Malware Analysis Report

2024-10-16 06:35

Sample ID 240609-hljbbsfh63
Target sample
SHA256 7e1c175a3e4709a8bfb2ca99f32e266c237a1b7970898d3dd920cb5a561dc180
Tags
bootkit discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7e1c175a3e4709a8bfb2ca99f32e266c237a1b7970898d3dd920cb5a561dc180

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence spyware stealer

Sets file execution options in registry

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Registers COM server for autorun

Loads dropped DLL

Checks for any installed AV software in registry

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Looks up external IP address via web service

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies registry class

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 06:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 06:49

Reported

2024-06-09 06:52

Platform

win7-20240508-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000fb6e8d55a91d6ffe2372d548e131907a920e6039c157f59068a3db5982e3fbc6000000000e8000000002000020000000c3c4141de82a220e43e1f5db9c226115065ec5c2f8fda17125d34a639b6ff55390000000dfc01198ed37b757e0d7efc4b749dcb44060709be8c626ab58299aa15a7a205c23300f1a9dbcc71910cb45fe85f889d5ad0a9900577001c9b654b9f31c90d6612a54a5bcd446df2a6b31bb8b34374a47c3ade5ec8ff1c3013a5eff47d203a77bd3d708d8d2b1ae98fd9849ac296718b1340c2121580b495f1a29a2e46efbe87847f0ff20f41e88ea0a819c6fda51e3f04000000080d8daf0ec2933cabacf6ff5dbbf1e3efcc1a598890474fb50516a3406658e29ce76ef38b8cad0fdc089fec34534f94edc4454929dd8063e529a23cf38f80846 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424077648" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60fba14b39bada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000031ed552951ec03e4c6b93bbe2b2a58a3e54490003a19dda29eeb82d197a503b7000000000e8000000002000020000000514d3df4da7d9a6200bc17cb804b77ec42b0f94ad7d2cd70de048d23945888b020000000a7ee92a1c78c0ce8dc3409f72dd852c9cdd8cc4b64d207419cf8f2b045279650400000009d3f384b751932f96470f75e84f1538bcedeebf01114a94777815b42d0c45ca200998241e7bbde4e5ef8dedcfcf67be4f4884ccb6f97f58294e38b100ffcb716 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71E9B1A1-262C-11EF-B023-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 prvc.io udp
US 8.8.8.8:53 ei.phncdn.com udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 8.8.8.8:53 ei.phprcdn.com udp
US 104.21.56.52:443 prvc.io tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
US 104.21.56.52:443 prvc.io tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
GB 64.210.156.19:443 ei.phprcdn.com tcp
GB 64.210.156.19:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.19:443 ei.phprcdn.com tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
GB 64.210.156.19:443 ei.phprcdn.com tcp
GB 64.210.156.21:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.18:443 ei.phprcdn.com tcp
US 8.8.8.8:53 ss.phncdn.com udp
GB 64.210.156.21:443 ss.phncdn.com tcp
GB 64.210.156.21:443 ss.phncdn.com tcp
GB 64.210.156.18:443 ss.phncdn.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1660.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1673.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar17AD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4fff455303fe3271fa97d851c16f4ea
SHA1 fee7ca671ba9e89c7a2bc2c36297ec82873d9691
SHA256 de8dc2d830accf14bbb6ab9b5620cad657046cf1d9d0d5e1144eb94d4c9fae46
SHA512 f0b7554dc13dc266c1d565785e9493a39652f2b20b9c447f64d948c371b066147b681fc8a38ceebcace76f4d31a6c6bddfda6762f1269488f603a47861fef48d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab06608db07151e39dfb42f497545bed
SHA1 a263aa152a58fe046666876a7a7de8bc4f088362
SHA256 af3d6e0b7069e8b9ece3209bc0c88ceb3e8a8de4fde9251e604d6a5f690086f1
SHA512 1839479a998e12d397b7527238e27a4282c8670bc0f8f8058547008953df9fce4b480394de2678c811d79a5f59e0c8e45450b85ff1e4d6f01f09fae11ccbc424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b3832bbae10b705c5331964897ff624
SHA1 307a679e79e5b6ba3659a60f4ac04e0c282b7a40
SHA256 ab995d952cbb4e9e26707fd3f1bd442d4d9593173b17228aadad2a28722982a7
SHA512 bd433e92d62bfef6a8a0bbbc5a0f88e211bbc7c60f7d023c98cde946662359a4ec29a4e56023f7651fa1cb65db2bfd4cd05acd1985aebd21e70b9f5a323fa3a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f49f3fbf62b2c6b358881f12f68d61dc
SHA1 54c4d2a707899bba05438e9cfd7028c0dddd8497
SHA256 1d68a455be8738515202fbb8670cbde1bc18ec2867297e4e1ab6cfb5dd700e48
SHA512 7287415e6e20548bcaa817b2887c9c47752a26786309f8b875434d6c287a868522be3e8931c82d1411ce2e080893848976b00ae274823b0fa0b67624f65c8a93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cdfac254744cb074e2ee6c30469640e
SHA1 ed34c58dc57138aa86651dc649c01618e303e5e3
SHA256 6a5f441ad8e3056281c60e35758da660adcae0dfb31a8e3262873e35b0481c47
SHA512 8e7be7b9a58d5e7a52c83c25378111ad0c94fb2ebe5137ea3985ec4d983e15e38b6c389bee48c085454dbdd8aa8338a427eec35dc7154323830bbfeca5e5cb92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 950e1e97eceef0943b0d085a7aad26bf
SHA1 469baa1fb97056a39adc920d93d09a9ca744b283
SHA256 ff02c13e65dade49acdf28f743624fa3fb2f4f6603645126c433c3718c178a14
SHA512 15b755669b1c944393c1ed5c1c73af2abd576e1374b1b7afd6c2a2be674ec6629ad4178ee285e1d998463c6a101811ea9a3fad359efdc1caca03086ed26b87f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df35de986100586f30afb4aad1a66e8b
SHA1 2b648d53f8cbdf449c66ebe89a138b22ce5f9c1c
SHA256 335cb076de0795dfd7cad7618bd33091d812303881fdb59ea0f62fd6cde006ff
SHA512 9a27c1ae4388944662e6ce8839ffd7d22bfa62390edbaf1065fefb0ef831af4e46dbdd47587383a73d76b81d619afced31e0151c43c08898b4023fb4b2510d55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea66404dd774f61820bc92f16570ffa3
SHA1 544394dc8b5c69863dca0f85f3e0cb2a7a169b9e
SHA256 356309f59202a69a009a7c073080fd03e8b29d01587d8814678d14aa91889145
SHA512 4a28a09c9a44ec56cb5cff17fd3de6becc4ab3134750d14e87f3d7f151b43669620730df3bee14a6c165fe43631b57711c655d18cd83688164f3547abb9f7a07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 830aee5918524736e9ac8579ce7976c5
SHA1 39ac2f6d9c10b0c45e5db573d35cc1ec71166f72
SHA256 393640af30284bec7e1582e21a89e6834a5fef7a0d994314f52f13ed2151fd7a
SHA512 9b1176bdc7d2ec711e431acd0effad6fbfdca15571e761e2dbcac017683111c3ca30f5d40a4f477823901a1a5652793411271fd00d147d627e1390aa58b889e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b1b8338e79125d32d31e8dc2f28b5d
SHA1 19ebe2ac6b5b83fba0096353ac5eea50ea9c6882
SHA256 1776926db54a5ba02d1442655bfb908ac39698ee50f2aaeaf79c6c2e67733abc
SHA512 f24168d9136bed6c021679a9a9942b81fc48bcd4f097f946754bd3638aa56f3fe6967367e96da8ae604760357242681b97b906f7da7bf0d1f95dabd995b747f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11dd1e9b391ffa94892e604feb88eec5
SHA1 f185aebe94ed9ffe87db00ca714c3d3f77d49e26
SHA256 cb8c8be9987a4554822de7706b04093c6650adeffd0add2fc0f04eb21639c3e5
SHA512 51e9ff00478730c0f6289fcb0e67d4779bf9f57a761a999d8d960ccb9094ac7a199c78d1356f2d142d0d3131a139b8a0d8673252c2d6dfca864cad314906951a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e835e41260f17138b38635e10fd203
SHA1 f3b1f2168fb80433dec7e99f3f5248d08bcede9e
SHA256 c64816c738e7318ec3424019b1e24b3abed72727045704ce15806faf1c5bd65a
SHA512 6d1b51ffc1f1669728f45d66bd627f342cd330c3ec894afe62e475aa979a21ade4c57f88557f370492d034ff5c1ef06b7f08f64aecc1ba47d83d75f8ffaf7668

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46c3bfe6ec79d32706c99a846a7a5854
SHA1 58dd641e1e973782f9de8a9a9ad227001da91ce4
SHA256 bc18b1ceeb58acfcdd6d91da3281328d26ad3cdd36a4436a50732353952da7a3
SHA512 866667c7403f6352f416b2fdf1cf258fa7586583745786a61f261176d5550614ef2dfb48f7ec06578a3dffe931e900594118f5f6ba2164a2a36c03cb89fde5d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c9f14884d3386fdf9f9426d9d137377
SHA1 7d8b0213b5c0401b3af1dec03370ba71c7d2e91e
SHA256 0a8ce3eb4adf982e6dec5b314d67dcb4f646b596751cec892a28ca7430e8d918
SHA512 d56c9d5af36274782a85ea7c51767e501f74a311b765a175829a9e52ff398434fe75c4eadf93a3fa07e5d3f2f052edc0154e949a23bc01fb94c3e9d49eebafd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4cf6657effb9ffc26304387d7ab6651
SHA1 06ca39ee0add985ec072c44a918e700d4a57883e
SHA256 bd588ea8982f6ceab2fdccf56584eecaed688f9dfef58b09298c82a26adc2328
SHA512 3a9780df3f0aea7cae06679e7db4aa2265d82fd45dd9b60434b9f02bd8d18676beeaf0a6c54baa7b464b0cf60763840fec9786f2361c2d4795af83d27e1ca343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bee343a2597376d54a1886439064d82
SHA1 ad4fbd17022ed3f939eb9845af8ff3d45c8f09a0
SHA256 2bc2f08f3e2fcadc9d34c9aff12c96a10865c49f51cbf7017a2cff9b653c28ec
SHA512 a759160ce0a90122ceef97f17a4c3d467a0305e91519f0a3cd3899fedc2f83254e6ad11018c11a7df852a588af9aed738baf8219a915120de18bdb0fb975b917

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f4dcaf3780febfdaccdbfecf8f222ac
SHA1 89aeebb6386ad4287b615d63e76d0bace6d2b123
SHA256 78b117cef0c6e1f293af88b4e70ad08194c31d217ae42803093ad1b49dd18438
SHA512 94b120b355de0d7c88b74dc21bb8f800e3b82e20c0116b0b24d759f0683b2cc75c566db7fd224f9c393f004fde366e2f67e7ba4450ef4486a64ac05199f40575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9a1e7733f936825358b5481e4f4afd1
SHA1 ead29f662dfc24320817c0617b7e39cba021325e
SHA256 ea0bda15e74483629e4fa20923126e7883fafc7df158da11a9a8b2d6c2b9b063
SHA512 698103d05788260acb86ae752aaf9edacf0142485428fd19274687367871b99fc60a3c258a9cd41e868952c03d928adae2c3f6695a0fc87f33fc2cd8af51c6b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7495cf8584da6152902326a5c0710a9e
SHA1 5c17f8f3ce1d39e6a1a5f4f4e207534076d25297
SHA256 e8112a3c4746c1e64c90a8ba2bcd0e30d62a79bd4063c898479ea359d4334157
SHA512 1bdbf610465f5345f3610e85d0afa5a1158f2b93f87bdcec2d18c22cb4de29abede3688a71c09a1e52134346ab665494861c949b9ec0b6cbc99a432913975cb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7f56bbb838a21d6238af6db4cfb7e30
SHA1 2e1ca28230dcdc4a0f4b1f61389587fd9ed7b9ae
SHA256 adbb8d923362f7a8f4a491b16d5ee2f1fcb0ff0f521a0eb95c8b8a7beb477bb2
SHA512 a3b99d3753c3a8205e61ed8cbafdc4dab82b41a960e90008feb7513a8fb40886548607147f7c8f163408d201113ae85221c51c7c33108982f9d58631ffeaab1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07269816f77078c2e3fea30f62fed181
SHA1 2635ebed3f4f06320f64263b552f98bf8efaab24
SHA256 372b94ede8d6977375dbe2c3478f22e83e412dba767eb151b5fceea4302f121c
SHA512 5cd2f883088128e3623a0157264d3823ecb962eb7440f8d09dcac753f377e6664aa53ebfdd684dcda50f56cc389d2cc5ba01993c33400abf763c96d7499a166d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af57960be7b31ef6659229b725ca3668
SHA1 8d3d7110c16c63715b4c28835077c09ec0b53db9
SHA256 ca5a564380303c928a799fb765cba95df026787a0d95433b232fdc163f09da26
SHA512 67d75106db758705ad14e92b1ae3f00103493436f9e84d723493e068443a600eef6a06e8170254c55e8aeeefda1511fb8d823f51562b4fcaf525d597804b6e6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 711d7d24ceb6462f2029bc704082b892
SHA1 ae8902df35836c3380de028ea0655ea91e60a430
SHA256 bbc21136fa27ea507729d2d123c22ef66da5e96286eaf441cddfd9614c9d368f
SHA512 429e0cc0050a84a59d82f4a1a013b9637bb929178bb81b1674aca4bd8b3c5f9c4f929178732a0b9e7b2f8c7ec757132314b5b1706dd9ededfe48b3173326eebd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35431fa091b90a787e24a5f9f857ba1a
SHA1 d246b9c7e37261bd13737d653aacc98266afbdee
SHA256 4bc5dbf19c697cf28a4cd4e1b9ff403e16dae72f53f6aaac984970ee0976b9a6
SHA512 fde3aa3910a64cbb31fd7bf9f58e5c92cd618a0141883f7a9dc716ba0527b8f4f84aace6e5cce920894448d5f525a071d05e376aee16e378194f9e1b3cd96e29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3243abc8335803622b6f306ecd1163f8
SHA1 51074626b26a25e84b32b55d2462ccbee1b3b4ed
SHA256 35ead7c13f485e890f1a5922c735059cc52c4c791587dc75cda6343a181affe1
SHA512 59262f0e6757492792898a422478714cd4b485ee93db525f3a9019045625261f9e5c6bc64286a18cf49e95f2acaf8947d929e3fb0e83fc60ed3ea6aa8005e7b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86f2a4b615ef427615be14828a8db257
SHA1 742badefe28b23525878c0492754c3e74100d425
SHA256 329ba710a68d943fb54055c9cfef8ac3610d1debf6ddbd5862fbbe98bf29b529
SHA512 0ae30509eab128bf7253d469c9099a614bfbcfe192fd1916f309cfd1e37ee48500d11a8f172ce36e849c57bd5603ac5f73858c63ba6d2918aa37e6b0696732f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d6fb3c85128315d527066420d17133f
SHA1 2919896746579c2b7c2e1c2c0b42b53363700f7d
SHA256 925e4a4892d3138764ca92ea287f333935525ba1a1a20e673861be50e7def357
SHA512 894751e8400c8d32762f27b436445377420a5f854006e08dba166f8a5ac6fd8c90511bc81e1b3d0a276ab9b2ddb52a532622ed2f16fecd53a20ef08cb41c9fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3b4be072e798d465062480d34d34b32
SHA1 34431cacef02a8a206c46b3e9ffabe82c60ba225
SHA256 141d68448a1feb11db9d86fe30fd8c035f04680c5d048f583d5fcc3929bb65ad
SHA512 9b93883189c768c6ee6330f2f521dd71d8d9042cd0fee3ca2a438ddc84fd8060e76cebec6394ea2c64e5a2af61b32073b315bbeaa935f931bc07fa977b36e360

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55cf3513ddb890a91fccf7f474ff193a
SHA1 d44f4d6c47a4329e947cdd019082589796b855fd
SHA256 fdb223328c3077735259a279f712f147e3c10f495ab71e3a9724c6e2aa9f5d6d
SHA512 930d6141d6d9daa2733ad73c618e22255c2b748c88ad2fe5876a122b5c56fd17dc07ffad27b0e5b007f6cc7ccffcdff834b5d788d85544ff7f268b20bdd57657

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79e295cd4341b1e7be82ef67cacec77c
SHA1 f8627076e22904e26d84a9d8bb9b037feb48fcb4
SHA256 dbbb5470bf84b1daacf68c1db24aac6aac21d267cd421f3bec3cec260d1d785a
SHA512 b099edd9eb55df1afcd2d4a50f0a1f38394f0ca5cec2d5ece451af0ae63b6c5de6d1b81983edcffdb7b9180edbd10219fb7b6efab0fd3b43560d09c8611350f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d3d85f82c68fcb75eeb825e71c0c9b5
SHA1 bb103c56f7f208670821ee3dd437b38e7c394d50
SHA256 7fbd247e3b1c3f80f97177299df03acd2cd39cf0f33e45b00b433da1b42b3420
SHA512 eec8c4d934b2b02c1c934ca19c97e83dc6b0306fcb5b71659cdff7d55d4d32767098537455a0bc79368cb6e403a6565398fa333bd53f746e9e1c4d3534946d15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8428c7e90a9041830ba6423247bd64c
SHA1 d5806e6eb66a2b98e30fd7ef770f8cfbd29417ca
SHA256 ded51f7c6d8ce277b3d991aa7812a9b51c8c10a672e59b897a413b73dfd9d6dc
SHA512 eafaea52163206cb7b0efe4578912a6b274d7c939ad4178268430b7cd5e99b2d759d6fc04794b25aa16999e4addc012ad7c6bbc20fcf9d0a0f1ef78759232d50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41350617dcba075018542e20c10cccce
SHA1 922bd56a1c990c786d82635f8c1523027d0432a1
SHA256 d5e5df365f262ce9e949fb4f903aa7adc67e33f35a67c4628281b79f89b40e22
SHA512 89ded02928b31e137bc058b073f858812ab5f797af895daa341758395af5256a992537fa47e97fc92eed2c6a4b62bb3b9271ca5448fdd837422678296cb04808

