A81-C10F-498E-9163-C2B2A3F81A14}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\uTorrent | C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods\ = "7" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}\ = "Google Update Misc Utils Class" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\ProgID\ = "AVGUpdate.CoreClass.1" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\AVGBrowserUpdateOnDemand.exe\"" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\VersionIndependentProgID\ = "AVGUpdate.OnDemandCOMClassMachine" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine\CurVer\ = "AVGUpdate.Update3WebMachine.1.0" | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2} | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E} | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc.1.0 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10" | C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine.1.0\CLSID | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\utweb_installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\utweb_installer(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\utorrent_installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Capture48.png
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.0.1792131921\2112953594" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca49a5f-8559-4603-95f1-610f44e6aa14} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1268 11ff6258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.1.636883884\1609998794" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f0954f-428b-4fa6-b066-a0287d25994c} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1472 d72258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.2.1656374289\1688371987" -childID 1 -isForBrowser -prefsHandle 1948 -prefMapHandle 1944 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed911b0-b564-4cab-9222-385516ef43fe} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1920 19da1c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.3.1652117714\2063477170" -childID 2 -isForBrowser -prefsHandle 820 -prefMapHandle 1636 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c57e96e4-643e-4599-a8cc-f25ea3d274c6} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 748 d71658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.4.312293832\496485691" -childID 3 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0f01c8-aee0-40b6-aa2e-ec1d94f2f174} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2832 1ba2d058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.5.1735877821\74353474" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3036 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2431e21a-dc8d-412b-9a1f-9886cffebafd} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3748 1e91ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.6.2007010677\968850626" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {682287cd-535e-4fa7-8137-019037799539} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3848 1e91c358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.7.1908570675\883105084" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd54420c-685d-4abd-ac10-94c0403cb817} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4020 1f030158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.8.1336577085\1212963709" -childID 7 -isForBrowser -prefsHandle 1904 -prefMapHandle 1864 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5d92f2-20b8-4a1a-bf40-cfb21e54057f} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4260 21906e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.9.1311697336\1688754047" -parentBuildID 20221007134813 -prefsHandle 4408 -prefMapHandle 4400 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {464da955-a5bd-4284-8c13-b63406be97f8} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4276 21fc7258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.10.1402949777\357644510" -childID 8 -isForBrowser -prefsHandle 4596 -prefMapHandle 4164 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adfba818-4a4a-4066-8d25-138ea2616bd6} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4052 1ccab858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.11.1763189410\2055283360" -childID 9 -isForBrowser -prefsHandle 2584 -prefMapHandle 2572 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {593c2901-de5a-40ca-b29f-2aef942b46d3} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2408 1ccac158 tab
C:\Users\Admin\Downloads\utweb_installer.exe
"C:\Users\Admin\Downloads\utweb_installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp" /SL5="$5016E,866469,820736,C:\Users\Admin\Downloads\utweb_installer.exe"
C:\Users\Admin\Downloads\utorrent_installer.exe
"C:\Users\Admin\Downloads\utorrent_installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp" /SL5="$7015C,840718,816128,C:\Users\Admin\Downloads\utorrent_installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe
"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110
C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe
"C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6dEE0oDaKTHJ2CXA5wmbo5eucSYsfeeCqzL61Nh8Jnml66qXjo7A5HNYAGX8HiK6bsgTidU9F86 /make-default