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea502ffb4eee1370fdeb5bec081eff31
SHA1 a1555c5e3b25de1114b6b3d94da08e3dfd58169c
SHA256 4fb211279b619cfcd742158783155c2720c9244755da9f1e331ec9683147b1f0
SHA512 f6724d7993deb92d1be633192d0d7d3813b8fe5e3b8ac2d6083be9a3161e75b0e08cef66bda16a1f2f08df089ea58508b181a9a9d3f76df43fc8aec42ddf6e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11dc852e5e5eec387bd96b5b99c063d2
SHA1 1861c06ddceeeb90cff1ebfb27d4c0101ce6749a
SHA256 3d9f2a6e4acaffe0525f3a0db3c54978b39c165b11b9d7a372804782cefc0a9e
SHA512 928e94d2fed1b17c73ecd38cb69a3a9bd73842650bb93fe0b330c2023e8ab038763455e7cc523597dc0ae92bf168ea83fb7c018a906d877f83fa31278d9432b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 623005a0214ea72fdb24b22c418d4b60
SHA1 360d9f413ecf21408678e21c5bbd686ec23642f0
SHA256 50d59be162acebc29953a7f96620f5397319adf20aea22d61fc17261c7d57aec
SHA512 df73cf90b68dcb05fe7667c884cb102147ec5f3af370c07cb404820407b4a6d24e96230cc0e0fa426ce418f749174334b36a6e24c8ad2621428e56347701aeb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a827e57abce620bb240a4f0348c7bf2f
SHA1 f9a51d4d3083ce383888e33146460bf7e4b28a73
SHA256 e27a105ca5a46e367a04cb87edd55924b5d55c1a9154cc662e8c8c1be0e62395
SHA512 05f79cd6eb92ac9c7fd2082b74294269e5243e78e4cf63afeede562197e515f0b9fe9bce91b6dfd7ae36bdae8e725dfc7390696f0bf866537ced27a526c04afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20c1aa9335ba3406826073f96e71caa2
SHA1 a3924b43f73bfe3e4dc6322bc9233911b7a2161d
SHA256 6154c9254fbc879f00fbca0c5be11c1ff197720f4dfdf73200f8bf2fddd0cd49
SHA512 b969b98857fa6f25b51fb39618f71075abc7acbe3e819a10c54893c3df20cb10c3e099e45567493ccd367cf7bde0cb40283c30a01436954767ffcba9e4526a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55f1dddf8e95ad1bd1ca3e2f3384274
SHA1 7948116f7d1ee827f1346af0c9782dc1a48a1991
SHA256 de88e0e94a3112d9b5657969d16c6f610261be78d524329d529520bb854da145
SHA512 8c5daf237f66998ea41be912ba25033f8304af8d91e241c2d5c0600a2448570edd245db3ea1ca03aaf2e3f057e086855d6828587e606537504cf4dd6f16c3141

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e61f733c944107ba06616b7b7039644
SHA1 e22d8753f8b22f6fe08be9cc18102de816e81466
SHA256 f4e8b68c2d4329034005849a15dd97ac86b0a28d460e4237c711eb738207e108
SHA512 878584b33998a211b8a9242ed7ec9b376b758b6dbed9fa7cd7af15599cc23da3abdd76c704d06c3324ab9efdbe27ae48d613144fbe8386c38b1e37f635669749

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6ed717a140aeaf7d425db2cba208114
SHA1 b7c245515ef0ffbe24df2b73efbca9ed5b7a427a
SHA256 06aa060810ed395c943600401e250932de0c7aff933234499a11cae509df8664
SHA512 e4868b7af7c0595c3aedb46c1144ba63ca996cfa12f1e48098c232351e9377cdd35380005d7d8ef02ba3e141791db98f960acc6a7d1319b18f0ca15250e66ea1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df6cfc161778c1df88efc62289d5080e
SHA1 a0e131f2dc9ba92a7b83877d87dca3bf4333e257
SHA256 af9a3b79d60665b6bd067968214a48af011b3bceedb49ea8822f70ddf2c1556a
SHA512 5479ccfaf7c80eb4e0611c0ddf18653a58b0efad0e49ea1892c6329eb11643b5d8f2d8dc8f50a1b2d51f17a4f2252e95a6f669e106039dea643c3706d2236962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d14797cdfcc9c1333df98794b3b830b
SHA1 2c0da406b408015208a916675751e7dc1d9f9980
SHA256 2d222517c3cf8e16919c4e0725cd89849663af5ce4c263c3d083e9b94c502f01
SHA512 2bbb286db5227cbcc2d0310ede6c47c29306aaa74f05f2dfcaba084c3d5d499d5b6d0c92e1d968466ca315e86cdd2d6502342b5621dfb4d708f3ee4fa883fa15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8c3ac16b3210b328992707b759e08a0
SHA1 78deaa337ce232693cc87f6b044301e0ec22fe1a
SHA256 31f0cf01759081479570c150966cd6e2ae734314bef7bfb43042e2522c614853
SHA512 9aaffc3a5efa7d39dea50428f846a449b2c129c190c68a1d9fd078281f6edc02dd2dc26aa7151cd885cd638e2f3c2869437848796b3a20e3dbe7d8050e637cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 323f4bf07c953734f539042afb3dd291
SHA1 4d4ced14332da260a119c269c52ed1298219782c
SHA256 4db08c18998a388f07fd3dd69d382a6f8cf19878e116ecfb50b6f5ec519d000e
SHA512 f227d8ca32296756e2381e3b683aa3cb4e1d03ee3a302df2590a9f6065618cd084ac3df77b7a8c32fb77c10e3893fac9683b29f4cc70078d24eced879e215e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6467fe7ed461ee93c8e82a89b01dedc0
SHA1 9e7968909116537c586112f67689c967015d967d
SHA256 cc12c47010e4955adae283d4fa98f5484d014b45efbf53111609d7fbf1389b07
SHA512 1cc1787abe5df3ca22e7cde9fc5fa1e8c4c88bbb85d3fbc04f949864985ac140e15c198faee3282ada567942f25e41b3d0f76f6cb5d53caa66b0db41a0b576e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d191600036a5f522426c7a89d819d7d3
SHA1 005c4c8443cb3396086cdf4ac7b2e3271e2e9005
SHA256 8f7f21dfc535c7098573209f7faa00e544c98a5452fab1b5ce7f33902a5d7c5a
SHA512 a61e0033fac464cfad3ae2f3c6ac9cc5ab02652a0ccab02aef458eb8959ceb32130f185271f679d8a51c2329be9ca3ab6cc2fc2f74d29c2be713b6db5d05d21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b68eee06b378f611e87f397bceb5423
SHA1 7b728cf0e396fc3e4c8eba07db5e5b0eaa919095
SHA256 9bcba9e517c8434631ef84824a29c663b049c773ecc1eca02cc799438fb73d7b
SHA512 52b2caea6a8f8455e32af0a9e31ba1fc17c0c2842aed4f0134ab78890da045937fb91005e98e6676870db1d64f42c2e0bbe7ae54155628afa4f2445b6cc04c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d53af122c1c0beb1c4a14b949c1833e9
SHA1 82ef09e3b9a1c371150a3079e58ea41a26cae97e
SHA256 f50aeea0afe83208ca4efe5f5db760058e5944ecd5a0f236b734922f1cf6e122
SHA512 eb4c075ec9e1d7ee21e7301ae43339f966f6e40e6419b8b2f9fc725ec915c9c396beb0d57c49d8c9d7a6715fcb99e1db428a2d5cee0d26eafe3e3e8dfbe602af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd57c37d807f63d819b263b5729bd8e
SHA1 13f23d7eb8a8269913751b278a5a3e6f64aa9487
SHA256 ac3efe8cf27d30745a04146281bebc15148d6cd33f40846a89e1e36f604c5919
SHA512 8c3037ad98ae9e69e18e3fb72744ec4b1b80430c46c0066db9d774a1250605c71a9b4ba4fbadaa66228869468b1b97d1a2c32709e6696d028bd663818a9cdb22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5112abb0336727e8fa3912e5556d6acf
SHA1 e6984aa30bac656c0f2632abaf8c01ecd7205e19
SHA256 ec2e5bb95bf4a47e23fc97b9872118b85b1ff35bbd97bd59a80825d647b88fc5
SHA512 d59bb65f887ff9004e46f8b205fc0cfc9d2201022b46b8ccf2d2b849aa611ae927ecdaaf1d879b8a0a941c39c797ab8961365477f7bc0288a8610a5def4cef94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5abbceac803e1d611150c37f2a5d80d6
SHA1 a82e9e52669b0e5750ed7761b55629c7faa5f8ce
SHA256 0899a15751440694e2f20131985c2846cd6179e73ad0e5225c7a4254abd784bf
SHA512 b1afab797dfe9436f1f7973c3f53ceec9247fb71ad251c51e41162c3457f801e72dfefa539cce3254b1a6e43e95d6f0c6543205389e31c851234675f880839aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0afe16d1c3aee3827bf2c7e104121c65
SHA1 195c044cf215c3ed3488dc3151a768a46f799e09
SHA256 e4d9e29e6cd7386e17360b1587f1e8c5f199d0e343efe8cedfd19c5b06783af9
SHA512 535aa81fc1a9bd9c549aa90f825cd1f5e342529d021dcbba9072dacc70f9003313a6bacee3ced91dffed0eb9d68230cedbc2efe5c7f123ffaf694490fadb7c87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c4627f4c3200a3d4b6e3cabf52fd9b2
SHA1 c2ad8b61d5162ec9840cea755191964bab211edb
SHA256 4ee9cc8cac8f6ec52c2b90c8f5506115ea53ab3d7f66ae5d57d4c39c80afce6c
SHA512 e1b98a12eb3296ae3c8dc04bcb28e12458097ceb16494cacc25645e910b8354adea39ff23728bb93497433d084db2c793dbdd8bcf28219f8f2905296d61e2cea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 709b0cd57e1956d264b04b593eb5f43e
SHA1 6899fa712f329b1572c303e89b6423ea304f7a16
SHA256 30d89f6ff14639f77a6f7be3c6864f715ed321e258d8a9ee56e6535551ee9d8a
SHA512 ee37a56528df4e771b26735f5f5af8d4265734338d7f9bfc74f5f2d402b6759432cfa13210e64633869dfe2b56a19fd6b05ed81e94b6416358f034a2d8108341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9899ab03a9a21d303e8b3d1d933c7b3
SHA1 cd5bb0cbc52916c43f1880407790fd973cfeb5f6
SHA256 690aac3d1c932c9d5322c1dc02f0b305d15ab28add8d8f8eb03d4299f2d8e1bd
SHA512 3edeef967460ef5d596265a74a22900d3c7b923fa9d7c57796b6cbc78050fb81acc84e7462f654ecea0b3c1f07101e18de55d65050eaca7dd698ac75463558de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 497724f01119712e12bf742d55c59ad7
SHA1 9f3149e1ee38c7fc551bd10d4d6a8adb8c60121b
SHA256 ea364e179e734510d29b5e8a9f8a7c6553bf207974afc3cf3740751c2926014a
SHA512 6c87455741a101f28843f18e64e03bbc18dba556d1ca477f0fca50d9f2f03145b8bb460308dbbfc2fd92cbba8ff4df67d36fd4c5d3378b94108d2ec941e1ea34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0ed5e1c3c673b4c49325ad52305ca20
SHA1 2151443caa49a9484304f944c4c8b89a5d60b99b
SHA256 637c49bf8d54587b1a7f09b535d9108b54795a37e0476197e43c5f58756b2641
SHA512 ed19683b943291e2402084a5e39d05ce91abd7334cddffa95ae82fd96e75660faef3b64af3a1cc799ebd9e1a3860fa2e5627a73fd4d8dd3a2f1523e3d664fb35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3ccf7f7fd8938a959adcd773b683e0f
SHA1 758673f4fd35919a551126f1ccb58e69b842dc52
SHA256 0572650ad9f06cd3eabf5f726486a7718e6802eccb1cd8bf60a1823a7c1cb066
SHA512 5574f2423210a0b783195fb81591bf30bfaa16e71684b8eef8bb8ec2b0497e0bd466b77819a87e92fc609e69f682b86eee9d292ed610f258d0daff202ac45029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a48c7a59532ce5ee8bbc1f92be1e6dce
SHA1 53cd74ec785ff26443af6fa1013d338ccd290040
SHA256 4178cb4fd8b3ed0c55ef923e2ee13a7cf047fa794553bffbfcfc5dd42749357c
SHA512 8ee612a5fad949475e577b314ad1f8d42c6fe1a50ca25d778da45d0bc30498c28b4d99d7767a8c20a223db406cb7649b1c7dd8c495ec5dce7f57a66cb57c7140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 277b4a73d3ed02c05134c72928aaa64a
SHA1 c2d6012d68dc19aa41ae77297dc0dd2e70b5ed6d
SHA256 ec7f314cb557afa6529cb8127e8c0aca47f1585bf7c63521e896596da3a251d1
SHA512 599c12ceb76900174e123bf8ed627994a183954baffb5095e4ad82e492ee9f09947df7d38df009d0f889af947b7272584044d98a5e69ac73645db9389f27c1bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c10f52c8d20bcad450a98fc472aa308
SHA1 5a55a53478da7bca67d9672d2909e239de0157a1
SHA256 480de5cabf8ff7f2ecb47c4dddcd93fefdf45c0816f2fdafe7ee8c472e3bcc77
SHA512 34aaf8f9675a625b48d4fc117e97cb41cd1c1639ff28045c6301b85d7bb421ea652038bcda83545450a4ead295b95e61a8d19793ed8d3ed59f358db33d31fdb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a3da4a973dc51cc36c642c800b757bd
SHA1 addf0d3b192d2bc14c7d0758b5bfcd00c433448e
SHA256 843d38dab291ce193731be4e3aa312f74b8c455aefbfead20a9335f9f72d5543
SHA512 706f189ea9deaa23e3515bfb8c23363ac74ac12f2983ad51073b53e6f5159c36397e0e4b4c0dd1985e5717dea2f44fb596b26518e6bf4520e9d2c0b82b2efbfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f558a88bf0904d294b269cca1b74a4b4
SHA1 5360474018513d71e591a785c3ad98d637f3c0b9
SHA256 2c037c9a764c75fded8acceb741be50caf6167ff440a335e6e71edeb48afd47c
SHA512 41048593eb06f78e23dca44b563d6d3639be288e0572ac41388b273a17506121f7dba8332a04e17b1b8092e23936d609b1d92edef620d46811543377be58c9a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 721e004d8795a64ce5147228b9844f46
SHA1 aaaf0849bb90d5a98803c860ccb4f1a503b63936
SHA256 31dc4df9d35b48115b3f802eb775b24d4db80ee4cf1901f8b770a7f0619e8525
SHA512 8d899da12da93e8b9ddb81b0e4512341689f2c8e384778bf34f4aa7b28ad3b230d66c6b56eede05a992e45177d72564db460924e2bd311c4025e6451d3a4bc39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20b4ae5f61816d7efaefdbdbde43b510
SHA1 f241ee40af45f021c60c5b9c4c451e1da1515790
SHA256 66722706cace198aa2d469e352fd93c4c2684396c5cbe96b1dd05a020b6b07fb
SHA512 9ca9b65c2d1a8c9c3a9fcf650e6f224cd5e2c61bcf62f87c24c5d54269ae81fb32f14b9a9c7b41b30bf73db612479c2fdcca2b8efc3279fc80ce64a27e21369a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb6a4c2a4a12cd8d05430e3a480ba777
SHA1 ba17a9d7ff0ae8a54e07a995b8f5a99d41afb66e
SHA256 37b35ffb55d55fc247aa2f58e5c88e1f58622c3d8ee4a9b35a1af29ad8cb8f52
SHA512 45d5328e8df235ff5d4b0211d4f0d73cfb8f7c0e5535b460acfef11a328a30004c8c8f221a6b650c1a71e874fcec495c352b5e86487f255c5aef815b796e4c03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5bf21ed6fc29ec8df5464188ea145ca
SHA1 b3eeaf3e53ba222ded7984f12274198773d79daa
SHA256 8ca928c0e43701e6693fbd5f3e7a4276a2e9d2f3524bdbecab94153025ef8595
SHA512 6776b64d00bc5f3559b6ca7bf21d0ed42a222b7ade1e429ba70bff98fd4e4f33b4aed59c19e0d4a710eada4c89695fa919fdd9347e114af3fef8e66928d70d50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee8b3a148b4da87e755b7069b5b8842e
SHA1 9f9980fde93b78f8c2f5b3476d88f28d8bbffeba
SHA256 dfb0307868dda63aff678a1189a20a100220913b52126c254cb7b085fd0fd584
SHA512 a96b2505fb53b58b20953dcd6d0082413f560bf837700a60402204628dd3fc108453220e160b0b74d3fc06511db1c537416cce174e36a9cab48b552e177738e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 529adbbc5fbe5a9675f53b8359954431
SHA1 d83ed926231dc87788ff27562aadfc7dd0bf9c63
SHA256 449f9882e4315696da6e16d67ad84371396cb404529e402a965235a816f59382
SHA512 8ce405c222d2bfa780bc4089c4b5b87f5a7ca5e261b6975d62461a4cb5d951870ae4e29dc41010a4e6ad1d351513c1fec5289ff8e4de7411b8b4374a1c0e884f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 558f0212c8f5bdbdfc5a06098461312d
SHA1 6d3ab405e3a9f201c2528c7261e1d7cca36eb7e0
SHA256 68a09853e0789a483c761a34f0e9ab2c27d49e529b369af133a1fffac0171f5b
SHA512 7f7b2abf6fb71eae5dbb94c22e7db651d778522d87b4154e225abdca91970d6fb2352e31cf041df6c7b798699596aaf7c8158c8b0303520e3f3275526602afa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9f3b8a80186fde2fec041e6b99bcbe1
SHA1 aef3acceaea75cab0d4cd7323940a2a0cb178f72
SHA256 80f6078cbf89783c8f339c48392cf4790ab3d38e8ac9d74fa8a5f4e141b3a9b8
SHA512 085427c7a1c0acd6a2a382c156904368f22cfe1da74046393657ff6e62ce9a6480abf1b912d7ce71aa13fbb7befe93091f439f63c745e64988c2ca1516966b1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65c9a498ba0e8c464674ed70e8b864f6
SHA1 7e0fb722427a7848184c93d9eb6221a9a046a82f
SHA256 33aef9799158e61d67d6e025df8eac8be3e9c779f2f448c64cf6b967adc72491
SHA512 661341c2b720b5f826042f636630da276fddafcf93faf56612149d22dab34ce75a199fb2368617b0d3ad8a08f8b7b54d4efc8d5e44c36499e856a06eb0bb0393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94980c960c15794ea7b85847ae855c11
SHA1 57d8854c79895649a06b9fa5ef1e24d7b0c431ae
SHA256 4e63b38ffce3d1d8c06570eaaaef729a024d4e2c56ab5ad4fd295074ed09486c
SHA512 ec4b59118d425047e4ef539041bec974c3ee30db13f16513d945307bf4aca60661b6edd13729e5383c7ac6a37b9b9d1a65e2b010b82601e18651a3bc169de136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faa7ae3b607b4fda91719f059dcd03e6
SHA1 4d412a2f99172bbbdedc6a8f08fe82faae28da26
SHA256 1ad3b1318e72edaada9f86dc67503f97414a35cf19dc978bef6916c6ee1a79d9
SHA512 e793244baf939aa8c7bad67676c077d7a922577286a99f5430148a45d599cc63064b9660cabbaa848219dec3ce69450771006212e1a535fb1adfe35e4683c17c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27943e8e8bf3ba79fa654d3dbbb0611f
SHA1 d28d2073096efea234dc849edc2ffd0bcfd2dc8e
SHA256 016c94f7e262f244ba8fe0f3a7539405ae54e7c33b0e7e71314eddfe8869cbc5
SHA512 355d13bd2015ab43024028003f1bd0d4bd56896b9beccc2018adfc696138d9cf456f737a120b1fbbeeb01ab4d728201885bcfcebab56363dfe6c3f7d1723d38c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac85458df07f13aabdb35b03e086a010
SHA1 8713ef4e81497a62e823e9603c6cbe2a3b2c6a17
SHA256 158163c856693540ab0c15e8152addf69c36f32f0167ae21cd9d087aa595e39b
SHA512 80c667c15dcc14d9be13b2c7023e00368de188005d239ab8692329bf072428fcc34da5c8d1c8d762755f7985a0f682323243812b6382890f80e09438cdcb95ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2512b0c49c5bd2208d745ed344c08ab8
SHA1 82c1a39ec48bb1c894661be5e2a61d773e1c8667
SHA256 ee2c8660668d9220d234fcc4a799e03d39b08d8d44c64ad347bcb4ab91f6c4fd
SHA512 a3bec4fd18e37c3bb90b572aaf3caae3c48f39f155ccd31055e6359033285c9d15bb3c0a80af478e460c26def1900af242618b6e7aa5d7d9fa6fbaf01f72b28c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36a448e56406451ab74f6c9b666dd5fb
SHA1 ad8ce9bd6adf8751f2e670cb1d3ef3346f14982f
SHA256 f63981c657d0ea1c25456eb460a928b6309f60fff5eb108f2d1925ef61de33d8
SHA512 5912f1f38c1852108ad6327b09d726b1a57be710ea64e79a2950fa2b451090061333504754575b7b3318f82d554ff11099b828fac8e4d36d2136d2654c52cb39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d80548afdebbf5175038bbdfc24ebf7
SHA1 c8a74072dc8622aabcdea1342e30560805ff810f
SHA256 13927a601f0d2fde924d1413ab628ef350921ba1ed3a9d75efbf18054d30b445
SHA512 c04fa902d6850fff7d9e535aada3c888e7d165477956310512562739185137001e5ed47dc4472e766b8504c4314bfce619a9c4d86339b293df4b8e419ffc0196

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0f5dde6845a7c772a80900480376c2a
SHA1 492eb7b59181e9a6c0dd42321d7bec37dd0bc770
SHA256 dc5c132a4a01bf52748035cd6bf19718ce0bde07345065b8c594a945f8b33ae3
SHA512 5ec480579f782d256bb3cef4adc792e542fee490c4acf2d229575b3b44ff690be27273f914a917cfff550aefc5d966a49c471ea7016b797099aff18226ec32fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6d8151165f3f2f9d561fa631690c1e0
SHA1 6db96d557ee030d0acb8bdf56828dbde20aa9128
SHA256 683279d10363703811119eac051502c4b488ece626ae09f9cc47757918f62654
SHA512 3968dd91e6bb3fa3048d276342fd9965de3ef354f497b131396ad314e714cb322a02dd06887c9568e643cdd427239d3cfad8237f6f24041733d08ff35dd7a4c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dff9e96f935dee3c696c37eeb9cc8231
SHA1 d3f29f26ae9564ec26653e890ebff23f8d00095c
SHA256 97cb20dc89e42b5fd9b9fc3e71c9e5e0f086394737a929b8b3987273bac28fba
SHA512 4595a0088ab2803334de1ca6c69ef9ad8534877cb3e7490cfbcfe5bf7ce287801d76f67408f3bb18d48f09cc47ba8130cef25089bd9063cd5e8307fe2e66ea09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e9adaf1e044939e0cde49c7a06cac79
SHA1 8e52fefa4e0f7aa7920ac3699b8d8fb8c7ad9721
SHA256 c5141be1755faaf4da87215963613c53b67ca2ec3fec604b4048bcb24ad42c28
SHA512 385f443f62d768bada16c28e7b3dccc12759405b583b97e1a3bcc048ccf604ec78d9261bd13877609e893f9674151aef8a3ad9676da1748162f3ed1be88a3513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18afca4e3dd76bc6c7964686858c8c89
SHA1 c29ff49bc23148dda2d39e4f1ac365238d532960
SHA256 8b423f463b0cf84f3d2d4c0e7aedb8dd982c18a2d46f3baa20e20015c4ba037a
SHA512 ad4c6d721bfc90356363b85c9d2f1178dee503d44a7eb777d544f3a33331d9668c89027628c946b6e79d64491f1a3c50a6e27ed53ff3731b3d70a79799501eb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7fb21dc3ac6bb4eea61cab0db8080e6
SHA1 7ca25b427c100218308339e9244cbb2554b03dab
SHA256 175439425e3eb818f1211eb670f6615552105fd59c5923d9de283557b970a5bd
SHA512 3f98c29112122ab1facb2c543533933d125b72fb4214b813a6736c234c46bc2b9dab4b6f0520fc36b9606f96d73bc80134547cb172fabdc797301b236afa0e55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7c78f57d1f8cd8c5022dfff18732ad7
SHA1 cf02a5653f6486212e4583548ea2c30c37ed4fec
SHA256 02aabb776cf986144402d9dcee82b5013f3107e09123d329a1b4486d973d917e
SHA512 a040390c34abb3b56f6403b7fbc546691fe0c2e83e36345b6653284916801fad4559e7fe616d7822258afb5d673063adbc39e27188802c94dfd208de6d0fe8a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c50389dd1ecb39e2d7a2dfd26110ccd2
SHA1 7308a5b9cc957bee37ad233f6774a9ede0baea71
SHA256 6881787a4aea7075bb7193f10c8bbb3aa2ecdd2b2fb735023d64408a45ac98af
SHA512 073a054903568b91c6b00eedad09e4c359022a72270537ad5d75f56b2a3af8a23b5800decca3129fabc17791328cc7a4328a6a68fb47f2816decc77e0d875041

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31dfcfabaa470982d46e64a48ca440be
SHA1 14bfda027a2a919800ac0ba23b16b96fa032353f
SHA256 b5d4c39d2613d45f55352205498e82a63054b1c42b8418b96e507634a110184e
SHA512 e9e7624b8cc85b893b050dc92679bb4a3284c9d43d271f22a75c9e406bada3eda9bc7f766acbf8a2b7839683115ea599d2de18a87a164754ede2f3405c17b250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a241f0971aa3247afa4d1b0ba135ace
SHA1 993d7f02c925e74e4b0d1641d3a72bd08a7cffc8
SHA256 4c501031639760d7e5074c39bd118052c6996b8cdd52b0a07b410458d2d858af
SHA512 26d4186a228d8eaccbe1e982a748e6bcebfbf4fceacffcc132340e5774701448e48e5b488a307637768d8ced4cac873a34757af55288b9be067a382aa7205fc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b489c184b061581d798409cf5d551e2
SHA1 9a6762e80e13073a11a8d38f0f21b02108452845
SHA256 84a57d19945ab5182908e97dc837a82ddb89e04a00f5a520414f130d09c100df
SHA512 209fe853d9ef9eda9e7a4b12ad036b920318ad4747e66b98512ba1259965eb8805fcaa18531f653c88ee668df1d9f1481629d8cf8a29dd7941468ee93474de91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e87d112b17b303d1f377f2285bb42fd6
SHA1 13b23972ed63b249b8db8b100b239e50f158ac51
SHA256 457c22ded4318d474ccf202ea45495db5f30e7b9997246e8fc41d33c3ad4ca87
SHA512 3757b94bacb39e68bedf7fa4a6845f25bb48f4539b6b2dd9304b1914426d49a6abf0ac50a057a33fd77dfdd400917f01829c52e8d8b47f36dec8e7a0f7dde639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a584cc7051f262d68ea88017e3a541a
SHA1 14c45c60978527b65d62c28d09274ea89014a3a3
SHA256 8b6ab9c1face235b5c713dfc9c5351f46931e79ca486dff1a49b059e2e4fdbb8
SHA512 e8c87541befec8e151082dd49434cad56378d7b2fc6a75b207fec8bf3a4f0603231a066728fae1d4859073de205c2e70fd369a1258a4b753d749971db32df886

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7339e4874be95a37c55f545ef8975279
SHA1 44b9f4e63bac60a080418c6aaf95ce683a06983f
SHA256 669f806dae8437946c2ba8a50afc718858bfb8701258201c945e69c838ba4ac5
SHA512 af8349012280e2c6fd5be40e3978b4aa56d6fffc537354e2bfcdf7e44ac1dc70a1c4b8c7413d41ebb3f55a8ef1cab1cba83d13cd512dc53739a70ced55fff549

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d60a1e713921f064ebd249924c4a49fc
SHA1 bae5f8f0596f04ea1c5728efbba52d29f19520ed
SHA256 ab82acac7ed29c9433a299f7cc91c936e3161aa38141738768b562d5743e6949
SHA512 6c3f01f800f78e5a595eb8a3b9bef7817612154d2f906d5b28e266e9b22c6d1e0289569a4b5efb553ec54118ab86e08e1469536be954bd12fbbfed751ecbd10f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0380cd8c0c592a6bf6088f1136455c4
SHA1 bab9352e6b9db3b4ef1d1aa8299368a2623166ce
SHA256 6e2ba4770a30f71642fccd6b1fa0d1c2ef6b6b36156525ae61e4f0838c82b102
SHA512 25c44121eda2951deb73ad1a853c499bdaca2643fbae3b4b3aec9e9a04ef4af8653ee013975826301ba4eb699368ff0220d70c05535da189de867daf6a081793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 868ca3b77b9f1c4d1fe4c8312bfd4675
SHA1 9e4f52e5317435876a562a7bcf7ef9354a6cedd8
SHA256 f9e31c57b5cadfa271e72dbb0c300c635a998e8729a70473b535748ddc611a45
SHA512 6996600a29374aa51c449ada94ee3c2e63d3d499ec8df1e0fbb3fb801e9f89a329a47a364af5e6d547ccbdd3e66e3aea6e56629deab675c78f93eb2083eba446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4cc3a16ed219bce29b84135f8a97aa8
SHA1 fc7f81ccbd2b36937da52e50f8bbb5969aa21bbd
SHA256 3cb2fb676d8a960d23faf5ea6567aade311f97132612eee10bc6fa497e29e842
SHA512 13283551e7d68e909c0c25805cacf28757e4177f789cb1e34541f15a71739b8667468acb981b82f5991e008bf0f9e8003410ea4a9ccb237a74f01e4316a7a663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2b5149ae5692a0796a748246ea4a85a
SHA1 61d7ccc3d74864551f3d2f94032382db2fa5ed43
SHA256 05e3e77f983d185414d5c73b1c44cb0fcae248a0b54f5e0b9d99f472d2eade18
SHA512 52196362619914a7f531efd047ee5b08adc8a50e250dea38242f65edfafe96dedb84a3b17ef3a1a4004c0a13cfc52b91bf7315ed78669c84c4ff2d274f885cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 845395a02f6514dd4ea83fd08160373b
SHA1 158a5f3cd2aaba598a18f83ce695e4a4648cb371
SHA256 4c14fe4cede4e687ed9d7186167ac854f9cb148d10bda57527e04249a286bccb
SHA512 cc55d1b4e7fa049b32c0dda628daa85a70f43e0446b61781e7904b7b3050b9fc74551a898f8bf0b2197ae9f70eac471e8714662f9d7ae027911764a3add566ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a1e6d584326813747a7b795b4cd52b5
SHA1 0ef7af7dc223152536baca93bda75cc63e4aa5bf
SHA256 e568ffdeb40e612329116099c47aa19c628e8cb58a78cb70ece6f9bde53d8e80
SHA512 b2c1ce8a796aa733928aeb8750ebf1831e26063081afd7ad0aa7a3c17dc9a2c1e992142399d76e44801dc8a9ae0f9379b6ee9eb65ad6899e9a1e84483023a356

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9428e71483be354d3e189501f94966a9
SHA1 b19a11dc3792b74fb0841934c2d9c117a73a5f65
SHA256 8558271d35647581ceac7ce19142244cacf037f54ec9d220fd1861085b0833ef
SHA512 ea546d4bffa80e497fd65e764769b372cfa5a3933aa59e145a75afa5a56ef44510c30b27def03e5473ec82b7c801d0eeeb2889f2e091c06c583d5509f50ab0d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e6f174e430c0625b20d88f5aee99f62
SHA1 8487749297b251484ab8775b0c0793fe46fc16ab
SHA256 a21c779a28dbb776ed645e1771b18d59dbbe07944a615f0d680c18736cb941d2
SHA512 1ed8e529d8623ab386d0cba147410fb0f2e5f0290a7087d156df08332305ec851a66e0cc4059058f279314f6304c11bdc5783f67971f7f592fafe879270b1df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7904a0e2dd7decf88aaab92ef4008cbe
SHA1 282c5e31c9ced0e39b1908b061469044b0c6eb53
SHA256 be6c1bf9094203079e28c8dd8073bc7e55a1da66d7c2a81267f1a5d75bdcfb19
SHA512 8473da5dcd934c95a4c5048206d6552653c50c4902f8f3a63ad1d033d0272941a6e64ef95cc323d2485baa7e3da54509baaacc54d0e5c9e2855e3d9943f084be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8fa4787971182023f736bda3bf27b42
SHA1 fca47ecd420bb5b0169a11ce507c9ab1f52b67ef
SHA256 3c12dbaf8e89801eda3d32f9716aa03a287c9956e0a798f5fe899dfb08120613
SHA512 4ae6e9f269934bb003d4734abb7913366131c6e1b5ee6472ed1b358ad78f78e1f25d029c1cd77cb868d37c3c0ee56f83ecdbd3e239a7ef9e213193fbdb5279c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 825548e7542516fd667658d5220e9b92
SHA1 137448ac04209632dc98febaea4183cd0c305450
SHA256 964096fa903d800b00b2a00fd960894818041ee76a3bf9d513ee7557c3baea33
SHA512 7106f5bf60cec7e37cccdc2428e5c72e117e6a19b7fa921014b7c7b95a2c0dcc982ce599c969baec3c774620643870b492c7cc3f0c80b371dce450f445106927

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0249fb940c23084f5a87f0f4c5fd3285
SHA1 00a6436699843a40a25256bf59bb7ab0615e616d
SHA256 923d45510bfe9c085f5ebee74362edac2c7c5f054a5ad21b16aa828233ce6846
SHA512 c7d986eb511d3ae8a1d27dd8c71d4313d245657db9d853bc46cd938cf0e222794c77db257528d25e760f1dd1e02fc7a02aa8f2f05fa62afe09516860d86056e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f3546e78a2e10aa78bf51140e5a809c
SHA1 647f80d0d5f740c6f85b9877847d274eb0495295
SHA256 4db1458eec56fcc0e70f19d792c547341b12668fa63562d98682c7d7592a9d97
SHA512 2a10ecb9f0f8455028687796c41d05130f4f5de8e32b28de333d0fc853b341a465346bcf68155685e1c8df42e632c5181df024c891ca72dacdfb655eb61123ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68f77a348d67b9a0a4e2902cb234af53
SHA1 df3d0e582ee435abe517457a188de8c8bca03ddf
SHA256 1af02401882bd44c79b209be872e2bf168cb0005ce2c7d3402a9d4e487783bc7
SHA512 4a7b6485c213d0301d38004cf899b1d89253bec5fb77c7c9952b7e487eddfa06afefaa95e8fb669c3273a3d701d88ef2a01a211c99dbb98c1e2b421fdcc1e443

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7eefdfb90bf8f9005538ca6e4d135bf4
SHA1 6be746310f71e10d6a2f10d72b8cc7453f8b3a77
SHA256 d710b0a9ed0261d59d1fc78cc4fd39ceaf68c55a9eeb6474e81314115c080499
SHA512 45fc2bfbb529b8fe1c531568a765f2fcd13060d840c5aba07b005ead8e4766ed184666044f8c9895cd55fa52ec60903af55376c61477d7a79fc2849aa60b4e85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3a580493285de4567d8e36b4ebf309
SHA1 6d637fd8691237062e7f470f1d7f4bbefd6bb385
SHA256 96584c9bcf9c6782f5589664b6a580a4ce5d1769a35eeb12ce2344465c2a077d
SHA512 659d4cb9698c36c2eeed5a2825ee332c0c4e3c867f8127561f722a278b52b8020e21c3b35f72f7c3bd94912b35627845462c25a82597e5a4c1094027aa52f45c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 f996f00f9d2dcbe41f7b759f944d4099
SHA1 6bc8195959178c63e76507194cfe2ca7bcc2872e
SHA256 a26d2324481b0405cb53b7111be6ece15696254fb1e3539e42e4c4e31d490b1d
SHA512 b84a7926fb53fb0ca24acc8f7e302842ae03658020e6e91a7ad0890fcf5f44e0c3b7f4c513d441a056f7c0aa980536f02d551b97cd763b3a6ba42ee23956a70e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f67e0724c49e6a225cf53e8e6b95a0d
SHA1 9081121db365a4a6945392803a04baba9150a847
SHA256 baaa158bbf66ae4e07ce763eeebf80b8cf422ae4e6ec141ca1e143c1f009a300
SHA512 73a8f93c4bf04f25014e410edc6e3e0c31a53fa798c5f203e5e878a3b9276665ee48f7bdd8c930d917d2b8a607645e9de4a1d56429ab3feb6a015ed38b804a17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a5bcee371ff57c13aac3e4006f9aba0
SHA1 5afbb23f7824eed5b4c1d078cb012efe11e212bd
SHA256 59554b7c18233ab6deade9e86f2c0c0f3ce0bde1243f037033fe8fff652c4303
SHA512 fe95bfcf75633bd52e980ddf4ffe27d46881556d10f88ab8a9fcb5ad1fc01784817140504629f60c3a631a9031b2ac02340b4c5a839ce6018be6b18ea05b86da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b7521b0a2d97a8329b148a4d35b5f82
SHA1 6557ae8a9b23dd7bfccec5675dec25de6d57f061
SHA256 a8ec1ad2dfc48020616af45da701197a265659a2e8923fa7a7557f1d3e17d47d
SHA512 cc80f21bfc5fd2db4b5d19cc994c911cf45df592830ee0ee4f65a03266877277b0d9fb975d48e4491086b8cce94e97ad9ebba7dc7ce358ba9f9804598b4787be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fd591c06d7ced52c1ac41b8be906ab5
SHA1 3fc5b63a0b3619e0a8cd7fe5d046b2aa0f9b0f54
SHA256 705f49b4ae677400b3acf2547738811c97714442240b09b885e366328b8700e8
SHA512 f7d65eaad65161c7e10ee1426dfdc59d2d828cbdff161a3fd511474b7059c3f09159c7172786c76631b8e2ba01f0d97f486be2ad88e670126e2d8d226a2f4ef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8208b43b95c5623c22af8c619209ac31
SHA1 cd7ab5c91111b0ad78aac4757a4a2039de8299b8
SHA256 ea6cc8b1d1020d97e781b06909a15ecd4fe0fcfeb78550a1a130e44a1a9637a1
SHA512 561018a8e6b178f4ee1db58d7fb4125e5eace9164dcbc3572b7a58e49ef8e14560eec9dfe99a45614f31bd40392fa80a74a80ce1b85ceaffba0dc7276acc725c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 620901ef5de26cc03eb119e4508f424e
SHA1 19c506f0f048c9429f686c31cfacc82efc4ff940
SHA256 6a0ba0ca2ec26e2c459370384025eb75056ce8fcaf20a608ed4239cc278ac7b4
SHA512 f39d1d7316f6bd282748cf4dcdfd6a977609798ebdc5dbbe17ff6e33e73f668a6182fc6b6989a55f85c295591c8b77a8bd6972aa92a497530b759afb45c9d978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8146e1b12bdd15886728a954cf36464
SHA1 c230ceb5e15ed22be0eaeb671b1d7f7a8932076c
SHA256 9f79df9089a8187a0289e42ca415e1cf14df3207fbf9dfc889d729c0a5b9d8e4
SHA512 1225f7c44cc5147f07e2ba1c258b885b98c037daab89e88e9ed12a08992b68ba37151a4f6d0e22018f01920872d8ebfc3f2cd2005ae6f52261201ad78b18a6fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55fd3de817a6116bec8ec3d9e7baca30
SHA1 6d3949b9516c978edcf09f99ce6f82209000a887
SHA256 b2a37a62ee0dd5dd918e9880469c62a089b5abce8ee5e85d990285b4091190c4
SHA512 143a6111b5c91e78271d0b0837bd03da5f3e16beac147a8e1c6d99a25de4652fd4f9f1c1d4420a8689744eb496addd721d7a9ecadbc39874cc49d8af335752fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5f993559d7ef7e4ee94b14c6fcbcb88
SHA1 4886b0522c00df05dbd1c2abd6af53e66c9ddb86
SHA256 57b2f828c28a215ba2dc9735d261dd63b96aae640c486460940c779453daf1c4
SHA512 4e608482cc0e87410f4835050cf9b221c5081caf581dc19b2b06ea516b2405e38dbb4fe145b353d84b22c916fd279e08f9fa842162a15f42c9c632794fc8f5bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b2c692f5554c1dec84c1dc29f4c54c5
SHA1 01b80de962e056cddaa9d7ed45ee01dec80145fb
SHA256 ffe7e38bf4426d6a0d01d9ef0690b0ffb7168ac3b6cc4b7d2fd905c326b9bd7d
SHA512 260f5733de0ba69190ef3bbb26ceaa9b990a81efb1d16f2fee8f8e181636fddf539ac1c42e66d0e8eb65d3c5d750809bf5ba4d27eb9215bedf701196aad81489