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5faEMABXNkLeGn9dVJ5FbU20GGyLVhANtsbn4WkWsUsbJTULIiSQF2LWrsY7sARBI1J9LHmYq
C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe
AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"
C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe
"C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezI2QUNCRDZELTVFOTQtNEZGQi05MzI4LTVDQUYzNjkwRTYyNH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2NDBBQzk1Mi1FN0Q1LTQ0NkMtOEIyQi1DMDIwQzczRjcyNzZ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA1MjYiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDUyNiIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntCQkZCMTcyNS02QUY5LTQwRUItQUZGRS1GNjBGMzEzRkNBMTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIzMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNDgwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{26ACBD6D-5E94-4FFB-9328-5CAF3690E624}" /silent
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B55348_820294101 µTorrent4823DF041B09 uTorrent ie unp
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B665C8_1674117706 µTorrent4823DF041B09 uTorrent ie unp
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B68428_552567487 µTorrent4823DF041B09 uTorrent ie unp
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B34E60_1155527349 µTorrent4823DF041B09 uTorrent ie unp
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47084&pv=0.0.0.0.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3440 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 452
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe
"C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47084\utorrentie.exe" uTorrent_3816_03B68A78_970458692 µTorrent4823DF041B09 uTorrent ie unp
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:49192 | tcp | |
| N/A | 127.0.0.1:49200 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.238:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.utorrent.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | d37p7e9mldky5m.cloudfront.net | udp |
| CH | 13.224.103.116:443 | d37p7e9mldky5m.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d37p7e9mldky5m.cloudfront.net | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| SE | 184.31.15.57:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | utbench.utorrent.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| CH | 18.165.183.54:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| CH | 18.165.183.94:443 | utbench.utorrent.com | tcp |
| US | 8.8.8.8:53 | d2hg6tk38qvc67.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2hg6tk38qvc67.cloudfront.net | udp |
| CH | 18.165.183.54:443 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| CH | 18.165.183.60:443 | api.privacy-center.org | tcp |
| CH | 18.165.183.60:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| CH | 18.165.183.60:443 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | d1aodu4gs77ogh.cloudfront.net | udp |
| CH | 13.224.98.212:443 | d1aodu4gs77ogh.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1aodu4gs77ogh.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1aodu4gs77ogh.cloudfront.net | udp |
| US | 8.8.8.8:53 | d10v4za288sjg2.cloudfront.net | udp |
| US | 8.8.8.8:53 | d10v4za288sjg2.cloudfront.net | udp |
| CH | 18.165.185.3:443 | d10v4za288sjg2.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d10v4za288sjg2.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2ordzmbswux6c.cloudfront.net | udp |
| CH | 13.224.98.147:443 | d2ordzmbswux6c.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d267hdkwtkt57i.cloudfront.net | udp |
| US | 8.8.8.8:53 | d267hdkwtkt57i.cloudfront.net | udp |
| CH | 18.165.185.128:443 | d267hdkwtkt57i.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d267hdkwtkt57i.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3u3l7ezf06ydd.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3u3l7ezf06ydd.cloudfront.net | udp |
| CH | 13.224.98.63:443 | d3u3l7ezf06ydd.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3u3l7ezf06ydd.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2m2x9npp408zn.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2m2x9npp408zn.cloudfront.net | udp |
| CH | 18.165.185.229:443 | d2m2x9npp408zn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d2m2x9npp408zn.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1l65h99sv20xf.cloudfront.net | udp |
| CH | 13.224.98.190:443 | d1l65h99sv20xf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| CH | 18.165.183.45:443 | api.playanext.com | tcp |
| CH | 18.165.183.105:443 | api.playanext.com | tcp |
| CH | 18.165.183.45:443 | api.playanext.com | tcp |
| CH | 18.165.183.105:443 | api.playanext.com | tcp |
| CH | 13.224.98.190:443 | d1l65h99sv20xf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | download-new.utorrent.com | udp |
| US | 67.215.238.66:80 | download-new.utorrent.com | tcp |
| US | 67.215.238.66:80 | download-new.utorrent.com | tcp |
| US | 8.8.8.8:53 | i-6000.b-47084.ut.bench.utorrent.com | udp |
| US | 52.204.102.29:80 | i-6000.b-47084.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | router.bittorrent.com | udp |
| US | 8.8.8.8:53 | router.utorrent.com | udp |
| US | 8.8.8.8:53 | update.utorrent.li | udp |
| IS | 82.221.103.246:80 | update.utorrent.li | tcp |
| IS | 82.221.103.246:80 | update.utorrent.li | tcp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | stats.securebrowser.com | udp |
| US | 104.20.86.8:443 | stats.securebrowser.com | tcp |
| US | 8.8.8.8:53 | i-21.b-47084.ut.bench.utorrent.com | udp |
| N/A | 10.127.0.1:5351 | udp | |
| US | 8.8.8.8:53 | apps.bittorrent.com | udp |
| US | 52.4.185.34:80 | i-21.b-47084.ut.bench.utorrent.com | tcp |
| GB | 87.248.205.1:80 | apps.bittorrent.com | tcp |
| US | 52.4.185.34:80 | i-21.b-47084.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | update.avgbrowser.com | udp |
| US | 104.22.63.125:443 | update.avgbrowser.com | tcp |
| US | 8.8.8.8:53 | i-70.b-47084.ut.bench.utorrent.com | udp |
| US | 52.202.107.113:80 | i-70.b-47084.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.22.63.125:443 | update.avgbrowser.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | i-44.b-47084.ut.bench.utorrent.com | udp |
| US | 8.8.8.8:53 | update.bittorrent.com | udp |
| US | 52.2.17.230:80 | i-44.b-47084.ut.bench.utorrent.com | tcp |
| US | 173.254.195.58:80 | update.bittorrent.com | tcp |
| IS | 82.221.103.244:6881 | router.utorrent.com | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| US | 8.8.8.8:53 | i-24.b-47084.ut.bench.utorrent.com | udp |
| US | 52.202.107.113:80 | i-24.b-47084.ut.bench.utorrent.com | tcp |
| BR | 45.188.46.171:49032 | udp | |
| RU | 5.166.180.254:22547 | udp | |
| UA | 46.211.149.255:7669 | udp | |
| JP | 119.174.225.120:15153 | udp | |
| US | 8.8.8.8:53 | cdn.ap.bittorrent.com | udp |
| MY | 161.142.150.67:10256 | udp | |
| BR | 179.130.155.52:6889 | udp | |
| KR | 125.137.232.3:47702 | udp | |
| CN | 49.80.131.217:51413 | udp | |
| CN | 171.88.111.211:55371 | udp | |
| UA | 188.163.46.127:44420 | udp | |
| GB | 87.248.205.1:80 | cdn.ap.bittorrent.com | tcp |
| US | 8.8.8.8:53 | utorrent.com | udp |
| US | 52.2.17.230:80 | i-44.b-47084.ut.bench.utorrent.com | tcp |
| GB | 87.248.205.1:80 | cdn.ap.bittorrent.com | tcp |
| NL | 83.149.106.135:58859 | udp | |
| NL | 46.232.211.25:58047 | udp | |
| GB | 86.150.223.201:6881 | udp | |
| BD | 45.118.246.241:27271 | udp | |
| BR | 201.71.167.45:19062 | udp | |
| KR | 211.213.233.48:8021 | udp | |
| NL | 45.154.86.140:54413 | udp | |
| KR | 121.188.208.204:7977 | udp | |
| US | 107.149.205.110:6999 | udp | |
| FR | 62.210.74.109:5870 | udp | |
| RU | 95.25.41.12:40341 | udp | |
| BR | 187.62.77.74:41604 | udp | |
| GB | 79.135.126.78:19853 | udp | |
| ZA | 169.1.248.153:41983 | udp | |
| US | 98.143.146.7:80 | utorrent.com | tcp |
| US | 98.143.146.7:80 | utorrent.com | tcp |
| US | 8.8.8.8:53 | i-64.b-47084.ut.bench.utorrent.com | udp |
| US | 52.2.17.230:80 | i-64.b-47084.ut.bench.utorrent.com | tcp |
| MX | 187.190.205.74:44078 | udp | |
| DE | 34.89.135.129:6881 | udp | |
| US | 35.232.31.198:6881 | udp | |
| US | 54.214.62.55:6881 | udp | |
| US | 54.70.28.180:6881 | udp | |
| US | 35.163.251.58:6881 | udp | |
| US | 52.2.17.230:80 | i-64.b-47084.ut.bench.utorrent.com | tcp |
| FR | 188.165.210.225:36123 | udp | |
| US | 47.89.251.173:6881 | udp | |
| US | 8.8.8.8:53 | www.utorrent.com | udp |
| CH | 13.224.103.119:80 | www.utorrent.com | tcp |
| CH | 13.224.103.119:80 | www.utorrent.com | tcp |
| CH | 13.224.103.119:443 | www.utorrent.com | tcp |
| US | 52.20.225.138:80 | i-29.b-47084.ut.bench.utorrent.com | tcp |
| US | 108.181.3.9:6881 | udp | |
| CH | 13.224.103.119:443 | www.utorrent.com | tcp |
| IN | 152.58.35.243:46569 | udp | |
| CH | 13.224.103.119:443 | www.utorrent.com | tcp |
| US | 52.20.225.138:80 | i-29.b-47084.ut.bench.utorrent.com | tcp |
| RU | 176.195.152.232:51413 | udp | |
| KE | 41.212.104.234:18150 | udp | |
| ES | 85.209.180.155:6898 | udp | |
| CH | 13.224.103.119:443 | www.utorrent.com | tcp |
| BG | 85.217.207.156:36144 | udp | |
| JP | 221.113.70.192:54172 | udp | |
| CN | 114.231.153.238:19943 | udp | |
| NL | 217.121.66.245:51413 | udp | |
| RU | 188.243.183.202:27136 | udp | |
| NL | 94.75.234.248:28006 | udp | |
| CZ | 86.49.252.94:53873 | udp | |
| NL | 212.102.35.17:28971 | udp | |
| US | 76.217.85.175:51413 | udp | |
| TW | 36.234.69.136:19150 | udp | |
| RU | 5.18.148.190:9691 | udp | |
| FR | 188.165.244.11:51976 | udp | |
| HK | 113.10.131.90:20875 | udp | |
| FI | 95.217.120.87:50000 | udp | |
| RU | 109.169.128.232:54777 | udp | |
| NL | 169.150.223.207:14309 | udp | |
| SE | 185.236.42.56:55336 | udp | |
| RU | 37.122.31.240:18856 | udp | |
| NL | 185.21.217.60:50274 | udp | |
| ES | 83.47.47.42:53126 | udp | |
| DE | 93.240.80.150:43749 | udp | |
| CN | 218.89.251.196:51413 | udp | |
| US | 173.53.7.32:43125 | udp | |
| BG | 77.76.179.204:24302 | udp | |
| NL | 178.162.173.94:28001 | udp | |
| JP | 113.147.89.203:51413 | udp | |
| KR | 121.159.248.224:40890 | udp | |
| RU | 89.221.52.137:23518 | udp | |
| KR | 121.182.75.228:8297 | udp | |
| BR | 187.73.188.212:12669 | udp | |
| FR | 109.10.164.244:49429 | udp | |
| CN | 112.46.73.149:20492 | udp | |
| AU | 121.208.222.63:18735 | udp | |
| RS | 77.243.23.240:26688 | udp | |
| DE | 51.38.122.220:6881 | udp | |
| FI | 65.108.78.54:6881 | udp | |