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a7ff2d7574bd51ce25b3381626c70b1
SHA1 ab4fc8b77bfd70e2d61a4db28edfb11cd36a1677
SHA256 cc1af08df2bf02943fbb5f5d73c5936b603e88e0a61350d10368034747556693
SHA512 ff70868506a916540e985abff712ea8cb743b9dc86683a95324884c5ec5408c615fbfb1c3387a4c6924603380b5d0e8f4d3528eb2ef7e0f1293423e7f90bc918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c35f9cb4c19d36e04669836a89e5eaa
SHA1 e65ec95d5adb07294c475686551ee41d57d0d4fc
SHA256 505c9d76c232ceeec1bdd050759f6559ecb8f65b1d1c90822f70aec6057e7690
SHA512 a2f3d66fb8339bf23e7526b7847d7481538b702f131d745c44cebd95e883ad48ef637779a61e9c378aaf75f98c165cc1d8495d1e7ced32aca00aefa6621b1378

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8233708879a5132fd6b5d9f0e279ec7
SHA1 9fbec834d57eff7d4d7e54aabd6dcf7d7115a1e0
SHA256 21e7b1306389a8b22989859a85f2fc94f2846653c3202239bbec0022e7826f8e
SHA512 796053ea939adbff45413ddde5e463c1eba65c42b23d03fdaffa12bc4412db656c8ecbe196f5b0f679566059b47aa7d0b1fec5079fa5ba9bacffb8fea44589df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32cc460e12c33346f0a17456425cd8c0
SHA1 f42c2731754f21697ca52fcd6bc013d68478013e
SHA256 7de35ad7e3569325395deccaca7b6a11272b47ebf343e45b4596813667a9105e
SHA512 f4d748a548ce7055f706746e3a79ca6494627f72a0cfa7b350da11d8e7e897a337ea93508fafec3fb1600ae1ee33bb53e95d122799234f8991893c5f79b04e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf001ecd0773a6cb127c40cc45f6d829
SHA1 097458afc1d43b4515c0302e78bb7f02c78062ae
SHA256 d5bde7d6cb1ed11693b6e51d869a8eb6c6fc925e222ca1836b094377a1fabe14
SHA512 c61bf436abdcc6024bc05337e101b3cd0488f33428307a0fd421d780b4da8a13c1cf89ebba7a234293b6dc3033480d26125f00d173f1d92ef2876b876a7fade0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d524d3f330d9421947892293cb2ac6b1
SHA1 034274fcac51cc4fb986b3c25976bc3d13c3e149
SHA256 915506750c69d8917f487289ed4aa56297060f1d0e207497f3d3e593a2e517a5
SHA512 5f4c926ea96b5d54999f328bb356029032a91dcaa3315843d50896e1f7a9c696d48c22bead1c20d5076e0d3c63d99a9fbd87638f26069fce24a792d60d49d330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abfa0a808ad63c64d2ae16f53a5ab693
SHA1 75b9080f776f9485e40168cc76da9e33ff77bd4d
SHA256 28d4156c75018c3ca1cdb07b8c1679a0adeb9013a0e11c11a2229775db416acd
SHA512 6a544d59c52f576e7959c642c4e644a93e98bf3bf32e819ab6796dc68685b282acc236994b86382b6a21a8d20f51ddfddb199e0464d29cef29baf81983a89a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 39edfbcff54fc92cf876b2c665220f43
SHA1 2d243ac4abe2e6cff5efd16ddd60bb5f95042531
SHA256 58b042a46f5fe1d5130a0cda75f3865e20ecee46513086bdb5f7021033f2da2a
SHA512 52f743c0e7aba677e54fe360072e3cee78070d22961eaa00e0821be77f7558347e9e709a40fc6544985b1cd62383f0b1ed324476c84733cf28ee32bf936cd7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8e465629f92a179a1befb079b608765
SHA1 5611a51e2c87d51a15d321febfe36a68bdfe606e
SHA256 f0ec509ee06b6fb1d105ced3849c23e11c9a2d1e503d0ba46aed931456d92887
SHA512 5596b5ad16a460011c1dee0b4b83bfe73324acbc1da701c1b474de14c7e983034670d8e143ca73ffabd272a17283f56765a9491151b6105c8fbc1b006e83b9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f9f90d61796b4ad5eac0823e22af410
SHA1 eb6ea7c69e4b1a55e82700ebd305c9751036bb53
SHA256 387e1996f96f63709abf23fc07545df7666f0d38e2a92dc272326749a794f448
SHA512 fa1d361cf05f27e662430a8a392e2a0411ed0b0dd49635365ca5490c58240182dd97d7d5d31293a93533fb25eff2abfa1d6df56a51a50aab16b0b443856c4bb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 079941ca3305df3eca6ddcc6440d7076
SHA1 0db1c768578bab2e06fa2e88a9f7f7c13f66544a
SHA256 36fd8ee5778f56f9f36915966d9226b1158a6b49d11dcb444c460247d3477d30
SHA512 744eb44a0ee043bdecf8385b31e821fae6f9299a4c35c09e72bb5fefe495101037dae5b58a2513f757fc7a07eee514f29e6c87b323fa9b16359bcd2e42e12f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0800cc7706803709aecc5809d06a55be
SHA1 7f10d488cf08fdc47397999ad880c853638642b8
SHA256 06857c1ff74e9852c335d73f2ee5f1d64523539d3b046520d57fba19f2e1f840
SHA512 646f6171d4402dbfa3fac37bd377fbbd0a21d5ae0be7f67d904de09094b8ab0bee06f42bff21d1589df2f9b56be43de4d5ac63686d420465286ad9f526de76dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 937d6b282f51b4b408883c29fed013d6
SHA1 8f02ac5ab8576f20331ac9c6c2235e1c30d323de
SHA256 486a4367b3c76d382be9f75346d37c1d3bca6628c48d9bbd243260d45fab64ec
SHA512 0ac57b3c2c049230f371c66cef7739ed678b01b5f8a58571e226c43ebe290a448fcc4f47188cab59f069644a400a579a8a74a4eb1ca1207d2e45336e313410a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9de8f84cc285ebe5885a1f6a4f87cbd9
SHA1 cfc0fe22fd06556b541de5d157c6cd21ed7749df
SHA256 d6ff8ec8611a769ddf9f3b2ea139adc9d00e5c2290d07c985df8833058bc2093
SHA512 b73f7a0f5801545de7b68691b32b750b021d120fc35824ba6108600da2fcc3a6cf02d213db20b0b611ce9a2d93725d2c1d80638149afb4442a1f40a212869e30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3f5295ef999edd94253461e04f6b326
SHA1 a7c7db2425adc80eaf232256c1c4c6482ec307f2
SHA256 a39f50a88e9692c224a8ff380b4ee0f9c7fec93ac3fa701129ab7f904c879a7d
SHA512 87de5a9685b68883c89a8d146f224d769f5083427a1b69003dc349cddd0be6456d6e74f047221b13052ae7a6af8ed0138a5e23eea33cba299276bc63ac2965bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 752bff88d4a784518751b3fd865e80b0
SHA1 75d507ebc88d17afca933bf6879bf421b93660ff
SHA256 26f67713c2dedf566cd7a41fd7f1ee35fd39dcda685ab12c01fa074ca77a16e1
SHA512 341e3d97293c6ca69e8c458626c34f6edaff49c2387c79c9b6d96138e0d6a6dd77822fb73f1203117095158bdb41ad88ab58dced4c47e662900b1f1d3ce0dd6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85ed6de96a0fc44b46c7c1479d8e6bb8
SHA1 a2f8f6960b8863ae97fac5557e998d7edc4ec614
SHA256 b3c62d62dcc26ffaf4fb128517368c6c016f92fbb8f1b3134c9fd4bbba7b7606
SHA512 8b889f4cbea7be5da0dd9f3c49179b37a06a9ad5cfec20004b880d34ca5e92674b6b71b1142b6ffec57ab4e51912ededb85930c852e1bad43eda78df5f7e1315

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e51610d200b36c8071d84b243d45c23d
SHA1 9357e353eae721c32a5de712367b04c2263f4be7
SHA256 e144a566c03be7ee17f95a8fb0ccff7169dd4dbabfc7e783a2196b597736a1e6
SHA512 4091c71ffea3f769aa4458a3b66ca5204f6052fea4fb580f29d105e6338cccad5b51171ff4e37a0935b0c47505366abe2d9d9a7ea81649d8b74b012ac1c047d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 06:49

Reported

2024-06-09 06:52

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize " C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Web Companion = "C:\\Users\\Admin\\AppData\\Roaming\\Lavasoft\\Web Companion\\Application\\WebCompanion.exe --minimize " C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A extreme-ip-lookup.com N/A N/A
N/A extreme-ip-lookup.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_bg.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_sk.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_lt.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_zh-CN.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_mr.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine_64.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_sw.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File opened for modification C:\Program Files (x86)\GUM6538.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_mr.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ta.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ca.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_hr.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_da.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_is.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserCrashHandler.exe C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_es.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ml.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateHelper.msi C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdateWebPlugin.exe C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\acuapi_64.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ar.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdateHelper.msi C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6538.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623893959548493" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\NumMethods\ = "5" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E37D9308-A3C0-4EC3-87C5-222235C974E3} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\ = "ServiceModule" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\ = "IProgressWndEvents" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation\Enabled = "1" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc.1.0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ = "IApp2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods\ = "17" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}\ProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\ = "PSFactoryBuffer" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\NumMethods\ = "5" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine\CurVer C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\ = "goopdate CredentialDialog" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ = "IPackage" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.ProcessLauncher.1.0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.ProcessLauncher.1.0\ = "Google Update Process Launcher Class" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc\CurVer C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ = "IAppWeb" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods\ = "4" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods\ = "8" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\ProgID\ = "AVGUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\ = "PSFactoryBuffer" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ = "IAppVersionWeb" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40C1C1D3-AAEA-46EE-AA2B-79A2CC62F257} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ = "IGoogleUpdate" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffbf8c646f8,0x7ffbf8c64708,0x7ffbf8c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13145568603763291862,12728306280498943233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13145568603763291862,12728306280498943233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13145568603763291862,12728306280498943233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13145568603763291862,12728306280498943233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13145568603763291862,12728306280498943233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf822ab58,0x7ffbf822ab68,0x7ffbf822ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5068 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4100 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3080 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5140 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4280 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4108 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4340 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5620 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4616 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4472 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe

.\WebCompanion-Installer.exe --savename=Setup.exe --partner=IN240401 --nonadmin --direct --tych --campaign=18142067438 --version=12.901.4.1003

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2352 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=2340 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6296 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6616 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Windows\SysWOW64\netsh.exe

netsh http add urlacl url=http://+:9007/ user=Everyone

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --install --geo=

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

"C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe" --afterinstall

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://webcompanion.com/en/install.php?partner=IN240401&campaign=18142067438&

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf822ab58,0x7ffbf822ab68,0x7ffbf822ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6676 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=848 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6700 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6528 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3164 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5580 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x330 0x3d8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3056 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4916 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5728 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5200 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5416 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5168 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4436 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4440 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4388 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6652 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7152 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7196 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7204 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7332 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7496 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8052 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7592 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7020 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8188 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8504 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8660 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9136 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8640 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8744 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8164 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe

"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5500 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7280 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7232 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=7320 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9176 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8920 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9340 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9300 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9640 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9636 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9828 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9780 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe

"C:\Users\Admin\AppData\Local\Temp\aj3B5C.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5628 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7972 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=2328 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=5400 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8064 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=8872 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=10604 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=4580 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10488 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10312 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=5096 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8136 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=9148 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=10700 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=8684 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=10244 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=11020 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=10964 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=11208 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=10516 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=9504 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=9476 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=8504 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=9588 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=4156 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=5892 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=5188 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=5340 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=7184 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=8480 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=12072 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=12092 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=12108 --field-trial-handle=1976,i,1783535282999659586,1230346392874014524,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM6538.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0M3NkU1MjNELTVERkUtNDg4MS05M0IzLUExN0ZFREMzMjRCMn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins1MDVFNTU3RS00M0ZCLTRBMDQtQkZGRS0yMTAwOTRDRTMxREJ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDkiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwOSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntGN0U4NEFBNi1FOEIyLTRFRTMtOEY3RC0wMjA4QzNBODM1NjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIyOCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C76E523D-5DFE-4881-93B3-A17FEDC324B2}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
US 8.8.8.8:53 www.pornhub.com udp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.23:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
US 66.254.114.41:445 www.pornhub.com tcp
US 8.8.8.8:53 prvc.io udp
US 172.67.177.254:443 prvc.io tcp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 23.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 20.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 254.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
FR 216.58.213.78:443 clients2.google.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
JP 142.250.196.131:443 id.google.com tcp
JP 142.250.196.131:443 id.google.com tcp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.196.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.213.86:443 i.ytimg.com tcp
FR 172.217.20.174:443 www.youtube.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
FR 172.217.20.174:443 www.youtube.com udp
US 8.8.8.8:53 minecraftforfreex.com udp
US 172.67.160.215:443 minecraftforfreex.com tcp
US 172.67.160.215:443 minecraftforfreex.com tcp
US 172.67.160.215:443 minecraftforfreex.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 151.101.194.137:443 code.jquery.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 216.239.32.181:443 analytics.google.com tcp
US 8.8.8.8:53 215.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
FR 142.250.179.78:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
FR 142.250.179.98:443 partner.googleadservices.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 142.250.179.78:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com udp
FR 142.250.179.78:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 clients1.google.com udp
FR 142.250.179.78:443 www.adsensecustomsearchads.com udp
US 172.67.160.215:443 minecraftforfreex.com udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 free.webcompanion.com udp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 45.63.66.114:443 free.webcompanion.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 45.63.66.114:443 free.webcompanion.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 114.66.63.45.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 c.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
BE 74.125.71.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 webcompanion.com udp
US 104.19.208.152:443 webcompanion.com tcp
US 104.19.208.152:443 webcompanion.com tcp
US 8.8.8.8:53 152.208.19.104.in-addr.arpa udp
US 8.8.8.8:53 geo.lavasoft.com udp
US 104.16.149.130:80 geo.lavasoft.com tcp
US 8.8.8.8:53 featureflags.lavasoft.com udp
US 104.16.149.130:443 featureflags.lavasoft.com tcp
US 8.8.8.8:53 flwadw.com udp
US 104.18.27.149:443 flwadw.com tcp
US 8.8.8.8:53 130.149.16.104.in-addr.arpa udp
US 8.8.8.8:53 149.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 wcdownloadercdn.lavasoft.com udp
US 104.16.148.130:443 wcdownloadercdn.lavasoft.com tcp
US 8.8.8.8:53 130.148.16.104.in-addr.arpa udp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
US 104.16.149.130:80 wcdownloadercdn.lavasoft.com tcp
US 104.16.149.130:443 wcdownloadercdn.lavasoft.com tcp
US 8.8.8.8:53 188.98.55.23.in-addr.arpa udp
US 104.18.27.149:443 flwadw.com tcp
US 8.8.8.8:53 wc-partners.lavasoft.com udp
CA 64.18.87.82:80 wc-partners.lavasoft.com tcp
US 8.8.8.8:53 82.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 webcompanion.com udp
US 104.19.208.152:80 webcompanion.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.178.138:443 ajax.googleapis.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdn.inspectlet.com udp
US 104.22.56.245:443 cdn.inspectlet.com tcp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 245.56.22.104.in-addr.arpa udp
US 8.8.8.8:53 hn.inspectlet.com udp
US 104.16.149.130:443 wcdownloadercdn.lavasoft.com tcp
FR 142.250.179.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 104.18.27.149:443 flwadw.com tcp
US 8.8.8.8:53 staging-partner-info.lavasoft.net udp
US 8.8.8.8:53 sg-bitmask.adaware.com udp
US 104.16.212.94:443 sg-bitmask.adaware.com tcp
US 8.8.8.8:53 staging-bitmask.lavasoft.net udp
US 8.8.8.8:53 94.212.16.104.in-addr.arpa udp
JP 142.250.196.131:443 id.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 104.16.149.130:443 wcdownloadercdn.lavasoft.com tcp
US 8.8.8.8:53 google.com udp
FR 142.250.179.110:443 google.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
FR 172.217.18.195:443 beacons3.gvt2.com tcp
FR 172.217.18.195:443 beacons3.gvt2.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youporn.com udp
US 66.254.114.79:443 www.youporn.com tcp
US 66.254.114.79:443 www.youporn.com tcp
US 8.8.8.8:53 79.114.254.66.in-addr.arpa udp
GB 64.210.156.20:443 ei.phncdn.com tcp
GB 64.210.156.20:443 ei.phncdn.com tcp
US 8.8.8.8:53 ea.ypncdn.com udp
GB 64.210.156.20:443 ea.ypncdn.com tcp
GB 64.210.156.21:443 ea.ypncdn.com tcp
GB 64.210.156.21:443 ea.ypncdn.com tcp
GB 64.210.156.21:443 ea.ypncdn.com tcp
US 8.8.8.8:53 ht.youporn.com udp
US 8.8.8.8:53 fs.ypncdn.com udp
US 8.8.8.8:53 ei.ypncdn.com udp
US 216.18.168.30:443 ht.youporn.com tcp
US 8.8.8.8:53 cdn1d-static-shared.phncdn.com udp
GB 64.210.156.20:443 cdn1d-static-shared.phncdn.com tcp
US 8.8.8.8:53 85otw.voluumtrk3.com udp
GB 64.210.156.23:443 cdn1d-static-shared.phncdn.com tcp
US 8.8.8.8:53 ads.exoclick.com udp
US 8.8.8.8:53 ads2.contentabc.com udp
US 8.8.8.8:53 bi.phncdn.com udp
GB 64.210.156.20:443 bi.phncdn.com tcp
GB 64.210.156.20:443 bi.phncdn.com tcp
US 8.8.8.8:53 ei-ph.ypncdn.com udp
US 8.8.8.8:53 cdn.engine.phn.doublepimp.com udp
US 8.8.8.8:53 engine.phn.doublepimp.com udp
US 8.8.8.8:53 etahub.com udp
US 8.8.8.8:53 hw-cdn.contentabc.com udp
US 8.8.8.8:53 hw-cdn.trafficjunky.net udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 s1.static.cfgr1.com udp
GB 64.210.156.21:443 media.trafficjunky.net tcp
GB 64.210.156.20:443 media.trafficjunky.net tcp
US 8.8.8.8:53 static.exoclick.com udp
US 8.8.8.8:53 vz-cdn.contentabc.com udp
US 8.8.8.8:53 vz-cdn.trafficjunky.net udp
US 8.8.8.8:53 www.afgr1.com udp
BE 74.125.71.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 eg-cdn.trafficjunky.net udp
GB 64.210.156.20:443 ss.phncdn.com tcp
US 8.8.8.8:53 fi1-ph.ypncdn.com udp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
US 8.8.8.8:53 storage.googleapis.com udp
FR 216.58.215.59:443 storage.googleapis.com tcp
FR 216.58.215.59:443 storage.googleapis.com udp
US 8.8.8.8:53 21.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 30.168.18.216.in-addr.arpa udp
US 8.8.8.8:53 43.223.184.93.in-addr.arpa udp
US 8.8.8.8:53 59.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 ev-ph.ypncdn.com udp
GB 64.210.156.1:443 ev-ph.ypncdn.com tcp
US 8.8.8.8:53 1.156.210.64.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 fi1.ypncdn.com udp
US 8.8.8.8:53 m.m.oronova.co.uk udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
DE 217.20.112.104:443 m.m.oronova.co.uk tcp
DE 217.20.112.104:443 m.m.oronova.co.uk tcp
US 8.8.8.8:53 www.oronova.co.uk udp
CA 23.227.38.74:443 www.oronova.co.uk tcp
US 8.8.8.8:53 cdn.shopify.com udp
CA 23.227.60.200:443 cdn.shopify.com tcp
CA 23.227.60.200:443 cdn.shopify.com tcp
US 8.8.8.8:53 m.m.oronova.com udp
CA 23.227.38.74:443 www.oronova.co.uk udp
NL 85.17.54.67:443 m.m.oronova.com tcp
DE 217.20.112.104:443 m.m.oronova.co.uk tcp
US 8.8.8.8:53 shop.app udp
US 8.8.8.8:53 cdn.judge.me udp
CA 23.227.60.200:443 cdn.shopify.com udp
US 8.8.8.8:53 cdn.pagefly.io udp
CA 23.227.60.200:443 cdn.shopify.com udp
CA 185.146.173.20:443 shop.app tcp
NL 185.172.149.104:443 cdn.judge.me tcp
NL 185.172.149.104:443 cdn.judge.me tcp
US 8.8.8.8:53 104.112.20.217.in-addr.arpa udp
US 8.8.8.8:53 74.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 200.60.227.23.in-addr.arpa udp
US 8.8.8.8:53 67.54.17.85.in-addr.arpa udp
FR 52.222.169.94:443 cdn.pagefly.io tcp
US 8.8.8.8:53 monorail-edge.shopifysvc.com udp
US 8.8.8.8:53 cdn1.judge.me udp
US 8.8.8.8:53 cdn.logbase.io udp
US 8.8.8.8:53 static.klaviyo.com udp
US 8.8.8.8:53 s3.eu-west-1.amazonaws.com udp
US 151.101.2.133:443 static.klaviyo.com tcp
IE 52.92.33.224:443 s3.eu-west-1.amazonaws.com tcp
NL 185.172.149.104:443 cdn1.judge.me tcp
FR 52.84.174.14:443 cdn.logbase.io tcp
US 8.8.8.8:53 static-tracking.klaviyo.com udp
US 151.101.2.133:443 static-tracking.klaviyo.com tcp
US 151.101.2.133:443 static-tracking.klaviyo.com tcp
US 151.101.2.133:443 static-tracking.klaviyo.com tcp
US 8.8.8.8:53 production-klarna-il-shopify-osm.s3.eu-west-1.amazonaws.com udp
IE 52.218.41.176:443 production-klarna-il-shopify-osm.s3.eu-west-1.amazonaws.com tcp
IE 52.218.41.176:443 production-klarna-il-shopify-osm.s3.eu-west-1.amazonaws.com tcp
US 8.8.8.8:53 20.173.146.185.in-addr.arpa udp
US 8.8.8.8:53 104.149.172.185.in-addr.arpa udp
US 8.8.8.8:53 94.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 224.33.92.52.in-addr.arpa udp
US 8.8.8.8:53 14.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 omnisnippet1.com udp
US 104.18.39.180:443 omnisnippet1.com tcp
US 8.8.8.8:53 176.41.218.52.in-addr.arpa udp
US 8.8.8.8:53 180.39.18.104.in-addr.arpa udp
US 8.8.8.8:53 upsell-app.logbase.io udp
US 34.233.152.58:443 upsell-app.logbase.io tcp
US 8.8.8.8:53 js.klarna.com udp
FR 52.222.201.3:443 js.klarna.com tcp
US 8.8.8.8:53 wt.omnisendlink.com udp
US 104.18.32.125:443 wt.omnisendlink.com tcp
NL 85.17.54.67:443 m.m.oronova.com tcp
NL 185.172.149.104:443 cdn1.judge.me tcp
US 8.8.8.8:53 58.152.233.34.in-addr.arpa udp
US 8.8.8.8:53 3.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 125.32.18.104.in-addr.arpa udp
US 34.111.205.129:443 monorail-edge.shopifysvc.com tcp
FR 52.222.201.3:443 js.klarna.com udp
US 8.8.8.8:53 www.merchant-center-analytics.goog udp
FR 142.250.179.78:443 www.merchant-center-analytics.goog tcp
US 104.18.39.180:443 omnisnippet1.com udp
US 34.111.205.129:443 monorail-edge.shopifysvc.com udp
US 8.8.8.8:53 129.205.111.34.in-addr.arpa udp
US 8.8.8.8:53 forms.soundestlink.com udp
US 104.18.34.50:443 forms.soundestlink.com tcp
CA 23.227.38.74:443 www.oronova.co.uk udp
US 8.8.8.8:53 judgeme.imgix.net udp
US 8.8.8.8:53 50.34.18.104.in-addr.arpa udp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 151.101.2.208:443 judgeme.imgix.net tcp
US 8.8.8.8:53 extreme-ip-lookup.com udp
US 8.8.8.8:53 208.2.101.151.in-addr.arpa udp
NL 185.221.219.64:443 extreme-ip-lookup.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 64.219.221.185.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 api2.judge.me udp
US 3.220.31.23:443 api2.judge.me tcp
FR 142.250.179.78:443 www.merchant-center-analytics.goog udp
US 8.8.8.8:53 23.31.220.3.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 104.18.34.50:443 forms.soundestlink.com udp
GB 64.210.156.20:443 fi1.ypncdn.com tcp
GB 64.210.156.21:443 fi1.ypncdn.com tcp
GB 64.210.156.20:443 fi1.ypncdn.com tcp
GB 64.210.156.20:443 fi1.ypncdn.com tcp
GB 64.210.156.23:443 fi1.ypncdn.com tcp
GB 64.210.156.20:443 fi1.ypncdn.com tcp
US 8.8.8.8:53 ei-ph.ypncdn.com udp
US 8.8.8.8:53 static.exoclick.com udp
US 8.8.8.8:53 vz-cdn.trafficjunky.net udp
US 8.8.8.8:53 ht-cdn.trafficjunky.net udp
GB 64.210.156.21:443 ht-cdn.trafficjunky.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.75.227:443 ssl.gstatic.com tcp
FR 142.250.75.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 227.75.250.142.in-addr.arpa udp
FR 172.217.20.174:443 cse.google.com udp
US 8.8.8.8:53 undertale.en.softonic.com udp
US 151.101.1.91:443 undertale.en.softonic.com tcp
US 151.101.1.91:443 undertale.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 softonic.com udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 3.165.113.27:443 sdk.privacy-center.org tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
FR 142.250.179.78:443 www.merchant-center-analytics.goog udp
FR 142.250.201.162:443 securepubads.g.doubleclick.net udp
US 3.165.113.27:443 sdk.privacy-center.org udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 btloader.com udp
US 3.165.111.23:443 www.datadoghq-browser-agent.com tcp
US 172.67.41.60:443 btloader.com tcp
FR 142.250.179.98:443 partner.googleadservices.com udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 27.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 23.111.165.3.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
FR 52.84.174.75:443 config.aps.amazon-adsystem.com tcp
FR 216.58.215.59:443 storage.googleapis.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 adservice.googlesyndication.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 75.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 134.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.183.163:443 csi.gstatic.com tcp
IN 142.250.183.163:443 csi.gstatic.com tcp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id5-sync.com udp
FR 13.32.145.94:443 api.privacy-center.org tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 18.245.199.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 brightcombid.marphezis.com udp
IE 52.212.11.218:443 id.crwdcntrl.net tcp
IE 46.137.115.113:443 ap.lijit.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 34.120.63.153:443 prebid.media.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 52.48.59.220:443 ad.360yield.com tcp
NL 185.89.210.141:443 ib.adnxs.com tcp
US 8.8.8.8:53 wct.softonic.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 104.26.2.63:443 wct.softonic.com tcp
FR 13.32.145.94:443 api.privacy-center.org udp
NL 178.250.1.3:443 static.criteo.net tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 c47b7248ccc6619bc9439f3f1226864e.safeframe.googlesyndication.com udp
FR 216.58.214.161:443 c47b7248ccc6619bc9439f3f1226864e.safeframe.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ampcid.google.com udp
FR 216.58.214.174:443 ampcid.google.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 216.239.32.181:443 analytics.google.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.26.2.63:443 wct.softonic.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 34.241.159.161:443 ice.360yield.com tcp
US 8.8.8.8:53 dis.eu.criteo.com udp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 163.183.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 218.11.212.52.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 113.115.137.46.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 220.59.48.52.in-addr.arpa udp
US 8.8.8.8:53 63.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 161.159.241.34.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
IE 34.248.224.200:443 rtb.gumgum.com tcp
FR 142.250.201.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ce.lijit.com udp
IE 54.77.199.36:443 ce.lijit.com tcp
IN 142.250.183.163:443 csi.gstatic.com udp
US 8.8.8.8:53 inmobi-match.dotomi.com udp
NL 64.158.223.140:443 inmobi-match.dotomi.com tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.223.82:443 csync.loopme.me tcp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 200.224.248.34.in-addr.arpa udp
US 8.8.8.8:53 36.199.77.54.in-addr.arpa udp
US 8.8.8.8:53 140.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 82.223.214.35.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 2.16.232.228:443 ads.pubmatic.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
BE 23.55.96.24:443 contextual.media.net tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
IE 34.255.106.93:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.240.216.83:443 match.prod.bidr.io tcp
US 54.198.181.57:443 sync.srv.stackadapt.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 player.aniview.com udp
FR 99.86.91.26:443 api-2-0.spot.im tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ads.avads.net udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 medianet-match.dotomi.com udp
NL 64.158.223.137:443 medianet-match.dotomi.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 us-u.openx.net udp
GB 104.120.140.21:443 hbx.media.net tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 c21lg-d.media.net udp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 52.73.206.35:443 cs-server-s2s.yellowblue.io tcp
GB 23.73.139.80:443 player.aniview.com tcp
NL 89.149.192.75:443 ssbsync.smartadserver.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 228.232.16.2.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 24.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 249.8.201.138.in-addr.arpa udp
US 8.8.8.8:53 93.106.255.34.in-addr.arpa udp
US 34.128.133.112:443 ads.avads.net tcp
US 35.244.159.8:443 us-u.openx.net tcp
GB 104.120.140.21:443 c21lg-d.media.net tcp
US 192.132.33.67:443 bttrack.com tcp
IE 54.246.18.125:443 pr-bh.ybp.yahoo.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 34.128.133.112:443 ads.avads.net tcp
US 52.73.206.35:443 cs-server-s2s.yellowblue.io tcp
FR 142.250.179.98:443 cm.g.doubleclick.net tcp
GB 104.120.140.21:443 c21lg-d.media.net tcp
GB 104.120.140.21:443 c21lg-d.media.net tcp
IE 34.240.216.83:443 match.prod.bidr.io tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cdn-download.avgbrowser.com udp
GB 23.73.139.73:443 cdn-download.avgbrowser.com tcp
GB 23.73.139.73:443 cdn-download.avgbrowser.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
BE 23.55.96.24:443 contextual.media.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 26.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 83.216.240.34.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 21.140.120.104.in-addr.arpa udp
US 8.8.8.8:53 57.181.198.54.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 75.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 80.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 112.133.128.34.in-addr.arpa udp
US 8.8.8.8:53 125.18.246.54.in-addr.arpa udp
US 8.8.8.8:53 35.206.73.52.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 169.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
FR 142.250.179.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
DE 52.29.179.14:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 spl.zeotap.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 casale-match.dotomi.com udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 8.8.8.8:53 c1.adform.net udp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 89.207.16.201:443 casale-match.dotomi.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
DK 37.157.4.28:443 c1.adform.net tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
DE 52.29.179.14:443 rtb.mfadsrvr.com tcp
DE 52.29.179.14:443 rtb.mfadsrvr.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 63.215.202.140:443 pubmatic-match.dotomi.com tcp
US 8.8.8.8:53 dsum.casalemedia.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 14.179.29.52.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 73.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 28.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 21.17.166.188.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
FR 141.94.171.213:443 pixel.onaudience.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 8.8.8.8:53 185.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 213.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
FR 216.58.213.78:443 clients1.google.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 142.250.179.110:443 google.com udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.86.8:443 stats.securebrowser.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 8.86.20.104.in-addr.arpa udp
US 199.232.209.91:443 softonic.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 f7af43eb612d05577394244a2c80708f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 34.202.202.73:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
IE 34.240.216.83:443 match.prod.bidr.io tcp
US 54.198.181.57:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 pm.w55c.net udp
US 35.244.159.8:443 us-u.openx.net udp
US 54.198.181.57:443 sync.srv.stackadapt.com tcp
IE 34.250.160.0:443 pm.w55c.net tcp
IE 34.240.216.83:443 match.prod.bidr.io tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 52.73.28.214:443 sync.ipredictive.com tcp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 169.197.150.7:443 match.deepintent.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 8.8.8.8:53 sync.serverbid.com udp
FR 13.249.9.226:443 sync.serverbid.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 73.202.202.34.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 0.160.250.34.in-addr.arpa udp
US 8.8.8.8:53 214.28.73.52.in-addr.arpa udp
US 8.8.8.8:53 226.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 7.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 50.31.142.255:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 8.8.8.8:53 tg.socdm.com udp
JP 124.146.153.170:443 tg.socdm.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 255.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
JP 124.146.153.170:443 tg.socdm.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
IE 34.247.233.198:443 usersync.gumgum.com tcp
NL 35.214.223.82:443 csync.loopme.me tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 core.iprom.net udp
SI 195.5.165.20:443 core.iprom.net tcp
IE 54.217.19.5:443 cm.adgrx.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 green.erne.co udp
FR 141.94.161.190:443 green.erne.co tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 104.18.24.173:443 s.tribalfusion.com udp
FR 146.59.148.16:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 matching.truffle.bid udp
DE 23.88.86.2:443 matching.truffle.bid tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 170.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 5.19.217.54.in-addr.arpa udp
US 8.8.8.8:53 190.161.94.141.in-addr.arpa udp
US 8.8.8.8:53 16.148.59.146.in-addr.arpa udp
DE 23.88.86.2:443 matching.truffle.bid tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 35.214.223.82:443 csync.loopme.me tcp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 18.164.52.25:443 s.ad.smaato.net tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
NL 35.214.174.141:443 a.sportradarserving.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
US 8.8.8.8:53 rtd-tm.everesttech.net udp
US 8.8.8.8:53 ads.betweendigital.com udp
NL 188.42.34.65:443 ads.betweendigital.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
IE 54.170.43.5:443 ads.yieldmo.com tcp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 25.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 141.174.214.35.in-addr.arpa udp
US 8.8.8.8:53 65.34.42.188.in-addr.arpa udp
US 8.8.8.8:53 5.43.170.54.in-addr.arpa udp
US 8.8.8.8:53 e2c17.gcp.gvt2.com udp
NL 34.90.241.47:443 e2c17.gcp.gvt2.com tcp
US 8.8.8.8:53 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 145.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 47.241.90.34.in-addr.arpa udp
US 8.8.8.8:53 browser-update.avg.com udp
GB 23.73.139.80:80 browser-update.avg.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 articles-images.sftcdn.net udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 178.61.62.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4816_WGWCPYEXOQGJANWE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ad7e9cccd78f0ebbfaba06461f3703a
SHA1 9c9ab06795607a69bd62d22561bc6e25d481fdae
SHA256 6834add84369e01dfcbb908e8edf399433d21b81a3c23595aea9f619ef7de04c
SHA512 cf382c4e0d6a40e0f7d058694989167ad0120295d4d5828e9e26b9979359d6e7df3df71ba2858ceffc98ae985273a9632f91de2dbf7cac9d88107629d407b527