| PL | 95.214.53.172:1688 | udp | |
| IN | 49.42.36.244:39486 | udp | |
| ES | 213.60.128.108:8622 | udp | |
| CN | 171.213.17.39:18888 | udp | |
| FR | 188.165.253.73:15688 | udp | |
| PL | 193.34.212.49:19218 | udp | |
| RU | 37.23.151.153:51413 | udp | |
| BR | 177.40.139.157:31858 | udp | |
| UA | 5.248.75.157:13783 | udp | |
| CN | 113.123.2.246:14433 | udp | |
| BE | 83.134.121.11:40323 | udp | |
| UZ | 213.230.93.248:17201 | udp | |
| RU | 81.25.76.216:63955 | udp | |
| CH | 193.32.127.220:41605 | udp | |
| RO | 95.76.3.192:15898 | udp | |
| US | 8.8.8.8:53 | browser-update.avg.com | udp |
| US | 2.17.251.40:80 | browser-update.avg.com | tcp |
| DE | 5.189.166.86:10240 | udp | |
| SE | 62.102.148.189:12744 | udp | |
| FR | 94.23.249.222:21198 | udp | |
| IQ | 151.236.162.35:37316 | udp | |
| BR | 45.170.36.244:46913 | udp | |
| KR | 121.187.163.177:13212 | udp | |
| PK | 121.91.35.177:13722 | udp | |
| UA | 213.59.163.177:11776 | udp | |
| CN | 171.113.229.206:35264 | udp | |
| US | 73.194.80.181:45024 | udp | |
| BR | 181.224.30.63:31738 | udp | |
| FR | 93.16.30.63:43377 | udp | |
| IL | 85.64.222.63:7507 | udp | |
| CN | 175.10.55.248:9901 | udp | |
| PR | 24.50.234.210:6565 | udp | |
| MX | 177.245.154.145:12695 | udp | |
| IE | 54.194.135.233:6992 | udp | |
| PR | 24.50.234.162:11739 | udp | |
| DZ | 197.202.100.244:53752 | udp | |
| UY | 179.28.162.35:6209 | udp | |
| DE | 109.250.36.244:49369 | udp | |
| BD | 103.237.37.102:54001 | udp | |
| RU | 5.139.227.177:14612 | udp | |
| BR | 45.187.163.177:39425 | udp | |
| MX | 189.197.2.43:49032 | udp | |
| CN | 124.226.39.91:1024 | udp | |
| AR | 181.1.20.79:48103 | udp | |
| BR | 177.71.12.161:37668 | udp | |
| HU | 149.200.40.157:17859 | udp | |
| BR | 191.254.174.74:50321 | udp | |
| HU | 91.228.212.129:50069 | udp | |
| RU | 5.18.146.86:3124 | udp | |
| PL | 89.75.33.82:44624 | udp | |
| TR | 78.179.124.162:49001 | udp | |
| UA | 31.202.177.221:14851 | udp | |
| CN | 58.52.14.247:23370 | udp | |
| ES | 79.116.26.40:39097 | udp | |
| KR | 211.248.247.219:7845 | udp | |
| RU | 79.139.254.20:1175 | udp | |
| CN | 59.173.132.133:51413 | udp | |
| SE | 81.234.110.155:40733 | udp | |
| NL | 45.87.251.132:28040 | udp | |
| ZA | 197.229.2.43:5079 | udp | |
| NL | 85.148.69.110:6881 | udp | |
| RU | 217.150.75.228:7683 | udp | |
| CN | 116.23.99.250:51413 | udp | |
| BR | 191.177.136.149:10215 | udp | |
| CY | 213.207.186.3:4322 | udp |
Files
memory/2220-0-0x0000000002230000-0x0000000002231000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\66df0252-3b41-4063-b37d-defa094b000c
| MD5 | 6033d54aad85b9efaa6bc5afff111f95 |
| SHA1 | 2967587ed0d2f5d1dbe9b6ed8c67403803dbb71e |
| SHA256 | c4e32716721209caca728b73e4c5d3ab4e3acd967f022b61a29913637819fc3d |
| SHA512 | 28eb3b001b80338c436283c1f4495f46da2d5543304179ef3e698492d29e2de610507c7301c1e2502518991181b87e2d1d7906c5ec086cc6cf7c5afa80a95c04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\e39475a4-1f2f-4045-9f74-53a90d224bd7
| MD5 | bfc1ce3c32a1ac81b334348581b6cb95 |
| SHA1 | 4fa70e18b592083461776d52c21be06953aae9f1 |
| SHA256 | a9bb4c6072778140e852b0db9460f9d4f35d4dbf4b87a2744278993557298c71 |
| SHA512 | a4d53be336210b22fa88f3faee09f5fef134fe47f875bb9451c0758c10b4d080f6ab23591a574ead5bb7f6619e9742b3c8071bda64e2a1da4df8db36841776ae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\db\data.safe.bin
| MD5 | b407af0bcebb7d5d4cea82b21b35dfe1 |
| SHA1 | 6d63c1dfeeb8f22731fa30b6c5156c4c4fea192d |
| SHA256 | bf5e7df9ba061a4d560743e37117c77dac29609be5f9d37ed09ddcaa16d462e9 |
| SHA512 | 31f61442965d29c34216d5b39e54a4fe737cebc9826de10dc960f2de502bc6b867d8111c2a3a07ae653ae38d42e8f4fed31c00f96f915e5de56e695b35a6776c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0b19f5f261bd447a81a5b2c9188a2d5a |
| SHA1 | 106510080bac30f5a41e07093171c881b0bf7ef5 |
| SHA256 | ab8f47136ba2e1138b5523be3d66c746f5a387f5464567fef576cf509992ba78 |
| SHA512 | 6cf7e2aefc03f08581a20dc89d3a70e8f793a032b2925c9b26148da3051b41bb4f0172bc688d907eb4500796cece27d3272e59b405aa2e7256b0a3a7c7633cba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5eb3c0ba922d839f4b290fef64e7a55a |
| SHA1 | 6f5fa07c9ebadb710b255c8c786d024e5c2717a2 |
| SHA256 | c9b273ec0c25f67512cfa31e38e090f20446158a64de4ca059de78000f2db3d0 |
| SHA512 | cd7bdaa231d1ae4878ca34cad79806499bd7e69015cc9ca53ba404f3f52b830ad37d9280a2152409fc72efec5cdb22c3804add19f5d88c39ff356fe651771efc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js
| MD5 | b7eaa96511720acee1e76c77628b9bb9 |
| SHA1 | 5d475dc0cee28dd568ab150b38e798aa2951a655 |
| SHA256 | 4fbde19fceb1ca8ff74bc016c7f974791374ddfa78fa1a03a12914096ac586db |
| SHA512 | 3d1d6e714a290fc9e031cb0e9d66d7d4f074e6ba6d48487005a99a1d713f40c79e19dfd376e187bd24b9a4ed5afc07f3613094d12cac4b7556be0921c26b5bf1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\32257
| MD5 | f6a6e222a3cb1a73f86b95b6fa29938f |
| SHA1 | 173adea667de0ec13859a4fc8f05ad41d7cbf992 |
| SHA256 | 28b15e601e8cc8d599cb441ab137ee595d324c7705ed6149979fcfe793571f77 |
| SHA512 | a7f21527a969237e500ecd8c956301ee4a0c16efe9e88b5a47dc296e3518da56050ffba531d818845813db5a6e6ab95197fab4ae2f5f0c8814dd92c2e064d2e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\5908