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4546890809ebedc363a206662dd4c88
SHA1 d38aa09bcf55f7b9080f459d361f67ba3af5c177
SHA256 f247e403a77e536822df97c143b46b865ad2078d940bc0c9348c6bde314b4a6f
SHA512 3e422e7d21d13aa4fd53572303bc1873d4fae97d6a998da13a88ffdc65a4b6e7b8285295c0c1006d70ff1a060949720fb9be6aae64d896edca38934fab7281b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f3106aa0025225b57168090149edbf3a
SHA1 c30d9d8f10a58c4c5e489ce20643692e1bfc7bdc
SHA256 58e52df780f26d6539aaaa96e94503030db31706a59d59ac54e62cfdb9532485
SHA512 467e7d2ab41d59f88d42a8e3332c52f2a4fa43ec1cd7fd19a2637db0e9720cecf72db06b98e774ed4adaf9e2a19b88ee78f23ffa0100f7910f3cf50d6a79c0bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d034372b1978aa7bc601763c9b5eac61
SHA1 e4de09156b3ba43dce3874acd4b22eab7872c99e
SHA256 2afa33c94ac58dbf5b524a734e0cae727dfe7cd6902b24a57fde76eb20b609c2
SHA512 3de9d78f6f667fb5d3ee6429c80f7ee2942380a344df88fee19453654af678a3d5ab172e1522eede323239b18d6d6407ceb3729f5a5d885cc52db2be7704a4c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0e5bf5f8d59579dcb5ce341db52b7ac2
SHA1 c64c99c2080edfb54c4cd9581684d522e49aa7ac
SHA256 25c7240fbc44e3617c2feaeb29ab8aff2a29963dffec3c95a42c8213c2c836ef
SHA512 30e761a4090bce31a7c37401445038430fa410619a938b61dcc4e240eb075d51def68fbc2e6f9e73500ebbba0a98490f0b5a6c4bb99aca0d5601deef36d31ecc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 028314890d945b159594edd7f8819d5b
SHA1 ac631876809365a1e4ac161f3f6be1d9edb5ad55
SHA256 79263a388d864d461b0e041550da6333b4fb4698f9bbb504f4dee5342a1accbc
SHA512 8df0e1b7dc5785f6f8fccaa8a9c73027cdd7670df7bfd4602669424f48f409767a69cf9effef7d0a75ca42e72c413a64c25015058f965b7e0a30ba86165cea19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8e77c6e874fcded06554d8965988c69d
SHA1 fd9fc551d3cbd3b485f3dfabb5277bb35bb5c46a
SHA256 989c3449934c28c8e4ca583de4672771f41d5efd7f443b47cdf0fee78280b84c
SHA512 9b964b2d2dc1ecae7041601c3eb2cc4c1248469cad5781d731e4ca0eaecd2c9e9fd7905cd7ca39def7b0657673737530226c8420a90223469f066647817d7610

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579328.TMP

MD5 c9a4dd24ea23f6c4f70b8cd330ffcfad
SHA1 81b6bbff7b9655ed97baa5bcd758b990b1e242a3
SHA256 5fa7b553b1ef1da37df9574fe376a68d7d355b096359628b693c0afd3b331a41
SHA512 9785f1dec850bb3691b7477642e5a11e89b6f5e50911b1f3d01b6bd8b8746133c540b3ff67043070906fddd972ac5fe495d0949e883716ac68b611c33741cc1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a7243798963ec7f8e2148101209d7eb9
SHA1 9692fac7c3fe768524a89e43b10307cfd16e1715
SHA256 7079d14e5a97a69e35f6796045d0a90304f5add8599d2bfd1a8786231ba7e0b8
SHA512 a8f0cac6ad2366c5c33a1e685a5b5fab4c2e768605b0330e7a9bca5e3656327cbfbb614ed61d62e2d3f8771f8aba82725abae0107aa77b6ea33e68a8b78f254c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 290068d46d2e7f5022d9d986ac0d6df3
SHA1 c1fcc295254e0235f692426cd1870c99f7909142
SHA256 4a13208e91069755c4ed786217f971c0ce9ea542cc23e8315a8e7eb4e2fb8b0a
SHA512 7bb7945200f42de2f139185cb4a9efda2db3fca5e66f6b5e218e588311b8c793b19d03a3aabd5949debfa6fcfb06c9ac5f113a593359632cb4e3e32d4623ffaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca5725e41a45ced3c33ca47191de5748
SHA1 e47e3a81f3a8884db75ec7339b578dadb682c601
SHA256 a0c6dbb19b46ff73a50b641fb8c72623cffa40da0fa3cc12d6e6cb2f26a0cc29
SHA512 b6f867ab46a45eb21b535a637433bc07912f027cfd04e05805f0de7d8916e024035f427675b005d7fe6a04981503aec19d4ab31be98604b0b025d316cc6b70ed

C:\Users\Admin\Downloads\Unconfirmed 831677.crdownload

MD5 2a96b4260705aa2c2316846a6d1e3aa3
SHA1 48166dd9bb44dbe24f43e252893e8ed90e90a7fd
SHA256 1593b737347941ab793cb2debd48fe4636bad48a3a1e4e9251b35ee8c33992f3
SHA512 c3a785f26889f121429dc6c2dcf28f5a806347e1fac4a79fcd72d63db7882948e40a4ac0a419608b78bf7eaf086d29ac64fd164262c47a25d1c40eab9b0f12e6

C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe

MD5 f6271b5d4729c2fd7dd9950f41d57c8b
SHA1 b201f20d58d3d0de4edbc513b25c4af8d3790d13
SHA256 04e8c3de51503351b4d52fa9b010aebb41d3cca46387046e8e689fbaa7063c16
SHA512 8e4ff8ec79b154211d2b6ded28025b92c4f09e36ee160be689af986ae2aeb0f444d834b04f2c6887e757f618f1d7dfe049f8d8e6a6c460c99f79a80a1580db9b

C:\Users\Admin\AppData\Local\Temp\7zS82518897\WebCompanion-Installer.exe.config

MD5 be34b448b611dc35dd383ed545e8fa96
SHA1 6c9dcd8d936f0e39648f8fa80e7f07d9ce6f550e
SHA256 deeba89fab938088e2e65942e93210e6e368eef6bc1ca8e8724ed43154701851
SHA512 796bc2ee8672b64d9f5859f0b091e76de9523beb91a7c8a1aaf59be30902bb73f5d197f271d9d50ba6139b109b00f121efa11929f322af71fe9d32c683ad8c44

memory/5436-551-0x000000007480E000-0x000000007480F000-memory.dmp

memory/5436-553-0x0000000000C90000-0x0000000000CFE000-memory.dmp

memory/5436-554-0x0000000005C30000-0x0000000006248000-memory.dmp

memory/5436-555-0x00000000056A0000-0x00000000056F0000-memory.dmp

memory/5436-557-0x0000000005710000-0x000000000574C000-memory.dmp

memory/5436-556-0x00000000056F0000-0x0000000005702000-memory.dmp

memory/5436-558-0x0000000005750000-0x000000000579C000-memory.dmp

memory/5436-559-0x0000000005990000-0x0000000005A9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82518897\Newtonsoft.Json.dll

MD5 746c1f0ea5a5c0a67fe96dba4e32ac76
SHA1 cb31834984b5c7509499f0a9a5febe2e3575de78
SHA256 9ee20b0b7e54e633eff1a25b6e379201d499552689ad29eebd5ad90f221b1386
SHA512 b07f6032d609291f3f3d6e75abc055cbc0751c2cde4cfb4eb5ab93611ad8391e877dad92009dec70c0c2a7fb96b20cb4392a1a51634006466bca06fec36ce358

memory/5436-564-0x0000000006940000-0x00000000069AE000-memory.dmp

memory/5436-565-0x0000000006EC0000-0x0000000006EE0000-memory.dmp

memory/5436-566-0x0000000006EE0000-0x0000000007234000-memory.dmp

memory/5436-567-0x0000000007470000-0x00000000074D6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ba01cf4f039d593b74553fb3ba51e50
SHA1 32789d78deb3f761463a44a4fdd29b0f5021c765
SHA256 b6385badf62884c9068167b62c0a87a7a1e8307cffb59d5d8045641873764b9d
SHA512 e75a635a75c666ea26ef58fce20fdfd04944490f263a1e35491561973d6c9fe476f19b58a9b0008108e482d1de2036a8751de610ec189269f08883434a129c9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe904697e23cf1c9032bcca22d9fa7c0
SHA1 2e88fb2d579e150b5d89c4e0f8112ee6efaeeafc
SHA256 2195af421458990596980dc718ccbba907a013720259cbd9e5998e4350ce0a23
SHA512 33d1de008a1d12d5e61c29c2bcdedaebd9e5e2222e3c60c9e1c585b73ac45999e97d2141bbc177c18e3735671c453d630aef3226b1f6a2e18d20edd9782f94f5

C:\Users\Admin\AppData\Local\Temp\7zS82518897\en-US\WebCompanion-Installer.resources.dll

MD5 e4266f63970e9bb702fded23abb07ad7
SHA1 fb53dbbc93788d7ac3672520706195ab3eb75fd0
SHA256 83cf07757ca5e7c3dd2a8cabc44ba246b6b6f24c3d7042ceb3fc91ddfa8c4160
SHA512 4632e8af8c60b242d7213ec4eebfff358c59e0408e2f6d1821bd87553877e0ff4c9e874992242b303d26a2c53ac53e628674ce2ddb0dc0102e581c05f25c5f54

memory/5436-589-0x0000000005C00000-0x0000000005C08000-memory.dmp

memory/5436-590-0x0000000007970000-0x0000000007A02000-memory.dmp

memory/5436-591-0x0000000007F50000-0x0000000007F58000-memory.dmp

memory/5436-592-0x0000000007F60000-0x0000000007F68000-memory.dmp

memory/5436-594-0x0000000009D80000-0x0000000009D8E000-memory.dmp

memory/5436-593-0x0000000009DB0000-0x0000000009DE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS82518897\ICSharpCode.SharpZipLib.dll

MD5 b0040d764201abd71c26560e798bfa7f
SHA1 a3f32be47621d353d67c6a72b7059b553801a9b8
SHA256 13c3e0fec7ff29eb8ab28b321102c2d27afcbb410884cd693cfd3d211bbef1d5
SHA512 104f157b822901375cacbb22121c1c866254eca5979422741768aed5536b0d51f5efce24b6106927cb16843276fc8e4b8f70ba20f5ac3c48a75460b2ab14e478

memory/5436-601-0x000000000D1D0000-0x000000000D204000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f1e2.TMP

MD5 cc50b60ed8779d75c10faba547bbd11e
SHA1 608298824ed2d2424f42d12bf47c11721a0f234b
SHA256 a50916cb07776c544a1ba2cae91048c8ef0a82c1e8cc09eab4a9703059d2eac7
SHA512 13b84395efed09df6e34153a7463d2e757e04073abdd9b328060fd41d6855aab2cf00be6adc49ff5cf997a4eaee74c05b3fee0e7bf3c67c3e43f08f8c1fbc4f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 aa2059163a0055be7a0f736b74417a3f
SHA1 d8471655ce5162b6e387fe0533ddcbe38e59a9f8
SHA256 636a6dc16a949ab78ce1eaa12c14ec195ee7faa4bb01aa085d234548602372c0
SHA512 f476fbed786f6db8e1763848793e7733a7ab073a3dc2e42f8022259238ad49fd8dc49d844673025538296457f777eb4dd4ca93e20657c9260e45e4caa5866d42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3038f75e4d297789d94ab5d9adcef5d
SHA1 8f2936895a62ae51ed0bdfff0005ff04b59b5d03
SHA256 8d5d8759c8e884d66d13347cc3a80be9af8d468b49a0bc27aa92f2790d53c578
SHA512 43b2594f5ee50114660c0e7186bb6a2d8ebb5a9c9cd2ffa0a4fd330b837fcc8d8953e35ae3aaa148234e76ce511ae4f3a571a273d2a0e264811ed8bafa4e1fa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af6c6fcadaf6afe4800f57ee56992ff0
SHA1 b49c5a5b77692877574cb1f6916cb01ccb30339f
SHA256 cb61386b70c3244358315843784cf070c7da74d07c47e31e9419781149be346e
SHA512 a22ac30bfaf91f8f139f502c77e9582c51f1e72d1c0a7f223144af107683cff1b0bce81329f3bf57e5d88844496d65dd12032618a123d64e925960d572f4da4f

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe

MD5 a89871f4fb8517d47eaf356fcba5f9c2
SHA1 4a19ea78e1ea859447c584a4eee2fd62a1c3903f
SHA256 afc118ca9b161f9b2439a63c84a1a172d6e854540aa8a24538ac73e83a09273b
SHA512 3574660b1156f1501d42a1406093c416237457f8331fac32419e26a8cdb6a8e582a17c0be1c960bc86206b7a12d0324b588e51ebc9a87933233507ecaec8991f

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe.config

MD5 cd4e494e258c7eb0585fe76ebe9e6233
SHA1 e93eb57e6c38e496fda92dbcb31021b34ae47cfe
SHA256 bf61730717f05b95c4f43d425b6d7d15deac39d53e28eb302e5723c7a9b7b0b2
SHA512 413b3727a71126e3f35551232607d95f8bd79342526c0144cbca929e6dd3e65aab56b2d1f37baafad53ea23dca4c55bdd363cd45d0c54792c3118726ea45c07c

memory/3052-719-0x00000000003F0000-0x0000000000738000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\log4net.dll

MD5 2354866890cf03971a066b1b0a6e2376
SHA1 a446317cfed4875d5f6b82b507bb9097029277a6
SHA256 83f5dfb7e27c8316ae780d39eaefe6583dfd119a4e9e556a6552df799f300e0d
SHA512 c681e0a545812198f7a89eba33bde9fb0637a3b94b50a63980767f40279618433ed71082c7575c84d5ab1ca2f664bba573c8f3d7fe0a39e8d3229fb85158372a

memory/3052-723-0x0000000004F40000-0x0000000004F90000-memory.dmp

memory/3052-727-0x0000000005330000-0x0000000005350000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll

MD5 e9e26816ee6dfa0d4c30357008311c01
SHA1 d4d2f690a08f1ab85b9b02d267b8e138278f2329
SHA256 91ca690f23473476ac201cada9527f71dae1b15f6c272398253f3f0425b34825
SHA512 efe8d18d57b1e95c117789181f51d652eda53849872cbb5331cf5fd73955b04a08e360707d105b7901d72aeb86496baf2644111da289306c2022a7c9f5ee7440

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

MD5 522a44cd2e255dff02c5e5c67a61b85a
SHA1 c8a9ec53407f729c81126dbb9db81af235b43b58
SHA256 4649fb49605bac2da3925ba3255bbd4017f5a9115206d67de6d51d5a1035b2c3
SHA512 3ea6b1bbd0cb4b78674b58d3ad77cb5d93a6f27be5dd5a4a83feddeacd55d1b8f17a12ee7664d866e32a929debef7183e3991c53a9ad8e056721e7b70d92d252

memory/3052-731-0x00000000054C0000-0x00000000054DE000-memory.dmp

memory/3052-733-0x0000000005510000-0x0000000005536000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Application\Lavasoft.Events.dll

MD5 b4e90ff038a9640cde9c1eb897cd2878
SHA1 fb26404d6d6630f983d8d95eecb00cd28f1809dc
SHA256 1884da1809e9d5b24f777524e8a9df261d3e39cdbb25846d5b594feb123abbec
SHA512 8fb8b6f4af754c5d2333cb622a953fcc3ed2fc13b604f5f17a94271b82151466f3aac50bc52116e5cdf7269854e4e3ce323cdeeb504551439cadb5b41f4c403c

memory/3052-736-0x0000000005580000-0x0000000005588000-memory.dmp

memory/3052-737-0x00000000055E0000-0x0000000005628000-memory.dmp

memory/3052-738-0x0000000005A40000-0x0000000005A7C000-memory.dmp

memory/3052-739-0x0000000005A00000-0x0000000005A21000-memory.dmp

memory/3052-743-0x0000000005B10000-0x0000000005B32000-memory.dmp

memory/3052-748-0x0000000005BA0000-0x0000000005BC8000-memory.dmp

memory/3052-749-0x0000000005C40000-0x0000000005CAE000-memory.dmp

memory/3052-750-0x0000000005CD0000-0x0000000005CE2000-memory.dmp

memory/3052-751-0x000000006B050000-0x000000006B062000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log

MD5 ee2cd7b177b22a6570c2e1515bd9ba10
SHA1 83df846347c4866e4969567e68f6f976f3afe2e2
SHA256 b5896c9950d32e40087224d361cee9bb96290b6579b735752c802804b4a1dfba
SHA512 58a24f6559df887a40f4c0361957e25f7b82a6c14b484f8d2cc2b68bb9e90987dc1f860211207454a78ab9f65b438aa1fef73d88e4fd074569163bf06b1634a9

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\CData.txt

MD5 3b6635c23ed1d500dd929e043b13b4f7
SHA1 a9ff1f6b7bd6677d536b6fcc20e864d2840074c1
SHA256 53cb28f2b0d8860366ca92481c848b0a25e27b5f5118363fbed69661763318d4
SHA512 6d8900695dc941f12ca74ee4785efd4f1fc6bcf70cf792cd8256d7781d1f4d144dff3826c9d3ca63d57fc1414924f788aeaf199bdccfecd5d40386bc2b1eb1ae

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FData.txt

MD5 73a7727bdf72be84806a3a5e423cd0d7
SHA1 2b754059bc23b21f336ab82fa7ceca1133ec3b0f
SHA256 198c6f1e12e9275bdb84db4d022453781900217597f2c29b2c22a3eeaa7659d0
SHA512 0de75ec2989f32cf3ba04587a6aca55230e1907aebd83a013a0d5c8e67975477de3371d2fc95c55be6e7358944de473ddec5d98ac94f325891f3f6d29dff1ec8

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\EData.txt

MD5 2618e33ab1242d879f14ba6544f0488c
SHA1 8275e14edd7623e3b4d51058caa4a4bad5be56b0
SHA256 1759b433ed6152b36f36a6939e6a419bbb91ff46dd7d15e57dd67dab6d10fcde
SHA512 fb063b60e9e7ca8550f4350796352788991b669bd988b4694538b3a1ed2c08b11797187e04d2bc74ad7da0916d7f99ed471e6582edde16255de511f11966630e

memory/3052-868-0x0000000007580000-0x00000000075F8000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

MD5 88bac5db79ab9307b4aeca937b6e4936
SHA1 efe6b00df096ee515f1df0689198dfda8a7a7635
SHA256 ed4bb00ba1024503cba62bc4bfedf3df1ceba8c29104c6bb91772e7871771908
SHA512 811ef8a62c9ba3be0e84cd9d66aba8651f709605571e7efd092d5f4fbbe77cd1540813b1f81d28bb85291c30f0e1ef81a16bc171cfd4368ea70249fd11d13a8a

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\vyxiyfwl.newcfg

MD5 ea94cb9595adb65764e4d641c444ff97
SHA1 e603f3af615bb74fdfb59f63abf4023fb9eeecb8
SHA256 9b03a1514068d541d07a107abb7c0d7ce347a32e9ced04eadce146a2db540907
SHA512 3a82173e5a53baea82ca77f35194462bf1ae6afbb3f7dac0b686c378468576c762aa0131f44e1278a55fa18a852d6e552c308632aa4ee960a7b5f8c62fa7417b