| MD5 | f1ccbd94efd2f56417c2d4b1b3cab912 |
| SHA1 | e4e10106552d969aeba386a31782eff89a5553eb |
| SHA256 | 30c487a395137f0a91b6d72930691ba5c041427b5d5cad29ec6c878a80f1803d |
| SHA512 | 19c0d4392645a108a6297e0205603d3b9fa4c4df83c2f6a2c112cdb9bd3d7c3f0d87e68db2fc281ab59d9b538025312547e8d323df4a460c20668691e8aec948 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\18970
| MD5 | 7455586ab0bd0e516f6ddf5f65ccfed8 |
| SHA1 | 133b295464b536303728053f3c7a60995f64eef5 |
| SHA256 | 6b3c7bed22b50b479e5aa96ab2b0f0960722fa6038667160bf0820e0be3a3d48 |
| SHA512 | a46c7d7558af35a8c146a3c3357077b3de1a5481246fa3ab669f93d5c3f6779fa8cb94ef01a11bc1ebb2f76b7a3f9bc9df180e890cc62bd8e08292507b00e8bb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\15480
| MD5 | 9296b1114c53cfd6d02a89386b2f1e01 |
| SHA1 | df143b3246072df54f7f34b4d76b2b2e62b6a4e8 |
| SHA256 | 412e5fc4f79619dc33074fb4d5bb11b5ca8bce7ff16dd8c630fbc4812f58ad3c |
| SHA512 | a3275d4d30a99795efa979f3e5ba84488630dee9b530855a92a9d5d33010941ed9de8d31a0fb76e3a699b2f020a8e200a22f448456ec569eca8d3102de517636 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js
| MD5 | bb70715d99f249106617a7b6bf4183e5 |
| SHA1 | 837754e6883b38e7d35a4ee3f3deada5f6ecb9a3 |
| SHA256 | dcec83c3b151b005be1972bd11fbf6511548647cb000fd6b04744bb82ab1c418 |
| SHA512 | 143d424b444620a99ee818b4bcda01c3707a637ef2f08cf6f7de0b69b0a2b04d0a82d7e405a0af820072ed86bd07aa15350cae53773044b77e81f47a853b3d4a |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | c3416cf84f1844617d7b9f5542c88824 |
| SHA1 | 1845675f14c18640d250f4cda37f60450f771d23 |
| SHA256 | 5dd327572003c4ae0201f7db0fa25edc1da92048a8f57d9f66ee201ae67cbd5a |
| SHA512 | d8bb4ead8179986ac467d2fcca308a098e0a1f48248f80c245c97cd5946aa24f2db49a4f8583b0bb03196f55c8729f6783d245c889edc1d14559b7e7a6b625f2 |
C:\Users\Admin\AppData\Local\Temp\CabF681.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 75c9277ba7ebd57f2802ddda1a06e43a |
| SHA1 | 5b46b7f88d5c08afc3856655f9e3aa257f9bfc52 |
| SHA256 | ae0b53245156862c47c786ab5df17150fe71fc17a70ca84ec20d2ab9023892e6 |
| SHA512 | a815e9f6127b5bedb93a2685ff1eaac6fa4f3ae56d9c27a938e2428dcd747382cbeebb9fc819137295b7006f502b10c9380dc366bab6c675510437d0d6a0e624 |
memory/2068-461-0x0000000000401000-0x00000000004B7000-memory.dmp
memory/2068-458-0x0000000000400000-0x00000000004D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-2LRR8.tmp\utweb_installer.tmp
| MD5 | eb8be772f6b5c9226b354bd145c14f3a |
| SHA1 | ea6fe89daf6180f4f37b5ccd8527bedd5a7e7786 |
| SHA256 | 202d6b0679d7316893a1652e3a6b890288f6f00050324f7ea9ea86c04ac08c0c |
| SHA512 | 6dc63bf8db8292e03d30930a9b8dfd73109c0bc87f81864fc9d1ea5749aef1bc8586de80a885aa3e33e21db18b695c811245e0d877dcc9ecd21653e6816f2fd2 |
memory/2360-467-0x0000000000400000-0x0000000000711000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar233.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6423b374f7f887a2a008582a6d87ee52 |
| SHA1 | 9424e841fc9d8f159c30d99d8662211b99acc6ee |
| SHA256 | 39e548d8bdd2e1b91cc5f725f9f9a16066bd9f407adeb512d287f492094fac3c |
| SHA512 | f471624758e96895cc68ec4b484f70a6a7f68d2e3692355c78e3b81e31abb8848c15a964e3a4557e3a10dade708978e730ca582ff799db2569d4fac646223566 |
memory/2360-602-0x0000000000400000-0x0000000000711000-memory.dmp
memory/2068-604-0x0000000000400000-0x00000000004D6000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\7347
| MD5 | ef437b24bd5e19cb158fd5214ed1d95c |
| SHA1 | b08c205e4f0c95ca15bc70cb5b8588413849ef06 |
| SHA256 | 961180e17ef0afc60c2200767c03dac2091fc83aea3dad066b111fb1be022b76 |
| SHA512 | 329bd1c7baa89d0b396b1af2c28594522dc8fd06da956031ab9a345ba538e8b7177d47e0f20e654921a42e5724fc4490438f0f67177483aa55fc22ed6ff90adf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c31e7abc936d4df047c560e262936240 |
| SHA1 | 8a187f1bb7099b2b4ccc5a46a3db35bdedda1308 |
| SHA256 | ba5913333fc4971e5816b54fb21cce611fe2e1de34bf25a56a60c56990cdbbe9 |
| SHA512 | 403c8639c6c27135f30d1f03e9285820aafe1d98290c25f5c94567566da2ecbd7eb6dc2941aca8ec289c64fe06d0c6c956f76c68c10bb74d2a976d442de78a72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\28599
| MD5 | 19f4b1e7312b163e97c87b1cb77b6927 |
| SHA1 | dfda4beb576abffe1035f4728bc63a5699dac64e |
| SHA256 | a98689f2b8c791d01e1b1e81b43b2532762dba96aae9e12f5362670bacb61f88 |
| SHA512 | 63f4586ac58db872ad83662bd978ced56f01cfe7343b06870e15baf1171bef47b764076bc4aa8b66aea2df1f8e4e09b624cdd17b61482a664d6ccbddf0b9e462 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\27477
| MD5 | ac64c6d70c337dc2e8f2e95b6b58d73a |
| SHA1 | 59bd5b63376ad3683cf96def78cfee922841b35b |
| SHA256 | b021c593167a13d6fdc75706dfa17fcb3ad6e1ae1f9b230b9e7f4d6e2ca410e4 |
| SHA512 | e1f142197b973c796cd4724785679ffa850b3db597125c2fdc218c7934b92bd89f59ac627bf64a3be13053fe7697b985dca81e44dc5816f489f4724ed211fcde |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\10364
| MD5 | c5e1a5ed3c3336338e17a02daffbc689 |
| SHA1 | 219aacdaa24fae3e3492f672cf0968b627041b6b |
| SHA256 | d45af7c2e5ce23a1715be8dda59d0875060f54762606e177e7fb95f7a141dea4 |
| SHA512 | bbfbbd65347fca2d171802afec7a2e52ce33a42caf2a6313a0f36bb9eb02269298227f004e53fb527e84e9a7e370b5ab35ae917bd542f53c73db969bfcaa8786 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467
| MD5 | 972729c61e514d89a330ab604164a52b |
| SHA1 | 111269c356eff9b0c2a377b1dd3f12b0a6b4958c |
| SHA256 | df5ba297f36237c6cd67b72489e24b4b374c0168c54517d544cddd37ea5c028a |
| SHA512 | 0922a76da9a365dacae6b1325a1ca8a8c4587ff4568eb0f928fbb152c52ee526a6127d9eecaaaf563e3f18de3c2da5aadae23c513b7df2b19d85e55d6144e981 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\28868
| MD5 | 2629f15f6179a64b3e7ffab28ec822dd |
| SHA1 | df53aa7e3daf6ddbd09eaeade685ff9dc8119a73 |
| SHA256 | 7112a300e35a04c50c7061bb8a48e74d6fd37fffe6a62708374d536a347250c6 |
| SHA512 | 207dec9f4047a417bb1df0ed47989588ba9cff6140e5db7fd366932232c6da4329beb3f83096d014875c239c7d59ffd6ac9fffd2c5a3a929934965a61f39a982 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 713d31484b94134f0d9800e289c44710 |
| SHA1 | b7fc45c0aeba7598c71123c02b6f9f9421239a57 |
| SHA256 | 4d1e730093ecf16e6fcfa75f0e8ec4ce7ef11df1909eb326f29cf9e88d59446a |
| SHA512 | 232cfd058d02e9ff0ad0a7c35addb2277a316eedd9f6164e4074e23e21c58b0533b8f4189f93a37fe22bc7327b6f916ad4368cad0e8695e64365fa876bb024be |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\cache2\doomed\26464
| MD5 | d1535bbbfe7bfa5ed6d85a3d91e78807 |
| SHA1 | 06e8d89009eb530f47e2438c702b58117209c3b7 |
| SHA256 | 5441398ff4ee1b22d915c3a2304fa1a4855dbb8b7465aa528e4119de7220bdd9 |
| SHA512 | 755b47b768d082620eee9d542d05763728698567e7807c6854915258b2a599a87511673a9e51fd95afed827076e1b6044fb953537dd2237793eb4d1373ca165e |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-6334
| MD5 | 697bc354700d83c1cf1b7cb9f8f78562 |
| SHA1 | c5ae31f0eca486cc407aad1a66166b82959caf12 |
| SHA256 | d0e7dc142a61010c020983d2dca511133d1722c55c0511cd1acf89a35970aa50 |
| SHA512 | f61b420314f8d5f380afd94abdb7fe6c4ce5a60a4a9f351d1de8818125dc87fb1a84112be0b0ffd05767f90aae526e790a8c8cf08b86e889f98e40e4a640ec34 |
C:\Users\Admin\Downloads\utorrent_installer.exe:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
memory/1368-747-0x0000000000400000-0x00000000004D4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3f8800a77562c3c0fd1ace1bb9e72185 |
| SHA1 | c8fc96b31cc4db20b140aabdea318dc7d83f9460 |
| SHA256 | 098e571a0453f6241a0b3a684fdf3008e124ce2660247736a7978d9385eb8790 |
| SHA512 | a8806d364ff3e9543a036235c81b0c5dff87348c7302c43e00a490e8fb4cf4c4fcf8463f83a53a23f4e031bbec07164107ee174877df86c902683af1c28a8531 |
\Users\Admin\AppData\Local\Temp\is-1LK8T.tmp\utorrent_installer.tmp
| MD5 | 52edac6ed082dfb72449aa3b7683cc2f |
| SHA1 | a95d2e3aee85a89c6df861d3edcf68f8a47be687 |
| SHA256 | 0246ddf46c4d17bdc46db391dfcc959ff790e2a87e4751e75a3afd4a3112d042 |
| SHA512 | 13c0db63cc864939f1867ce24fc4d2bedb789e316fb72d9626c37240316160d5a374467ce3fb6071e533201461030df80fd0c74c24c8cd3372e858d6ad898adf |
memory/1368-777-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/1516-778-0x0000000000400000-0x000000000070F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\AVG_BRW.png
| MD5 | 0b4fa89d69051df475b75ca654752ef6 |
| SHA1 | 81bf857a2af9e3c3e4632cbb88cd71e40a831a73 |
| SHA256 | 60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e |
| SHA512 | 8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296 |
memory/1516-784-0x0000000007610000-0x0000000007750000-memory.dmp
memory/1516-792-0x0000000007610000-0x0000000007750000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\AVG_AV.png
| MD5 | b582d76d71da0734a777fc8376fd0150 |
| SHA1 | 687de4b5b0844bd720619b39c65f9078ae72e7cf |
| SHA256 | 1ce2b90c05299026d66af72b8d1fbf4c2abdbcbbd03959b8f05986a48f9034c6 |
| SHA512 | 0d9e2680bcf159446704c82c514320f76af962281dd5e5738c6e56b93c900a43bf2fc5cd5792977ae7bee5ca904774ecd0ff95dab7470901997af4fb6a666053 |
memory/1516-794-0x0000000000400000-0x000000000070F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\uTorrent.exe
| MD5 | 747c6360ae39a36b25aa8a0567d252bb |
| SHA1 | f0ce19505aca76a1f06ab3a9e1ca165dd36667f0 |
| SHA256 | 0c8db28daadcd988a8eab8b9d8ac21c3503a5198ba2e35b116a06e7fb53b01c5 |
| SHA512 | ba4f074c09359d215b78af496c6108c84b5f32df7cf1d8ad7e9e4b6c7c8fca9dfea0082a29bb71f397ddc500aae0f33b761e66fa35b58072f1fca7f99d8b4b59 |
\Users\Admin\AppData\Local\Temp\nsu1585.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsu1585.tmp\bt_datachannel.dll
| MD5 | dfca05beb0d6a31913c04b1314ca8b4a |
| SHA1 | 5fbbccf13325828016446f63d21250c723578841 |
| SHA256 | d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153 |
| SHA512 | 858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf |
\Users\Admin\AppData\Local\Temp\nsu1585.tmp\nsisFirewall.dll
| MD5 | f5bf81a102de52a4add21b8a367e54e0 |
| SHA1 | cf1e76ffe4a3ecd4dad453112afd33624f16751c |
| SHA256 | 53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2 |
| SHA512 | 6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256 |
\Users\Admin\AppData\Local\Temp\nsu1585.tmp\INetC.dll
| MD5 | 640bff73a5f8e37b202d911e4749b2e9 |
| SHA1 | 9588dd7561ab7de3bca392b084bec91f3521c879 |
| SHA256 | c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502 |
| SHA512 | 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a |
\Users\Admin\AppData\Local\Temp\nsu1585.tmp\utorrent.exe
| MD5 | 5cae7cd13223416170c5aa7c1cbe46d8 |
| SHA1 | 1699b7d372ed6b82629139b7542fdede7bc6be8e |
| SHA256 | ace0be5f95df26cab3eaf5ad4a9eaab804e35b7fc6e01b14517fd22fe9045ec0 |