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

MD5 77261c00dad3aac89b5ded6f63084065
SHA1 0ca08b17fa1075d164b2b3ea34f495d211d609a5
SHA256 4cffd9c87fb2590a706de816f0d1e50e36bc542340ac18a827d770154982c1fc
SHA512 07db4760560a1ff3839f2f37c9928e592be3533cd61f64a3af8cd9076c43ae753486fe92208176fe0d6562df0f6de12e92d25a81c8dd68f83d4a24431ead6ace

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\nkyqlxu1.newcfg

MD5 911eecff48f496119302a40bbd4a24b7
SHA1 1d0c0c1fab96676e6f6d642350a7f8229cccfd21
SHA256 e1860fb491a053511dcb794e6dbacdbbe4fafaf5b72fac016fe7ff8a3cda0fab
SHA512 84315c669ed55915c58b5c9e88a5f8ab880101d899326bb5dc7f569b67f605e2822c93d650d0b5a3eda95902c1335b912b53829fd0b5d93f8753dd53e4583b0d

memory/3052-922-0x0000000007FB0000-0x0000000007FE4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

MD5 dc1cee56fe63eccc5c3e986a8b3fa544
SHA1 7057b8d503f8d359e1f11c954f421d5a64552faa
SHA256 d6b027aea1def822667f82f2c2275676657fe5e9fe4e90bd0303d62e8e69d76b
SHA512 b9cf60973c9e5c5720a69a1c90588d30adb1b6abfcbb2ff944d249c1ebd6d8005f038280ab2685dec7e8a7d6441e0710a9e912549006d6484b7ea969a4b1bd48

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\mrgsmxjs.newcfg

MD5 c471093b49ca1d7770d7e39a57743626
SHA1 905d25e85acb63fc6088390ff0e30a993bfcf777
SHA256 398633b8f978f449fdb4107aa450cae694a02e334d61e90bd0116610539f3435
SHA512 ee41bb38cb0a38801a622d263ccbcdefc48392c8fd290231b858ae348cc776105eed58ca8df2f45aa3a7d26e335321f658ab0f1e2247f01d14ac0cb6025ff7b2

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

MD5 b4ecccf8f6cb66ed6c222e0d32f34065
SHA1 5166bb516a533296b2f6914290c01359912ceb86
SHA256 1631ff1bc4b474303be696ef05dc79aa8a58014383019c4d84366c6c25e349fd
SHA512 fee6e5b6d9a90cfde669843ef7bc408e054b955691535df9735bae5a225c36bec342d4dead83d6a82ea724f6c47b0cccc5d62d007870b48c0577fd768f067e3a

memory/3052-958-0x0000000007760000-0x000000000776C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt

MD5 f870df721c17b87f2f657b2d785ee41c
SHA1 172bb36a887ef6e082379e608ff3cb5a4ad96067
SHA256 2ba88e860952594366808423c7031478d0c4f7cc84022cf55a19ced01a28c5ec
SHA512 9a2d45fc711663bb6754025d5e9a5b54ad053b660d07dda621608f9f0c48d042333ba78ce4033e650f63c24676fcba36902395c9f5c93a026ae5347a71e50568

memory/3052-971-0x00000000080B0000-0x0000000008126000-memory.dmp

memory/3052-973-0x0000000008130000-0x000000000814E000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\ie4sgbye.newcfg

MD5 5e9e5caea0e9c4e8b9451fa2e417ef31
SHA1 cff95e107d3f17213a9131db68a342ba5f85833f
SHA256 a4e3a68ec05d7bdc8b3af1e9cf8bdd719c228e079c8489ca2a188a4541ca8093
SHA512 225dd12ddfc61cdbfa3e7f8bebcca47d4273998806b18f29fda2af7f2f2993f692c169c3811d1eb0a16ba83910f035abfa1ce41119dccdf2836fedf4e6a85e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4cea2d8e4bc2bd6e7a9b2b9c6a1fafec
SHA1 16239cb52b3dc70c0c96ae007dc70beffc5859cd
SHA256 f857a98999989dc440716c45701df49cbbe331085685aaa2189bd1eedf366eae
SHA512 dd5adf46ce697cd6ba9e0ac6c53215be902ac6edd3e766aecbf9bb5d1506af0d11f82b63169df084f60a54178bc808a1e77c66d021b0943c40fd1c48aa5887d3

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\n0cbtbxk.newcfg

MD5 d8f3c0193e05514f91f5cd2db4b589df
SHA1 785fe4cbf68c16707539ba7aefaebdde109de6f2
SHA256 dd2687d3e8dabcda317f637f600bb2a0e088d80143e9eff923a7ff7457bcd00b
SHA512 f8c47cef6bbe43fc85153183f652a5fe04c5b907312c1bdfc3583b401ce2007d213722e1994f08d0f8fb6579f48398204fd360360f0a70d9548d5658d2afd151

memory/3052-1018-0x0000000008D20000-0x00000000092C4000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\xkavy2mi.newcfg

MD5 41ef59da5e0de776ef13d1630c731914
SHA1 94347c033d06414e1099372950e3cbcdbbcb0907
SHA256 3cff2dc358932c6b0ee25f828155e618b2363172441c2e0870728f7f0385de82
SHA512 7c4c24b68b3ae64cae26e25ed1e7c8b591d63ef1647545c96f69f63220b968f466b58472cd34a0626d929fb77e7fb99aa7cffb46a8ec09910ca8038661565e69

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\zvrb5nth.newcfg

MD5 9947a1264484c5f4cc22a07970be3a92
SHA1 7935b6b785cddc4289ac68842293b78269990371
SHA256 4662bb7bdd9d2915a4dce215642ac6b0b04ab8bef451e8a94f467d962a1ef699
SHA512 f1c825d79cb6bc51bccf3e8403e4c787d4d044c3cf82340c175c4b9277d50a7cff3c261f141c56ada4b52bb451b8e512ecbcd0e8f40a20e9d85298c925d4a44b

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

MD5 918b73e11ff23f37859767f65e214125
SHA1 50168ab3820fc493eeb02280be16e9179aa51133
SHA256 08f78861fd112cc75665bfe038a092181120e29d8836b915e9bf058ad8d0e4fb
SHA512 432cce58be2582a54189533f252ff8ae4106001eda19ddf94671c6102525978bad6d5997d4271bf562c62d281e43d649cd7000783393b4e04ce5203f7403e1cb

memory/3052-1094-0x0000000008810000-0x0000000008832000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 47e378812de7bfeb2628a8d7aa0e142a
SHA1 00d114090cd1340ed9237273cf72461b50d9ff71
SHA256 e893ac14c928283d422322b256bc0591917d29c976d08742d23b37952a5a9f57
SHA512 0ec6a3b726a64339a7cad33f8716b1c18de6ea0198002c708815aa74c0c3ba5885ae0fa497a5291d8b123719427572c98bbacefae6cd4c35f2e354a8b30f2305

memory/3052-1129-0x00000000661C0000-0x00000000661E2000-memory.dmp

memory/4488-1132-0x000000006B050000-0x000000006B062000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 ab2a042db4d59320b318e0ebe7fc16db
SHA1 923dd799944998a387dd8bf6fd2e4caef35a6b66
SHA256 65ec066a1c3b030bde7a8c24a3acbcc300f91d7cb318f8408e55796ced8039a6
SHA512 3f261ce079fd340574ee1dbce11099503a8cd30186677944832d9f39bca376fe2b0bd6f436474a836407d3f024f824fdc8958737ff3ea8166089ed51ee9a61ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 b024bec6c4f7497790b0f256b2ca8133
SHA1 82ebc8413750ed3af2903a9a1672c7b719eddf88
SHA256 cb0a12a4221cea7f8fdbd957fe6eb18840b3c1947e750bf6b11a8b1bb75382ea
SHA512 0a282f48f0b55afc510c3375cf08564bec4912b49eff867a000d65bb9337fb0dfb947d6a1a060b9e92ced35324a200025df1790bfd294533afcf7a79ac7718da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 33baa0c00b64ea001fe19c533b91cdb9
SHA1 5d4f20c11cce8f63dc0492cc9b5520536aed0e74
SHA256 34772ee9cc9af4bf18b5ac532380411f2827509a663bc99d72a53f2f073d4d8e
SHA512 c322574dd8418bf80124a6db598495320eab58f30320323a2dc1d4e34364a1fbb022ef9ef0c7b4c17e19fa4eb15f7f5efbe8171ce61825641351ed33d8c03096

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 7b1d0b28954f0bb68bfc4bbb2525a142
SHA1 07dacc6944ae7c34d971bb51469716e454f16f30
SHA256 fa1de0268b71358006bcfe17c6eebbc35c9d51c648214820022b63bcd9c1fd4a
SHA512 655cf47f64acc45c119ad92a020b35508382a169106f14627e6108833f2bb5a994cba0f77348bc8dfd38d87163c7ad6867c3b37250ddd6b2d7a0af8c538b4fad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 b3baa6daf6e650d825afa26de64f4a1c
SHA1 32fd720530ed7f3ee44abf37adc43c13e7a98521
SHA256 52a3e4e414c9669beeb24f18a109bc892147a81a328f791a93817221f60cd481
SHA512 b4b5f4bee5e5411647c6ea0c01d09fa096139e8bb8701bb4422f5c63665da1d4cae6fd0153e3178dfae67d58a6674916e298315c7246b027368a33a124756d38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 4e7edfe35e22eb75e1595e996560cc51
SHA1 8a4d3ef39ae71b7d5535b0229e59bf0c45d987ec
SHA256 4d2cbe37e9671926fef1d68f9cd970f5948d3c6f69e898e0803e8e5addb25d98
SHA512 661055517d010882c4b88a87e0774570d5e17864b1afa6781a7245bf4c9b0af5efaaaae16eff47eedf4665772c59dbcc619b11b1756940a3baf278b8735e8124

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\statistic.db

MD5 95dce32019b77df44c51df9ac6248148
SHA1 1ff3753f39b8a4e6eb3002689db3db75f318a6fe
SHA256 ad0da1a29dd675debcbb1d7bf239082589dbdc589ea1067d9e3cea79ddbc242b
SHA512 f4ff61364a816fc8ec515866399d338ff6ea5e2992a49ac0f207626a52b9f4a8598d9688b40f6a93c759fd0085f9a3d45a218078b6bfd527e0f9cae4fd157f14

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\WebProtectionConfig.txt

MD5 0cb1cc6ebd3113ffa4d08cb8e611b0c1
SHA1 c084178a890875d41c400e8950537e1f8a58a50f
SHA256 b578ec7cfe4cdf6690c83daa66b068fc585a8b35fc3a8722e29f2dc0fabb26e2
SHA512 c86f4c9a16249313e1a4e0561dc6241e931c5d382a830b64e3aa9d1447734716417bc2f08e4860edc0d2945cc5091170b90039194c90985395d33a36662fffec

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\AppSettings.txt

MD5 590fd86ad024f2b655deec8333e240a9
SHA1 f1946050248dd1aea834f139063ac8eb3e41677e
SHA256 7afe6a8c5bf14cace6e9bb2d40df2adb5f31325fc024f448138106cf7b63f7c1
SHA512 c19bf730552e548b6caaa27f5ff2c5b34d34ac9408b3b6e388361635ddfd4f619b9205fad76b9141f2804b8dd364cd843dcbabd4d9d7b7b712f320f6729d87ec

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\ActiveFeatures.zip

MD5 f399862f4ea59a17c22943c3e486ee58
SHA1 85ab6a077c208397fc17636c9bc146b27f654de8
SHA256 114f787d70b5cf81bbfdbfa30165a84fda628866cc622c0d3b7d89f8f34a0e77
SHA512 991c63e9cfd76a7acf9ec5e161c23e26906a4b9dbfb592509f601f61e9cba1b2d5babebe3fefe254d1157183c1d771b387d8222ffc0e742eb7e602ef19778bed

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\yv1pee01.newcfg

MD5 7ccf5fb6d61493fe051f2adc4b0260b3
SHA1 a8a8204f7990a521029ab86f5eca58b922edeb4a
SHA256 0246f58ec27588d91af3952c6da97cb849dbbd12e8ee9f30075d6ff5f305b705
SHA512 314cb120d087fe1b739a0e37e5e2c66054ac4a389cc16775c43e128ae32645cf705581955b4a8bde25041aced6a693ee294c5ef990d71c69ff68dd63cd4a8064

memory/5436-1336-0x000000007480E000-0x000000007480F000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\gsjt0mps.newcfg

MD5 34833df80ecb9d5e2d592db9b3ae70d6
SHA1 5dcee5e915c0f2a5f0c9ce9fecee9698f4fe6dd1
SHA256 98e0257a45db7e6909db7e998c5a9cb6d0f2aec612661f2d28bab1437677503d
SHA512 32567963397e1428cd8d8788525e5a958b1f09582361354b53d32af76481ff25b278fae35ce77c5967ba0a07c708b2bdbf9d85be1e38e7a208fd40d0f66d3220

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\user.config

MD5 b6698267c2c6fe01a31421e879856f48
SHA1 5246751ac99b046bb758b9cd139cb32b3d7da7b1
SHA256 196152408b4ac609bb788364a0ce80ca2dd2f11130c8a4c813c0fdf557be5934
SHA512 cb8644039e67d447204ee51669a359648b6f11d2921eaee538e7e8140f5fd714d4a29e4d04dfba32a8b355644fddb9df6a8150b3eca0d5b59a84f55969f2e1fc

memory/4488-1395-0x0000000008390000-0x00000000083E6000-memory.dmp

memory/4488-1396-0x0000000008580000-0x000000000858C000-memory.dmp

memory/4488-1427-0x000000000B830000-0x000000000B838000-memory.dmp

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\nysizexv.newcfg

MD5 2c3a3e2c304a78825c89df85c285250a
SHA1 de5c766932d19ccfc01ac53afce4948d9f2ae111
SHA256 f4d06f9fbf1b28af6c10f492fc0513e0e432441421dc040e687e49d2be6d5452
SHA512 724006d152973f23920f0655e343fe5c1d18fc34b8835a6f5b2864fe81e1d8c355e3275bb92982a2c690cabdcbd2d56fc3f7b5f391ac0ce86e9a0f9fb18e6fc7

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

MD5 dab042b104b2f904977ae033f0b7fcf1
SHA1 d779bec870dc968f01f3ebd369a6e4b6ed77fc07
SHA256 b76d1f149dbf5f3c4479a92dd60bfb18e4d11bc1c241260bb289d4a9445fcf7a
SHA512 5b7be87ad5e6d6c3b9ea3b8451bb08926ad82b352ce384114c047a928088eb899c06d2f385f691df8cd2e9ab3c912d865be3b2c24de030b2d57d0ff580922a01

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\exf11ml3.newcfg

MD5 0347dfd7feee5c48c3d1770fce46906c
SHA1 ef0b57bf31a3c268f70d3e629047d73b58916d71
SHA256 24329b74735462511094418baafc0dd7b96865b344b9bb5049e0de0485dc8d4d
SHA512 015bc9b29dd39460294263129aefd48c9f01057fe18cab322ebd852518acef9d16a48054e50f053fa603110f09333f72569628de1018aaaaaf1c57ae61f25861

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\4jdkgvcq.newcfg

MD5 453f54c9bb5f056f93afe7100e488eff
SHA1 050b08a5ce662cbd90cbf5b249602969c05eeb3c
SHA256 14fde4cee90e9ba914b8763318120ffaf1d3d0e54e7adc2aa68b9c378baa5dfe
SHA512 981705d05773b1247be3e2f710b0ef6c3ea63c182040f7d8eed40ee7c8139cd3fec5990fbc835bded5749cbff5296883ea64f6217f2a3b1fa09af1afa0bdc09c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 74a5eac3f5ccec5108d49188009c829f
SHA1 9f19de78f4d687a2c46c871769c59559f416aab4
SHA256 d9bb3ae37374b063e0305de1244d0ec6d58e66ee9d4d29332e505df1ea8bfe9f
SHA512 2b1489cc5dc612ac73e0cbd64859fb31833e8457c138108f1a87f3d11902e42e9c177ea1fcf05a94fccba1847127834aed390250da28e4168acb607fc312a378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66940266cf8beca9f0a6ef116986ce63
SHA1 df7f27dac4bb2940a04fc0d38a0e8db3e7424016
SHA256 276dbc89b22c644d1eabb50b3aaca6480e071f836bbc74bd7f0a710fb615d0a0
SHA512 cbed656324898d8e525b906d607cc319929aa9b0cc612aab37aef0022948fe66f9d462a773d062802c5d6be232832ab903503a0c0cb55626694bb053f284caad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be2e1ccd8286d5a868558db2d19c966d
SHA1 b744c1ae72b2415ad340d09feadc5cc7f1f5adfb
SHA256 fd52de49f880a234d1c298be1f12a26530d38414571ca1fcf9e941524222a892
SHA512 3c8624c6aa49d8b0446cfc8fd21b95c4ec01c2234943450f2191a6d110f555aae1887da8563b7c151abbce8c885beae40bdc1037a8870d59c71e3cedbf64e62c

memory/4488-1620-0x00000000661C0000-0x00000000661E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Lavasoft\Web Companion\Options\FeatureActions.zip

MD5 94a3263bd4a3447478729d6add2c28ae
SHA1 37716240b644954907a3f62cc45797e805e7f42b
SHA256 5c40f3a8ab3b19a8e0b4f57f7cd21ede1ca73492d78c2303544e83347c96b8f1
SHA512 b7fd8beecdee6e9414bc2e811a78b26ccf89ef1d44c704fee96a3f8bd24a66986f952f853eff181b412f6ccf14362ecf26d9d5bd5c739aded4f8a1b6bf41b134

C:\Users\Admin\AppData\Local\Lavasoft\WebCompanion.exe_Url_kleyaxrtenldtfqjmu2cbjmsn1otpqzk\12.901.4.1003\u4qpaz5u.newcfg