| SHA512 | 757b503582f9f7fbcfb05ed30894c5c49ed6993660f137a64c6fae2dba82e4c45ca44995a55bb1c64a3c24ce480036c1ebbfdf9aa014b79e0d890bca895d8174 |
memory/1320-842-0x00000000040C0000-0x0000000004682000-memory.dmp
memory/676-843-0x0000000000400000-0x00000000009C2000-memory.dmp
memory/676-858-0x0000000003180000-0x0000000003190000-memory.dmp
memory/676-870-0x0000000003180000-0x0000000003190000-memory.dmp
memory/676-863-0x0000000003180000-0x0000000003190000-memory.dmp
memory/1516-875-0x0000000000400000-0x000000000070F000-memory.dmp
memory/676-877-0x0000000000400000-0x00000000009C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0.zip
| MD5 | 6406abc4ee622f73e9e6cb618190af02 |
| SHA1 | 2aa23362907ba1c48eca7f1a372c2933edbb7fa1 |
| SHA256 | fd83d239b00a44698959145449ebfcb8c52687327deac04455e77a710a3dfe1b |
| SHA512 | dd8e43f8a8f6c6e491179240bdfefdf30002f3f2900b1a319b4251dfa9ca7b7f87ddf170ba868ab520f94de9cc7d1854e3bcfd439cad1e8b4223c7ee06d649f1 |
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component0_extract\avg_secure_browser_setup.exe
| MD5 | 591059d6711881a4b12ad5f74d5781bf |
| SHA1 | 33362f43eaf8ad42fd6041d9b08091877fd2efba |
| SHA256 | 99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65 |
| SHA512 | 6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c |
\Users\Admin\AppData\Local\Temp\nsz2445.tmp\jsis.dll
| MD5 | 4b27df9758c01833e92c51c24ce9e1d5 |
| SHA1 | c3e227564de6808e542d2a91bbc70653cf88d040 |
| SHA256 | d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb |
| SHA512 | 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4 |
\Users\Admin\AppData\Local\Temp\nsz2445.tmp\nsJSON.dll
| MD5 | ddb56a646aea54615b29ce7df8cd31b8 |
| SHA1 | 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2 |
| SHA256 | 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069 |
| SHA512 | 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8 |
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1.zip
| MD5 | 56b0d3e1b154ae65682c167d25ec94a6 |
| SHA1 | 44439842b756c6ff14df658befccb7a294a8ea88 |
| SHA256 | 434bfc9e005a7c8ee249b62f176979f1b4cde69484db1683ea07a63e6c1e93de |
| SHA512 | 6f7211546c6360d4be8c3bb38f1e5b1b4a136aa1e15ec5ae57c9670215680b27ff336c4947bd6d736115fa4dedea10aacf558b6988196f583b324b50d4eca172 |
C:\Users\Admin\AppData\Local\Temp\is-RJQA7.tmp\component1_extract\avg_antivirus_free_setup.exe
| MD5 | 26816af65f2a3f1c61fb44c682510c97 |
| SHA1 | 6ca3fe45b3ccd41b25d02179b6529faedef7884a |
| SHA256 | 2025c8c2acc5537366e84809cb112589ddc9e16630a81c301d24c887e2d25f45 |
| SHA512 | 2426e54f598e3a4a6d2242ab668ce593d8947f5ddb36aded7356be99134cbc2f37323e1d36db95703a629ef712fab65f1285d9f9433b1e1af0123fd1773d0384 |
C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\JsisPlugins.dll
| MD5 | bd94620c8a3496f0922d7a443c750047 |
| SHA1 | 23c4cb2b4d5f5256e76e54969e7e352263abf057 |
| SHA256 | c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644 |
| SHA512 | 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68 |
C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\StdUtils.dll
| MD5 | 7602b88d488e54b717a7086605cd6d8d |
| SHA1 | c01200d911e744bdffa7f31b3c23068971494485 |
| SHA256 | 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11 |
| SHA512 | a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a |
\Users\Admin\AppData\Local\Temp\nsz2445.tmp\thirdparty.dll
| MD5 | 070335e8e52a288bdb45db1c840d446b |
| SHA1 | 9db1be3d0ab572c5e969fea8d38a217b4d23cab2 |
| SHA256 | c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc |
| SHA512 | 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c |
\Users\Admin\AppData\Local\Temp\nsz2445.tmp\Midex.dll
| MD5 | 581c4a0b8de60868b89074fe94eb27b9 |
| SHA1 | 70b8bdfddb08164f9d52033305d535b7db2599f6 |
| SHA256 | b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd |
| SHA512 | 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d |
C:\Users\Admin\AppData\Local\Temp\nsz2445.tmp\CR.History.tmp
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\places.sqlite
| MD5 | 6e9f527909657fc05028ae51bb42547f |
| SHA1 | 0709bbdbb44875e4b164aa9a3fecb91363de9cc1 |
| SHA256 | c7ba1f9ee85e8af3d3c91a5a43d4e0c84ed6e0331c41803464133a17682ddee1 |
| SHA512 | 26da76af1e35f7c1b4cdb243cd56fb355aa8eb6354270d8be83453f9440b48d355c4c22dd35cb24f794bb2e2ec54687efc44310c8f33b6794aa3a7e1a48682a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 877d726e997d257bd17213ec5e8991e0 |
| SHA1 | 287ffebfa08009bf320461df2647ac41da29e2e5 |
| SHA256 | 6e32c23af25a6c0a2c5d6913242cbe085914db83e0aeea0346dd14f0705b9281 |
| SHA512 | 3581e104c1a127113e4c14c6d0f33ccc450c43dd3b14b8c5beb17da721713eb3d9efe7603ada508da2877691ff85e8fb26c01961121f7f04bcd94689a3bd2887 |
\Users\Admin\AppData\Local\Temp\nsz2445.tmp\AVGBrowserUpdateSetup.exe
| MD5 | 9750ea6c750629d2ca971ab1c074dc9d |
| SHA1 | 7df3d1615bec8f5da86a548f45f139739bde286b |
| SHA256 | cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c |
| SHA512 | 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b |
\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdate.exe
| MD5 | cbcdf56c8a2788ed761ad3178e2d6e9c |
| SHA1 | bdee21667760bc0df3046d6073a05d779fdc82cb |
| SHA256 | e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3 |