MD5 40ee76fe398da89493e05ea67d4b90ff
SHA1 c72079907c8a105ba6ec67bbb3decdbd9791e758
SHA256 6993b96acfea4668fa1a2183e2471a84ed657aea72486eb0c5d3ea53c44b81c1
SHA512 71960d4da973f7415e16c081690d439c2197072cae9f78db47bfde679d70eae39f21c450589b85dcfb7b02b7e1569d7a1862afe3edffde1af1dec343b0d42e6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f6e79be87f80827c1cc821b92d3d4687
SHA1 23440140335e5d871e5f53e168f4d7ac44bfd5fe
SHA256 582b1fbb604289585931a04e3213540e1a486e94af2a18b266f0b1dd562a0d3d
SHA512 13e072f0b62c34c7b41537c35919e292527a51633654e31ad4e26276eb744855c63a589c41ca344c47aad2f3e1fa0c710d3dae8a8e056580257498cf87f6ec9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56a121516870d42064aad7a884b10fb6
SHA1 3a6c710c8f88e2fcd36b26d210e3e33fb538b424
SHA256 c8d80b45b42840f6ba31d04675b63d7444251f4728da4fc25f58a102c933d8f7
SHA512 1eb361b72818552a2a29069e74f2f739a8aba7c545605f4fc41273d694136829a5853f83afbd1eb5a67dfb4d36ec5b07d4e638fb4bad253811ed26c5ab467630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd29d145236c284685a2551b4395eb0e
SHA1 f43c504208d0dc29c1f8e5bcfaef11062c295d34
SHA256 de29bdcaec912e7c30ed3d9b5d3bed4d089704bd2c45fa38c1a7c0c75d26a3af
SHA512 3a7e6ca53e6f6dbd244e8e6da95a0147bcb932d1a3f35f59da8fbdb1e6ad2b7f3a429ea98287cbebd5cdd64217858473a67a6e5d8138c9806f90ac7014b1cc48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b20406bbd0265cfb8c7f638eeded1c4d
SHA1 2cae6ef0396524f40f9d29b358632e1c139a3c61
SHA256 e7b76639374a67cc67eedc55a5256b15df2d9309940f5c28675b2af081a68a99
SHA512 39f01e61abbabbc142c5c92a04ac10fb82942cbddbdd54d3045fbec6363caa73631001e58adcb895beb33f9ada5fd8ca9a9e79cf79d0992b779e8e762e03cebf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24c15be638da6d3298dd0a7fdabf683d
SHA1 e051db9084c1bb97aec92bace89394e590e8f433
SHA256 2c21b81cc224c1418185db5cb867bc7c68850e0ad72855e6e4506ee79e08465b
SHA512 1c60b58d6a189f2335b5a4e75ee27623e8dfd6c3ebd94d13b2b30198a75188e06bee55cabe697fd18b0bc041e24c9ab31028d8dc5e439048c276be8ad4661b3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b54a50c368fba2993b048e7defbd3b46
SHA1 c00f3699deca9ba7a2f0dd22f5bd141964292992
SHA256 1b7c39257f63ebd4ffaadf5a38efac81e90cd95bbb7e4e6d9076ca274dbff10a
SHA512 5c46f32d83c0687dd69f561238a190256b62a39c33cc196c9949c8e12ede0f4598925be0ee667a13e2473fe2b2f010cf5f3f4f250be21bfc9c7639e26fc11c50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58af27.TMP

MD5 4046d48a3584bbefa6158ae8f39d5346
SHA1 dc99397d07c22c80bd69a9333e628ce22f331cf2
SHA256 bc4a1b3532ed74230ffc30f50c5f9cd979522b82b7ad6ea2e8472366a0709f8f
SHA512 73db262a024d958e4f852c13bcd1092ad459b88b8055776f8e4eeaa7b849228f04869238a91855e453983631239f3e573db350f2a8c3649d80eeb0d6c7df27d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f8472a52463d248300ac0c19963bcb5b
SHA1 2a2684bb469537ab73c86598a4096192f05033d2
SHA256 b36f23897a3eb8c782275bc79b903a4c365397df56761083f6f97d11add47310
SHA512 0d365a8a72f2257aa280fe139b096479b93dda63cde02bfc888a95a4ce3af67c43f7ead9819e3ed25bbccefdfdfff435dc9922fad0b131a6483a852815873ef9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 09044118da8674015844dadd2821a342
SHA1 9dcbcd2a7211d3ad8972ed561a019e2dedd6b450
SHA256 8c5bdd0ed69ae0479c33d9b19b4d7ecf0d18b4f1d36b3ef5729e736f9f7ac07c
SHA512 971ba6976c195a86e00690c296d9742d02f7b9079fd1c4fcc83d2b838623efed33b97377e1ee87b23df76c42655c332d566221378e9b31e126fb162dacaa54ae

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 34fac6457f8d78c92665a97ccb49df7e
SHA1 ef7432dd4d0bbe1a509a008d04e75c2ca48563f3
SHA256 001a86e6d10ed87ade8fd1e9cf0452ee87804573885565413305073de55f9c9c
SHA512 7b3e7fbfd999c51afc9ca0b6df87b1422cabd3a095a1dcf171de93419be3dc821800022ecd34ebeed9419fad02d1d450879c0f4bac3360363fd7355a90e79e11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 75f1d5724eddb6c481e2e87727c0a19d
SHA1 3cfe079018e25b2646f23e0744bc5af2114ee256
SHA256 751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c
SHA512 a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youporn.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 288b80b3e5a1014a1ae4a047d51ea5ee
SHA1 75de5f747fe2925a44c9819bc4b944c91fd5082d
SHA256 94014f6931a65305eb6955f0a72dccfe64afdde8f0edf914b8a6731837a333f9
SHA512 91a00ed83cf56943a2e06f52224f76f12a82e6b67f8880a0bf6bc298cdf7c0f2191b3251f2bb5cd39b8b1c9b104c9c425221ce5a78c2dd806cdf3484ec99b1f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

MD5 847343e03cee23dfaa7d10680ddcb0b8
SHA1 a6e2df09ed6094032ee93f0ef41f382f4e148c9f
SHA256 ba4577b3546c46510f9f072fb8090720bc2ef4963045501d62739183e01a8f1e
SHA512 38c169ecf6ab79eaa13323880fc85b55a9c07162a3e2bb386bee07793e53ce6cb91443b0dea4f9e129d5e96f201b25988417497412e6e77f2770c456753c8171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0

MD5 ef865dce8f39bd572b864f677f7ec8c1
SHA1 c892470e7119cd85d63ec1de8ca0a007b5e4be28
SHA256 1f1a6c27fc64b5e82262676f06eca358a13e7728b5b92999eb0fac6e91bb6ee0
SHA512 49b62fc477b6254f9056bb4c5f73c5ef26d199950e1d019e28b803841fc055995dc5d80cdb6e632e66fcae5c396b20ef32a881959d09bafe8aa7b536f7430a0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 ca9a00e160b7dc408a80eca964383bb0
SHA1 0060fa733ac7884657bbf42aeca105d491fcf90f
SHA256 7eb10f36703d2db3d84cc3e84446490dcbb8429e38b30d8b269f871cf1574848
SHA512 6bbe9587875c3f8ef03a54249343ff7c4647a87c6b6505d5d9fc1e26c6d7749bf4bd3b02fd09a92bcacee47e33c4fa887ff138ba0b1ede02b6bf1c5eb32ecad3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

MD5 0d84e99f76197695f6210cf3ce79b101
SHA1 d6f2e8d61d4bc3d9804facf615eb810f1bfab625
SHA256 0c82f641ca860d8ddbd66f3e31c5eebca98729c9d3f469e640feb16d15ff022e
SHA512 3b1d851ed41e527fe8ed2e502ff48b8cbdbd73d46e3b381f23409936e5dae6e571ab26d1b8e1b1073bb63708866f4ab2be2badb66370cbdee7d577f6edd26a28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 0175e7d9f7d3516e41d101b2e81d5d72
SHA1 2a2fb99e40c7a2fa0edad6c405c5f31edeb9f035
SHA256 5fd6ccc245d47da85b09278ccfb300b43a4d18c5d39f21941f3a22df08ea9b04
SHA512 85bd071880e3989d60f97fda091e901803e67926e81b41272728b7d3e5dc863f34cde367b363c4f81c2022fc38ea50cb002e8f03025803b6a68ed15bd2143a2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 4f9d58547367f284c0fa5c840c00b329
SHA1 afdf5a998830ad8bea4d57ad8cb3882ac911b43f
SHA256 3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd
SHA512 7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 f43bae76aca474b1c3c685767390f30b
SHA1 3c0529e776d3adbff6b3da32879f1f67f12ea31d
SHA256 c872f37122385d45ae96b618f1a0298387f90a3baf2e01b64f4a296a9fe230d8
SHA512 6f71a93834388b0c9f3f5ef1c8c0e94bb98122eebbfbeece1403e530f214f36a32557f62e6e862a5d29ab25bc39bdcb14505f99c82cd3355d05c87447b81f3c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 f91dfab9ea71dcac2d56932ee97b4a88
SHA1 ea278ac6e3a673d0047623473051b64a7b9085b5
SHA256 f985b76e4096b86b946fe552479dd890b4510310ca11effdb58035f6f9b236cd
SHA512 7577458acd4ce0e69e73d29c8e332a9089627d1ed31c6e2fe02907bcd539cdfe37126a418a445c6722f2196177cfee4501ec1498a86a0af6cddea3914740b120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b4912ebc403a9ccff63dae2ab23ed77
SHA1 fc35fba80beebc877e17a06277faef063620fbaf
SHA256 8551ef1e0deedf4549b8f652b4871dd2906ab2d2c8734c2349f1f771b592cfe0
SHA512 30a090c1847c0ec1f33b99085b438b17a7d2321ffed98a9eedb8de0e0649158603bf0c8401101a9af9dd6d6fc824c97cab44bae7cfcab885b0b2a7760a48f07b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1d32f5b5cae822903bf6ed0eb70c9969
SHA1 1c2ad058192a5a26512a29e3b1833db33d28068f
SHA256 b6bfe3db5e9f35de8b21cbe326a42109823c3682d99ac01322a278aeb133dc42
SHA512 c1ff2d85bbf4be45c86326ea8463b129109f7d4f779794a9169c1a40e18b617880bbe0d6ed1fd3699a5d8157104091b3ac27eac2bb1ffcda650dbbd709e3c7b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d5da7178d2846f81d08dfd7115ca252
SHA1 50a93798d7e7d46cf9e7320ef3ccd905e04775b3
SHA256 ff688526b327b88117ba0bf596168c88ff2458f53ea6dd9e9a1fc9a7522308b7
SHA512 8a1e9b613f05a9b39006873d8fb1965058432acefcf4c7f3b970f879c73591eddff3aef010608b7f6a05fff4b1bef134e454725f1f65f883addd8d3bc577b9fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d45646625150b59a83a4240f93fabfa4
SHA1 f3516a315de906a3e2b56902ebfc6cee6f19b5fe
SHA256 09149f6bc87c37f85e179e949c2a63632bb6b8620a4022b24c3e8542de13520d
SHA512 03d5d0bc9c7073c1d03e2311b528767a9493c6f7337c1d5c7480b2c62d683ed2d2f3a0146ec45dc3160b17105bdf34e37bb1d6add27bb2268ba8af942ec033eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\fe0c0e7c29d3a61ffa60c89554575bdc50002b23\b5c2e899-17f0-4f47-8baa-8db1361e117d\index-dir\the-real-index

MD5 f7aba4c91d7e496309e74ab072e1b26f
SHA1 c031d30b1edd7cd63c1b39ab659afa34502e90b4
SHA256 be4027fb27ae785c3689b522c0c0c547a46da1abc65eadbac1074f3e93856c47
SHA512 f64544368bb5979d87c1acce9ffc48cf717337481bd985044a5506c44fc446d01c5a33b314feeee468c1d913929ececd551ec63c85bad87b1e57317a1f8b1a7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\fe0c0e7c29d3a61ffa60c89554575bdc50002b23\b5c2e899-17f0-4f47-8baa-8db1361e117d\index-dir\the-real-index~RFe590d35.TMP

MD5 c14d32e7d4ee48dc56398ef623134a81
SHA1 1e271888c5a84fe1b3880b8a08ed59119857a5bc
SHA256 3d0b1325b9640aeb95b1d0335f2aed397edf848f4d7712fce7748309fe6f89e6
SHA512 9036ac6e33a89e6ac0d56e251c0b9970c19c5b59043966fcf28cb8ee0d2c774776b331a383d8528a72eb0cc979e57c042d99c20aeeb19dc6ccae68b2844fdc37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\fe0c0e7c29d3a61ffa60c89554575bdc50002b23\index.txt

MD5 8a47fcc2e3938327f87ee39e41905fb8
SHA1 5b1dbb4c215a3e2d3ecf87c94e7f9479b542a325
SHA256 a64e1ffc4c74805c7b7e8ccea7403d5bd608e50aae75fc4659035f1c4560d9fc
SHA512 7657081ab7a83374db28344036b3694e865d91eb2addd02f649d2ba7b8a5a65a3419a9d3b251ce8b7462313661bb7dcc22ba17f526d548e2eca87a35b3e77418

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\fe0c0e7c29d3a61ffa60c89554575bdc50002b23\index.txt~RFe590d64.TMP

MD5 7416005ac50c259fa537318cc3767d3e
SHA1 0ad31006c1744f5b7f907ad940f5bb37eb092af7
SHA256 4d3aaf6e50cdb9599fb905f8f41bb96e9ef7b815c2c85e6dda7dd89ffa491ec4
SHA512 005386d274885724539c1d77e949107c8e89551a3dc60b4377b0629a67dd966e9b786d9d28526f4badce2393de2d48eb82221030f63042afc05034f652ceb8c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000da

MD5 e78f9f9e3c27e7c593b4355a84d7f65a
SHA1 562ce4ba516712d05ed293f34385d18f7138c904
SHA256 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA512 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

MD5 8b37bb42b1577b08892393df19f534c8
SHA1 e12eaa944bff9ccd0687ac54811a3ada4a5d21e9
SHA256 6cc9e87df3ba27d6dd288a0593a4f70a17ecb0bf5cac0a591ff72f355a9f454b
SHA512 9dba0d070832cecab4c2aa922bd07395b7493845926a5bed5c5f86d61c3b2fff1f6fa12069b7b7abe4f15cd58775ffa238aa36c47e100d7ca544abb3bc1a29b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1

MD5 4e23cf0a622effe6072fde83d18d2156
SHA1 bf57a0783c6ceb9547acde6b585b0127c40e17f6
SHA256 dd4fe923e2cd0b31fdec51bd973acf89b180895fdfa82172218a6d96461a5985
SHA512 d45595ddc64e3138d2a4afb2053e0ea7dad66fd726022889ed8452c143449c3e310a9e8fd7f3a7378d0d84506483ad6203ebe2970a55c88bcc3d59fe0ce58449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bca844856ac3bae294b74cd9b4c0c5a6
SHA1 b6f34be333ff69c9042c086f99a10c96fb631c11
SHA256 2fe73be240ef725d2c766d1c4f42fa8cd05b7d88babb9de5192e7cb4f9294ab0
SHA512 719e80373edde6071fab7a0e9d4d855116a711e7c1f3717abdb31d55411c48b0fa98f587dae08c988001c7f37b5be39691a20a7049bfb023f865ffc6fd850873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d93901526ef4ba4faa99f30a2ad6f7d2
SHA1 85e6d618c6d99fcbaf59f70286672b143ab1d757
SHA256 be97c83cd133c529352f8e31b300971d342faa2fb86c5d136a1abd6c1a4a5bf0
SHA512 94f3b275184a0705d48d75b52cf2f29cc92ef3142803d8eaee57f629a237e426b481386808bb6f9240027e1dbae52e6bff83f2d9a1055616dfd07ef9fe84b0d0

C:\Users\Admin\Downloads\Unconfirmed 237721.crdownload

MD5 e126e85516c400f91c7faec6de177490
SHA1 364d5712f99012549c4c0425bebc0c6cd6bba218
SHA256 9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07
SHA512 028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\CR.History.tmp

MD5 56be61fa4901f003a9c69b84175eb016
SHA1 283ceca7b3d8dfb93f1a008bf663672a0a67f314
SHA256 7cf854bc0b633554a6d0ff3945325170a3b88f87d771763413aa6e70827c9327
SHA512 dd400f6e74698fdb35731c6b7ccddd179bdc3112a696a37b87989c8a5ec0d56857521cb149f678888ab9cfcd2d967c117e61bf2ab6e8f4df71d16d5c8f350a18

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\FF.places.tmp

MD5 25b97815c0005fc273a7eff8e4306d35
SHA1 9e23f75f19686261d5a3c9abfc7905bd2b8885bb
SHA256 08eb8fb2f947cfa307191716fc503a9e547fa9104e16f16f4e706a64ac19a393
SHA512 26e258004e766f3a1542f2a5a12ea3223dec9ac37b79e3ffee8a16326d623e57ab10f92fc9302a46dcc938511dd078b105e81b12a9872892fcbd25f0cca7b856

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\CR.History.tmp

MD5 6e73b3da90a32dc416b3ba7c3309f3ab
SHA1 8e3299267499e3648e8c46784a4cc3c48ba00784
SHA256 781c7e3ca29bdc298a46c9d75142fa615129a9c5308e25fa7d6f3e180bb56113
SHA512 ddabd966675c9ea3e024c4a50c353593364b0c45d1ec025bd03a086e3bc86fa34641e1d57d8854afbd7567586358e07ad305402a7a8d5ebf91adc12fec32959c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e62dd02458726b10ddf9674574e9b6ec
SHA1 c6b471e2c95dc36a091ddd007c2e2916a469a494
SHA256 31756a0515c68ba9455432dd3d82a5a7c0f9dbe0574d9aa11749d46717328dda
SHA512 ce93fb4f5af6255a0c1cea294a2a2451b2a8f9fa4aca45490bae3de31a6259e0629b062241f7e127c50728752a99fe26a050086bdaa72b86da7977955bdda038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f26f313dec8f7298e9a55ab0fa8817d0
SHA1 95799779c6f06087d2754a06a532d0e5c74ffa07
SHA256 0bb2a58c147dddbfb607ca33b6ec15c089e0bf660b2cc69b9c90ac6f949dab14
SHA512 206fdae4b8c105bb600de4cb49101aae8b8b42662afbfc68ae10aaf193660e723d686c43673290d6a7c7637fa95e618e7fc4bfd36175427fff5dbc9a87ffb8ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e808546b15dcbde3a43624e7097db2f
SHA1 f1b0b639539997bc1577a1aa2661fd3793a7ca63
SHA256 de7aca9b239dee8c694378826aa5d8b527343ffc4a371d6cb4ff891a85aeb198
SHA512 78e1e739c85932f6126ba5dacea0420dec5203e177a87195a87e5101919236e4352c5c43b2bbf3d33495db67f32774d6061fa5be290f416bcb290b0d2172efd2

C:\Users\Admin\AppData\Local\Temp\nsh3C55.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Program Files (x86)\GUM6538.tmp\@PaxHeader

MD5 244414574ddbd89afa0fb8c7b7dc6d6e
SHA1 2df961a51c13886a9cb53868d5ac1ec3c6b767b0
SHA256 bd35f097a801a3c234cb868fec228d169bb25f6c5dcaff5efb2f9d81a4d523f5
SHA512 1a8014954385bead00003b8c2b08bb90643b62ca60fe4a091bcd6a16086c084b040e800f311f167941bec34bceb39572add7cf533e386f910d1f40e3f21b1d99

C:\Program Files (x86)\GUM6538.tmp\@PaxHeader

MD5 fc8ee03b2a65f381e4245432d5fef60e
SHA1 d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f
SHA256 751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4
SHA512 0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e29a1b2f3b5cc0552d7e34fda2e83077
SHA1 0fc7a3174d322208d42e937b4cbc8fed81d1316a
SHA256 584d1e118ed05438f92807a11171dc5d39dffed88254ea5f911e1a7fa5e9fc75
SHA512 f54def62993953810b0946cdd509e28a8d2302278e61f936abb7658a319c9998360f674b551890bbcc3cabcfa68f414ec908619e179ca63f088651c7663621aa