| SHA512 | 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e |
C:\Program Files (x86)\GUM2BF0.tmp\goopdate.dll
| MD5 | 04a6438c50564146e880c5eb9d57905e |
| SHA1 | edf5d454de99159d832cc9bd0d8dbe132d749804 |
| SHA256 | 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812 |
| SHA512 | 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_en.dll
| MD5 | 418853fe486d8c021d0cca2e85a63d63 |
| SHA1 | 9504500a7b5076579d74c23294df4bdb1b7c517d |
| SHA256 | 4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3 |
| SHA512 | dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3 |
C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateCore.exe
| MD5 | dd5dc945cd848bf503862d0a68c3ea5d |
| SHA1 | 9b277a0c733ed5698b0656da8c3b99d2f90c7ef8 |
| SHA256 | 8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f |
| SHA512 | f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1 |
C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler64.exe
| MD5 | deef1e7382d212cd403431727be417a5 |
| SHA1 | fac0e754a5734dd5e9602a0327a66e313f7473bb |
| SHA256 | 7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088 |
| SHA512 | 6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d |
C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserUpdateComRegisterShell64.exe
| MD5 | 2a3ad7362e6c8808fbb4d4ccaba4ed4a |
| SHA1 | 3f896f7df7fe202f4a717713c503665bb4dcaed6 |
| SHA256 | 4dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759 |
| SHA512 | 892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679 |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_am.dll
| MD5 | ba03b29d5d44341084eb06bea8f1e702 |
| SHA1 | 7d8dd7556ea5e299b55ddc7477ca758fe2c64f48 |
| SHA256 | 6a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b |
| SHA512 | 29f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2 |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ar.dll
| MD5 | 9c77be0843f0fe4864a04f8d5f24a593 |
| SHA1 | be03adb4d3c33520e652c7a6ee45f09d5ff54a54 |
| SHA256 | 39547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1 |
| SHA512 | f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28 |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_da.dll
| MD5 | 9a421423686559027e4301d36bcf58b2 |
| SHA1 | 9669424f4e7c765ddb917a515d5a8b1486f87daf |
| SHA256 | 9d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69 |
| SHA512 | f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951 |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_cs.dll
| MD5 | 7f3dcd851645d3d75f636c8440fb057f |
| SHA1 | 85debe41ddcb46555a0d00795e41e460a35583c2 |
| SHA256 | 0b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043 |
| SHA512 | d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4 |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_ca.dll
| MD5 | f951cf3ca93e5ae5fc1ce2da93121d98 |
| SHA1 | 15bc869406857437babe41cd3f500c356913499b |
| SHA256 | eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746 |
| SHA512 | b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_bn.dll
| MD5 | aedf6d96ccb64f488379bb1fe65f697a |
| SHA1 | 901bbb7873d8f698f49c4b6be74fb50b353d7b5e |
| SHA256 | 941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90 |
| SHA512 | d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc |
C:\Program Files (x86)\GUM2BF0.tmp\goopdateres_bg.dll
| MD5 | c0b41217fc33a6a53ec69ae7399460f2 |
| SHA1 | d7dd8d543b7297f1a1e138efa1806972c9489c3f |
| SHA256 | d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b |
| SHA512 | 37abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253 |
C:\Program Files (x86)\GUM2BF0.tmp\AVGBrowserCrashHandler.exe
| MD5 | f73e60370efe16a6d985e564275612da |
| SHA1 | 2f829a0a611ac7add51a6bc50569e75181cdfd58 |
| SHA256 | 9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e |
| SHA512 | 2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc |
memory/1516-1373-0x0000000004BC0000-0x0000000005182000-memory.dmp
memory/3816-1374-0x0000000000400000-0x00000000009C2000-memory.dmp
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47084\utorrentie.exe
| MD5 | b37bf218608a501fb9fe9376d3dac3ae |
| SHA1 | 6ccf77360821ebaf051e6f4f4c300ec4940872db |
| SHA256 | df2c70310cc68741d7e157918698631f9a22c1151debc19ae51a74d32ccb96b1 |
| SHA512 | 3c93fffb86d299d14ab8127b05d0c1f6b5e7f856da8986086a93bcbbf1ccf2c23d7047001e89d15273370d6baf4acf656714354314f612b5caca436cd6062998 |
memory/1516-1514-0x0000000000400000-0x000000000070F000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uu0g08su.default-release\jumpListCache\HYg6ytjr8IzIfoRsgspHUQ==.ico
| MD5 | a5286a9606b163ee8848ccfe3992c208 |
| SHA1 | 47bc67948ff59783f92e19011164d625ca0867de |
| SHA256 | 6bc0dbf7dd9b6046441700a4d4d2a25ec6e2d4727ea1ddc4dc53c62aeb904f7a |
| SHA512 | e9140efef12fb300e5a52faab8188822a88cc68afcdb1a604cf85315764520be8df3ee848a0d24180af65c0bc125405752ff28806a1eedbda8136619c1c17905 |
memory/1368-1527-0x0000000000400000-0x00000000004D4000-memory.dmp
memory/1516-1525-0x0000000000400000-0x000000000070F000-memory.dmp
memory/3816-1528-0x0000000000400000-0x00000000009C2000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 08:46
Reported
2024-05-26 08:49
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Capture48.png
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp |