Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
19/07/2024, 19:26
240719-x5x16awdjp 1019/07/2024, 19:22
240719-x3gamawcjq 819/07/2024, 19:19
240719-x1lsbszapb 819/07/2024, 19:16
240719-xyvx8azajf 7Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
19/07/2024, 19:22
Static task
static1
Behavioral task
behavioral1
Sample
zeta-updater-1.0.1.exe
Resource
win11-20240709-en
General
-
Target
zeta-updater-1.0.1.exe
-
Size
3.1MB
-
MD5
b10ed91a7fe5a422d9c2f9aff5696a19
-
SHA1
c83105f812109e5f6a26564c197f49d61b2ef403
-
SHA256
94c0a829b34030f4b279c794962627eb422cd3ce3f969eb8ca330ca0c9f82635
-
SHA512
fc0d5149ce62ba67755732e5a0004a158bb36ec4e166fcbd734a89c9bde855e71ccf06ee5c7ff9df0834397178c90b9da40769b0275ea487d41c8201f7007c25
-
SSDEEP
49152:5wSHmvR05JIoEe/avRAvUP5v8R3Lkvrd2o8FEOrJUjnjv/kFE2fSAeFa5J9dxSFw:bOAvsU0D/IE5AeFWxxSFw
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\126.0.25558.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} setup.exe -
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" AVGBrowserUpdate.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 18 IoCs
pid Process 1576 loader.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 7140 aj9BD.exe 3120 ajCAB.exe 6256 AVGBrowserUpdateSetup.exe 7852 AVGBrowserUpdate.exe 2156 AVGBrowserUpdate.exe 2848 AVGBrowserUpdate.exe 4076 AVGBrowserUpdateComRegisterShell64.exe 8012 AVGBrowserUpdateComRegisterShell64.exe 2788 AVGBrowserUpdateComRegisterShell64.exe 5704 AVGBrowserUpdate.exe 8032 AVGBrowserUpdate.exe 5340 AVGBrowserUpdate.exe 7468 AVGBrowserInstaller.exe 7240 setup.exe 7476 setup.exe -
Loads dropped DLL 44 IoCs
pid Process 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 7140 aj9BD.exe 7140 aj9BD.exe 5908 avg_secure_browser_setup.exe 3120 ajCAB.exe 3120 ajCAB.exe 7140 aj9BD.exe 7140 aj9BD.exe 7140 aj9BD.exe 7140 aj9BD.exe 7140 aj9BD.exe 3120 ajCAB.exe 3120 ajCAB.exe 3120 ajCAB.exe 3120 ajCAB.exe 3120 ajCAB.exe 7140 aj9BD.exe 7852 AVGBrowserUpdate.exe 2156 AVGBrowserUpdate.exe 2848 AVGBrowserUpdate.exe 4076 AVGBrowserUpdateComRegisterShell64.exe 2848 AVGBrowserUpdate.exe 8012 AVGBrowserUpdateComRegisterShell64.exe 2848 AVGBrowserUpdate.exe 2788 AVGBrowserUpdateComRegisterShell64.exe 2848 AVGBrowserUpdate.exe 7852 AVGBrowserUpdate.exe 7852 AVGBrowserUpdate.exe 5704 AVGBrowserUpdate.exe 8032 AVGBrowserUpdate.exe 5340 AVGBrowserUpdate.exe 5340 AVGBrowserUpdate.exe 8032 AVGBrowserUpdate.exe 5340 AVGBrowserUpdate.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry 1 TTPs 8 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast ajCAB.exe Key opened \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\SOFTWARE\AVAST Software\Avast ajCAB.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast aj9BD.exe Key opened \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\SOFTWARE\AVAST Software\Avast aj9BD.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 aj9BD.exe File opened for modification \??\PhysicalDrive0 ajCAB.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\GUM958F.tmp\psuser_64.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM958F.tmp\AVGBrowserCrashHandler64.exe AVGBrowserUpdateSetup.exe File opened for modification C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdateSetup.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\AVGBrowserInstaller.exe AVGBrowserUpdate.exe File opened for modification C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\setup_helper_syslib.dll setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_et.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ar.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_hu.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_sl.dll AVGBrowserUpdateSetup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\notification_helper.exe setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\ffmpeg.dll setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\vulkan-1.dll setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_vi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdate.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en-GB.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\chrome_200_percent.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\chrome_wer.dll setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe AVGBrowserUpdate.exe File opened for modification C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\126.0.25558.127\AVGBrowserInstaller.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\fil.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\pt-PT.pak setup.exe File created C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdateComRegisterShell64.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ca.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_is.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\lv.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\tr.pak setup.exe File created C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdate.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\ja.pak setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_ko.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_no.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\it.pak setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_ro.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateSetup.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\en-GB.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\fr.pak setup.exe File created C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdateOnDemand.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Extensions\external_extensions.json setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_pl.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\nl.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\te.pak setup.exe File created C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe setup.exe File created C:\Program Files (x86)\GUM958F.tmp\goopdateres_ca.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_cs.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\fa.pak setup.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\resources.pak setup.exe File created C:\Program Files\AVG\Browser\Application\initial_preferences setup.exe File created C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\126.0.25558.127\AVGBrowserInstaller.exe AVGBrowserUpdate.exe File created C:\Program Files\AVG\Browser\Temp\source7240_2085777812\Safer-bin\126.0.25558.127\Locales\mr.pak setup.exe -
Drops file in Windows directory 8 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat setup.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI aj9BD.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ajCAB.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ajCAB.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI aj9BD.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" AVGBrowserUpdate.exe -
Modifies data under HKEY_USERS 10 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240719" AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software AVGBrowserUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update AVGBrowserUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" AVGBrowserUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine.dll" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEBC1D02-EC16-479A-83F6-AA4247CA7F70} AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\Elevation AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\VersionIndependentProgID\ = "AVGUpdate.Update3WebSvc" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ = "ICurrentState" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\.html setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation\Enabled = "1" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods\ = "41" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ = "IGoogleUpdate3WebSecurity" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ = "IMiscUtils" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachineFallback.1.0 AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{358EC846-617A-4763-8656-50BF6E0E8AA2} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ = "IAppCommand" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ = "IJobObserver2" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE} AVGBrowserUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}\Elevation\Enabled = "1" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc\ = "GoogleUpdate Update3Web" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc\CurVer AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods\ = "9" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ProgID\ = "AVGUpdate.Update3WebSvc.1.0" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\CLSID\ = "{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib\ = "{358EC846-617A-4763-8656-50BF6E0E8AA2}" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\AvgHTML setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32 AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{A42B2494-93AE-44E1-B76D-BA8509A5167D}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\AVGBrowserUpdateBroker.exe\"" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ = "CATID_AppContainerCompatible" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgHTML\Application\ApplicationDescription = "Access the Internet" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32 AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77} AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\AvgHTML setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ = "GoogleUpdate Update3Web" AVGBrowserUpdate.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 538899.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\avg_secure_browser_setup.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4140 powershell.exe 4140 powershell.exe 2444 chrome.exe 2444 chrome.exe 644 msedge.exe 644 msedge.exe 5232 msedge.exe 5232 msedge.exe 5384 msedge.exe 5384 msedge.exe 4032 msedge.exe 4032 msedge.exe 5680 identity_helper.exe 5680 identity_helper.exe 1200 msedge.exe 1200 msedge.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe 6516 avg_secure_browser_setup.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 676 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of AdjustPrivilegeToken 44 IoCs
description pid Process Token: SeDebugPrivilege 4140 powershell.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeShutdownPrivilege 2444 chrome.exe Token: SeCreatePagefilePrivilege 2444 chrome.exe Token: SeDebugPrivilege 7852 AVGBrowserUpdate.exe Token: SeDebugPrivilege 7852 AVGBrowserUpdate.exe Token: SeDebugPrivilege 7852 AVGBrowserUpdate.exe Token: 33 7468 AVGBrowserInstaller.exe Token: SeIncBasePriorityPrivilege 7468 AVGBrowserInstaller.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 2444 chrome.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 6516 avg_secure_browser_setup.exe 5908 avg_secure_browser_setup.exe 7140 aj9BD.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2556 wrote to memory of 1576 2556 zeta-updater-1.0.1.exe 84 PID 2556 wrote to memory of 1576 2556 zeta-updater-1.0.1.exe 84 PID 1576 wrote to memory of 4140 1576 loader.exe 85 PID 1576 wrote to memory of 4140 1576 loader.exe 85 PID 2444 wrote to memory of 2396 2444 chrome.exe 107 PID 2444 wrote to memory of 2396 2444 chrome.exe 107 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 1448 2444 chrome.exe 108 PID 2444 wrote to memory of 3776 2444 chrome.exe 109 PID 2444 wrote to memory of 3776 2444 chrome.exe 109 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 PID 2444 wrote to memory of 2912 2444 chrome.exe 110 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\zeta-updater-1.0.1.exe"C:\Users\Admin\AppData\Local\Temp\zeta-updater-1.0.1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Users\Admin\AppData\Roaming\zeta\loader.exe"C:\Users\Admin\AppData\Roaming\zeta\loader.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -c ./C:\Users\Admin\AppData\Roaming\zeta3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4140
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1196
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:5036
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:4320
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6047cc40,0x7ffc6047cc4c,0x7ffc6047cc582⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:1448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2080 /prefetch:32⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1840,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2376 /prefetch:82⤵PID:2912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,9043394738504205743,834122223934661100,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4452 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc5d023cb8,0x7ffc5d023cc8,0x7ffc5d023cd82⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,18266042332900682617,8413684085950048053,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,18266042332900682617,8413684085950048053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffc5d023cb8,0x7ffc5d023cc8,0x7ffc5d023cd82⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:22⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:82⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:12⤵PID:328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵PID:6096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵PID:564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵PID:5808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:12⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:12⤵PID:6196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:12⤵PID:6204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:12⤵PID:6336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵PID:6628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7964 /prefetch:82⤵PID:6788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:12⤵PID:6804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵PID:6828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:12⤵PID:6216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:12⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:12⤵PID:6288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:12⤵PID:6344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8588 /prefetch:82⤵PID:7044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵PID:6260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:12⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9520 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1200
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6516 -
C:\Users\Admin\AppData\Local\Temp\aj9BD.exe"C:\Users\Admin\AppData\Local\Temp\aj9BD.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:7140 -
C:\Users\Admin\AppData\Local\Temp\nsiBB0.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:6256 -
C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUM958F.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"5⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:7852 -
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2156
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2848 -
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4076
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:8012
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2788
-
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0RGMDM1MEM3LTk0MjctNDk2MC04QTQ2LUI5MTYyREIxNkQ0OH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins1MkY0RTAxRi1DNjBELTRDMTQtQTAwMC00RjMxQzg0NDJCQTd9IiB1c2VyaWRfZGF0ZT0iMjAyNDA3MTkiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDcxOSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntBOUU2Q0NDMS02QjU0LTQ1OTQtQUIyOC1DMjE5MDM2NkVBOEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7MUM4OUVGMkYtQTg4RS00REUwLTk3RkUtQ0I0MEM4RTRGRUVBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2OTMuNiIgbGFuZz0iZW4tVVMiIGJyYW5kPSI5MjI4IiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI2MjciLz48L2FwcD48L3JlcXVlc3Q-6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5704
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{DF0350C7-9427-4960-8A46-B9162DB16D48}" /silent6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8032
-
-
-
-
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5908 -
C:\Users\Admin\AppData\Local\Temp\ajCAB.exe"C:\Users\Admin\AppData\Local\Temp\ajCAB.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
PID:3120
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵PID:6768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:12⤵PID:6780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵PID:6292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1228 /prefetch:12⤵PID:6152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:12⤵PID:6096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10940 /prefetch:12⤵PID:6828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:12⤵PID:6364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵PID:7468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8572 /prefetch:82⤵PID:7896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:12⤵PID:8108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:7364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:12⤵PID:6244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:12⤵PID:6480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵PID:6720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:12⤵PID:6240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,8565482600704325867,2282556334001794796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:12⤵PID:5564
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5768
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5852
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E41⤵PID:7080
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
PID:5340 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:7468 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\CR_124A1.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\CR_124A1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\CR_124A1.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:7240 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\CR_124A1.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{43FE714C-CAD5-43F6-B094-002F189A26EA}\CR_124A1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=126.0.25558.127 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff651055390,0x7ff65105539c,0x7ff6510553a84⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:7476
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
506KB
MD5c6a2bff8e96b5622bf6841a671f4e564
SHA1fb638e9c72604cc1b160385fa803b0ea028e5d5e
SHA2567a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992
SHA51222a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f
-
Filesize
204KB
MD5cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA5125f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e
-
Filesize
28B
MD5e68634e87a4e9ccd30184881894f5a8c
SHA1750d0a6c9185bb3a2d8837d54d8bf4fbaa4356c9
SHA25657c4e71fad2d5c15a09ea440177235fcd3fb9ef017b69748b1df701b0ed18ebc
SHA5124d983145e6830d782d08cd131918277789c2ca884b69aff35dbfa4418ec1b620962541142bd0fc40cd8a23eb73ae11f483bbef3555acf771e471e6b68f36f51e
-
Filesize
27B
MD55232faa6caa4ea3cae2df3285676760f
SHA16c9ff2bb06086757180fc64be9467807ad2b6ed9
SHA2564afed737e1cb304bdc2ff0741baf3ba44d3007d6628caa2eedfacde64887591e
SHA512b71e5dd8239b79b26cacfdd779873c4d0e7981179efdcee0b26807b2b74ea11c0186b5bbc17647901d06a928d987fa402522607107f8b49f670237dd78bd99d6
-
Filesize
28B
MD5df33d8ff73bd1c480379bf3ff89363d0
SHA168bca50772fe1c8970aff550720ff82f21c24e55
SHA2560c965ed8e0a4774d2e073885ad7df7dc920576cc7acfb2522db2155f75d4e13b
SHA5123b9e6440412333fe1ae469d7fb902810bf56dac92bc5b9c8fe122628993b04db842bfb30e94c8c60fe97d6db8ea460d002b99981a5abafa6c8484ed597032a34
-
Filesize
28B
MD566f9ca2f2daba66c4b9418aab1c5715a
SHA15302851b016aac1905e9152fbedfd5b628d03ada
SHA256ff44fdb64021b831ab199a4ceef17de9ca11ed5dcfc27d7bc315538c0e49185b
SHA512080019ec671ac434e7aaee5aaa2d1a4f46555e78c3f7462cb7c60b1fa124b1f8920235514001e0ef17da911bb83ecd2056c4d0d704731deedbb4e3f80e633428
-
Filesize
3.4MB
MD572c60af67899c9ee8177dedc9caf8e3e
SHA1133d0e17e65ebca7d1e2d0ff87d61d2e4e97cee3
SHA25633e641f2f0fa24fbe72244e0a6c0da70463cac4e0102c5d385693d065cb993bd
SHA5128584ae3a120aecf6b3ddb181bc8e90696cd68392695d5c544507ea7ef375f425bd5b402a799c21052d6546eaf82e9a03d8c602781f4ed315a658cce82f71caaa
-
Filesize
1KB
MD5f02b40b299af1e77fb0a7ac300b5a7a3
SHA17a5c52f2d8c9262172e7e22aee9ed694352cdeaa
SHA2568452291ea69a14157b2a6e975861b3c9fc93f812d5993af145dd58a24562dfe9
SHA512dcf39d1c473b0fd8e555b989d74370a16024b92efa999176e74615c5161c9a8bf63e3103824b90dddb8a55bcd9f7e56e8a9707c88400df8ae5b0c2b246b9c898
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD536f1ebe9b92eec38618f65654d6b1718
SHA17b858983c8b68986003c808268c663d228b6835c
SHA256285981ad1a9a3bd47f48d8b96ec46bdfa7c32fc75d3f88519ad365fee0da8bd7
SHA51286eac4f74f25aa576a8b836ed399be109626186b283d0f83334050736327db9839b6ba0aa50118d0ef632bc0102af4efdf46e6a1240b97971fec73f3806cd0dd
-
Filesize
8KB
MD5f1b3a08594d6da22ecbdfe80da9f2406
SHA1d87c8b7ab4e7b58734a703693246a16eb6bd838d
SHA256c23f6c6d3e3d874a30a36ab86f4cb5c04eb73cfbfdcaf68760a659dabce30604
SHA51257705b3a03d4040f9d9dc9842ea27c96c7c8a518e5b4b905b18623fcda94174732a24876affddb47b42e23107c11ffdd4d49ada4e0e55691c5b81df538f9e912
-
Filesize
9KB
MD5e2daeaf1729327f67461f2767d103ef8
SHA16a0c26bcc65128ea7be9e3b99b1779c1b5d73c4d
SHA256c40f668206317e7d4bc8b7bfc82a87233e0f7425e549ebc9cb0f485ea17b1674
SHA512c4221aa292671d653dfbfcccb4e0f1482908a207a27826b261f494a1917cc4385e316cf1dba1fbbb7a8d26290669bdbe64d7a96e5e9917784395ac2e1871720b
-
Filesize
92KB
MD52983881f3b7811917a1dc12dd379213e
SHA19272555c906d21333ed2f000cbe8fd5be4ef3f39
SHA256c0d452fe91f757ef1063dd1d39300227ff993f88078ef2f9deb3d6efdfd55474
SHA512263753dcb327b368033402e1f542fca08ba20ece4dcaa9361f92787bad3478a86821d9d940b0fba8d7e1fede3c4326c1db2377372bd40128804780594a47a94f
-
Filesize
92KB
MD5ca037087132178318e6287536e0b50bc
SHA19a6abbcbed54c76f58cb9c3ab335e2110a52c23e
SHA256300c84f11e97baa1ca3ebec40e876a65faa37a6c2ee29414dc0996c0c94cd7df
SHA512f890d5b8b2257e8dc84cf3639ed61bf765227873afcd96909528eef4429b9891057ee55f96bc975c43d6b704eddc1fcdf06d77fdfad6fa1617db5efd145c939b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
152B
MD5562b59fd3a3527ef4e850775b15d0836
SHA1ffd14d901f78138fc2eece97c5e258b251bc6752
SHA2560a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430
SHA512ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2
-
Filesize
152B
MD5c1ff2a88b65e524450bf7c721960d7db
SHA1382c798fcd7782c424d93262d79e625fcb5f84aa
SHA2562d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409
SHA512f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f4a8580-d4fb-49b9-b37b-f230e5bba59e.tmp
Filesize17KB
MD5ff68273ec519812a4b720253e6ff38df
SHA1ce5be663152891c488628fc39344c563b438ccbc
SHA256ed012a1bd09c94940e9bdab989abfbe525ad85eb1ffeb0574db7b1f0894d46aa
SHA512fcedebaede506bafeee0c4b40a99b843b890fd539eff306602efff3ab91cc99d498d3847062d4ffb2fdc6415ff1eb8f486f278876ee61e3bd0e11a3eac4866d7
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD51d9097f6fd8365c7ed19f621246587eb
SHA1937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
41KB
MD578b45f66500680832e342e6fb8f0c7a0
SHA1457528aace12ab0b6487a490d7b8a6adb13dc8f0
SHA2565cb9b5d3fb0be382aa00936369c7589c938a438c3942c9883072dee465458c00
SHA5126c1aad5408b7c02a828596f5030fdd310b78b79dffdf3b3dd997aa26802b55026bc18d7fff44a0e3fadef8087b43964262a9894fd4fc06de1b229bbc6d3b2b1d
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5931d16be2adb03f2d5df4d249405d6e6
SHA17b7076fb55367b6c0b34667b54540aa722e2f55f
SHA256b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3
SHA51241d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad
-
Filesize
16KB
MD5bd17d16b6e95e4eb8911300c70d546f7
SHA1847036a00e4e390b67f5c22bf7b531179be344d7
SHA2569f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352
SHA512f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb
-
Filesize
19KB
MD5d1b6e1ab1d59250bcaf318173293882e
SHA1bd1eeeecc559a81a1728b51c46c62eeaa8d48ef1
SHA2560c37cfc729a7dede221e3e412473bed2cece5d56cfc8deee9245936cf9f9ddb7
SHA512d8c95b0e57ecf94f9b761476f5f7897fbcf12f722557692b69ee67e7c0cf751c9ff8e7e186bda031f3897fd1c02ab130bd12812e67a1a2225d9a6cfe7e288e64
-
Filesize
17KB
MD567e30bbc30fa4e58ef6c33781b4e835c
SHA118125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA2561572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228
-
Filesize
104KB
MD57651b1187bb58ac4c7be625337b35e5b
SHA1307d969ef4137a66fe2793737dc1c546587c7f43
SHA2560632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a
-
Filesize
31KB
MD51b65dd3bfcbc5c2eacf211b1320108be
SHA1b8d2622564d2e7b724dd1ee0732700d64981a357
SHA25671b8bf18d65be2532055d0cd5ff6ca66af88792e49f4d1b1a398af49df30e038
SHA512912f788d773d340eb4a676067623f0480c37bd13d05172835b6b7f318707057cdddff241649edf6c9b073dbc683d4275507596e96021cea2b32269f14d428d4b
-
Filesize
97KB
MD59e827fdd1c6785038b88702c4fcae106
SHA1f25166ae62da1f553a5362b1b10167f6c50f3690
SHA256ce1145164a8795e130e871891ab616676fb39538dc1ae32f0c2fdcc925f6d9d3
SHA5126a9fc060f75084e0aa9274a98a70699799436fb0cc89ffba4fb2cdf099fa8ed9f5dc933e479ab632cda561cc23f5d95d466d8005b28465395bb29b0bf1d2db08
-
Filesize
42KB
MD523d5f558755a9d58eef69b2bfc9a5d99
SHA1fa43092cb330dff8dc6c572cb8703b92286219f6
SHA2566e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf
SHA5129c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d
-
Filesize
134KB
MD517d9640ceaf0aa9d8b151596f98cc483
SHA166799cd5a2f30dd868f9cf17622abac5502dd4d7
SHA256840d391aff1faea4f8b11d870977788aab126c924f19cefe4d899fda32d8e3ea
SHA512c0fa603bfdea97ea353357f035d817e80652d2e7ca2e46b1281151061c41739cadca9767b523f90654d6d2ce90165a8e6b360908c38914791453a12e13526b90
-
Filesize
25KB
MD51b7ac631e480d5308443e58ad1392c3d
SHA195f148383063ad9a5dff765373a78ce219d94cd7
SHA2567fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738
SHA51215134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d
-
Filesize
20KB
MD5ef395876af4fd9145df97543881db131
SHA116bd9f3c69d5764297fa02dcd57bd507b3502e2a
SHA25614fe432bc385bee9b5395c98fff1b64c7ff3067cef264a3f146921921313678a
SHA51275e5e50fe9734552014c0e4b04282cea87a29be8bfd8af8a27e262e974c74f622953a5663ee11f63888f647bcc4aa50e5000bce2b3d261db423f7282b015f6f5
-
Filesize
146KB
MD5d413284fa2892c8b6a50c8124cca9bdc
SHA129dd5dc972558ad9403ec320285148318335c390
SHA2566601b6c147960be14bbdee5db502e29439a3f29279a2ec5115e2c623d788c1a2
SHA512ca8c6e7fd2b7ad4b645869d408e7db913f6e5f111c2ee361f0132aeb89dc4a2942eea6f4297c33dad075bed1be713c36bb5f916ce5d4be7fa736fc3f5387680f
-
Filesize
81KB
MD5ed739e81f7761482d44ae91d4d5975b2
SHA12f267d1f3e49f1fb40f7b38d5b2c25abdeee9685
SHA2569d3c875cc483153af3a96e775eca36386717d3ef7cd7a89bec0ca9a1ab556a0c
SHA512d8280729a572ac12323564f090dff495ace5b8f9291c3ca303dddf98960e69cb505828f84e49af12513c87f97707016c52b88a25cb721179ea980dd84000c39e
-
Filesize
19KB
MD505c5c53bb92e2cf4391f6af88d499f05
SHA195a78e30760a97c10f67e7ab60620d69b39ec6aa
SHA2566d994566861abee52911e413f1c6e5353549224edabba42bd94c1437dcc33422
SHA512ce784a0f7ce8b6b7d4c4145c9873b01661a26fea281bd23090bbe623f74da8ca5ae35d961e984d626be316e61e2178dda3ad27c07191f488d23b00b585b22e0b
-
Filesize
49KB
MD5d6c0c97507352fbdea15e4a5ba3c0ba1
SHA10c528a95801032e7641f678550ea0cf37ea030d2
SHA2564d7a44a649d1f1a199e380495c3bb61e84c72a06d5489f9b797698bcc8e4e33b
SHA51244ce695fc37875d7cfd6affdaefb8abf103822c2471bd24de741a678f50855821e90bb40b0a3a9bd2c9df1ab1f406009df488773c9282ca89b3fd02b4ca70216
-
Filesize
76KB
MD57b18225ab4d1029c8a7bc99ecc0c9735
SHA1278cb85ea9d89b8d06e8d907a7371a1dd9b09f36
SHA256baf29001ad632e05b2da502023b6ecf305d65640f3618ac733e1470c2f919eb2
SHA5122044ab4332511dbfe2c17bc4fbbb4be15fb855a755ee166b68fa16e972f2503399cb3b09d0de7f6d7a53e83cd08cd52131102ca4d2e179830fe9b6bef28a9644
-
Filesize
147KB
MD582a10e907132f0ffaa58791c2723e574
SHA15c51964b126a04f2fff4c567639eb3e1975546b5
SHA2569e4752a4ab644d64ab637116eb385ebcaa2bcf03ec3a3db3b57a07ed248f87d2
SHA51212fafd28cade90616221cdf0721fd54e45cf1e206fbb08411e64764f3c9b596af911b417b1068ba613bdc37d2a167140572803e971dd1b1494b79e04dcaf82e5
-
Filesize
81KB
MD5ce301fab4f6cc16679cf2245e32ba0e1
SHA1658acaeb302d1ab70fbc360ff9d59bf317a5f1f7
SHA2562966f1b1dc7a3fc15fc4791b2a855ed1d8d6ce0d368ee42c7dbc57f8eade9ce5
SHA512e8487125d3ce64f2c8aff4440e37e3c2cd899d029373de6b43363d6aad7b2485c3f88c118025272759c512ccbd42646009b2c2d40154de05438b55a2efb3b4f3
-
Filesize
27KB
MD57820201f0db0c706a0ea5bb7ce018ef2
SHA16d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA25604f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f
-
Filesize
37KB
MD5aed5a8f6aba3a80904c4da7e7edc5ffd
SHA1a8822cf6f63a89d540bc7b06310ca1d8cdc11a65
SHA2563a8826e411cbe9529cd9b6475b8d4cecd43c646953581027fe89578a628667bc
SHA512973d1122aa9cb82a908530feddf7b2189e7a16451c49d8a85238e96f25ca9e292fd0827208b4c2f5277a543f8222a6338dafdf6d2da326fee596378d9f8ca625
-
Filesize
84KB
MD58e834d36fe7198340b731d65ba03d743
SHA12b4df8bdb8d68ed6ba2345e0bc7bea55d1d9c159
SHA256251c2814188fe22afa7140dc1a32fdd66263a53571edc16f4313c2ff7d3c594f
SHA51245d8de1911538f37c0fe9813909874d6736c9c19cf16da8bb19254a8ec614084a95ff7ca236a69e7310808ae7b62c0f19a8475af10253cb819dfb22c7eebcc7f
-
Filesize
96KB
MD51305e83e1d51d085d0feecfcadc19e02
SHA11ec114352889988fe07d775822a68c2ec67858a8
SHA2565111151ed31f512ac5c64782cd31bd0e0549564a5ffe4dcda7d1d47dc85402ac
SHA5121afb02b9a923c38a745ec559febf86ff9388e2ee70df9ca0e078cf69de9bcaef575249373ee6d755d23b3d9bd7cf6c521e83a344205418279d1c356fbbedc589
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
62KB
MD50c80334d0d604ec18274ca386da3cc20
SHA17ad48f6e38fc58bb7ce03ff0e7fcc7f68f19c2e2
SHA256eab981b59a865ba5e00917ec3fa2b94baf7c216a98ebd06c23d0ce0f135df54f
SHA51253036cd1ceff91f7e17b2d80d4880d27e9f49bc5afdd739d6f26c2d03a80a08c044f60528be8a8b4fb1ca6a09a0f537e464c1970a2973e8e8a9138e739cc94b6
-
Filesize
26KB
MD566b5415b18ee0645a482e6a679de14b9
SHA1e872d23796c06114f0d06fcff877522db8c99418
SHA2561cd8a7c5e7fa8e8ec03aad4aca1b60cc72f6babe862e4cbd15885f8ec043e861
SHA51235323b4466b571a930f793caa63d3ee88f4f643535d7fb8a505d14904b936f20e8ff27917f069e60f636e554ba1068f658595a84c911a758f66679231987218d
-
Filesize
29KB
MD587c5c9b5aedf9daecbb44869ce8ebedb
SHA1c9eb6bf13a8f14ae927186fd7698ba7176ecdd61
SHA2565d2f0d568d0a8b5c8c285be4f258ebd9b39d4327e263848ec1989f9c18990663
SHA5129ac2b1a8ee033635aa23ebb37e6034c16bd618e8225c40c23fbc295c9841f94082d620f76b91d329c1cbe826425d03db2680865d4383265df5e1c304453b3432
-
Filesize
16KB
MD59c6b5ce6b3452e98573e6409c34dd73c
SHA1de607fadef62e36945a409a838eb8fc36d819b42
SHA256cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA5124cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7
-
Filesize
373KB
MD51d38e5ef537c08756767fa6a2089d908
SHA1c52793da440cb7a255f5fda73fece976e58c5c6f
SHA256199b55625d8e2ee5191e705cadff3d6943c9f58e10df8d58aed9659d97057377
SHA5126af691f04f3ee04c0aedf92660554b639f2be80a7734cfa6c3d76ddf5c7a3afe051c2162d6904a60a34ea3719a198d4e56b5e97987105856007a9a9566279fd4
-
Filesize
32KB
MD5a0475079a17bc364a853bb96c871ff97
SHA1d0813fabf083347f5138bfe2f71e281c051470ea
SHA256fa54ee49ae18e6aef7539ace1ef5b7861a4b623339020412d35fb97502cb7982
SHA51242a1577ebc4cebdebf64f5bddf249619d42464aa309a1b27fd976a6557eb671b367831da7dc048b88679870c78f52215d9c4245d6485718e13baf268081a1679
-
Filesize
3KB
MD5859eb443028ea72cf05c42ac9545f597
SHA14eb3f76f7487fd5db2fe8401528d3b384fec3ea9
SHA256b5705cebc651e9acffa5fc87382c14b1c66de2eab59ed01a35ac703c3bfca986
SHA5120656074bdecc643cb570cf94586dbaafc460b3fe6d7733b61e44bc39f1512aff350ee9deadd7d4e7d2ae16fec0325b81a71b63242db9beafd321a59380c2ef28
-
Filesize
300B
MD5c5fb4aa94413a36a49e4146ba109dabc
SHA10a1d7adfca3e2b6e8d325703d90ca52c2db04c42
SHA25632d568cd5249ec80a17d4a4d53857bf47a65246d9cfdf8746414486483624788
SHA512bd2ce33367ec04491ea8d5a068236274b154246dfc61d363f51be28c920e5bacd121a0d82fea51a163452c664a072876c1555a71c6abe7ca758dc4a4f462c122
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD56b403a2d0aacd0b4f729c2f137af177e
SHA146d567deaba9dbcdbe23c3d0e2340c60a2d14e1d
SHA2564e99602043a275ede7c2444243b20eafc798541a7f0719248d95cf00d2b82177
SHA512feb1ed643fcf1d774e0f202a71c9ac13967a06de6e07c749e8076257553be650215745bcb6e6afa670a3a3eec4f8e7324387341a68aafebd27d5a52b44a6871c
-
Filesize
13KB
MD5ba802f79472fe49a63f32b22e926d693
SHA16806952f6b6e268bc53dab13e1e3eb8a778af084
SHA25615be369bc6b0e01cca5705a7be4d202c53c78c2186d9607be7464925274eabc4
SHA51216e4dcf16384c528fc84fff9de06a71f3233ee1d71df1ebc980c773bc7cce74e0af903414dc222f2b1cd0be85acc7fe2e32711a7f82a066c54f557187422aa99
-
Filesize
10KB
MD56749b495c3d022a37cbe1ce221cbb2ff
SHA16a62dac0d6d2c46b39684e98eb07e34feaef248f
SHA2565f8bc1328924ab50410244cb2516d0296cbc75cf2ebca8b2380d1c67121fc975
SHA512e1ad0d31365a687cdc11f0b623449a485308d9fd806f6968d9a7c191229825c13a6ad665c814fe317d14f77fdc68e8bb71b59d796df237675fb80392160cd647
-
Filesize
15KB
MD525598abed2a86f670d63075f632ae835
SHA16f4390fd8a16bf65877809fb4c3109c8d42476c5
SHA25632e8067ad41c1130c40831fe90fa8cb8dd03548bf3ffde6c9dca5ad602165237
SHA512ce2d86c83794b476edae1edaa9cb29aeb9bb805d92fff1fef3c69e59bbcbbaf6567ab05aef978591d5c923826b2c0eadcecb3bdae6f43aba63533f4979433bd2
-
Filesize
17KB
MD5ebde17aa36a65ba75bf6068d25b2d9ce
SHA168016869818232291eb080dda483b8d9184dc601
SHA256aed2d99851aecefebf71d29c7980094d0db73884e0f0602da138fc9e88a12e92
SHA512d53aedc4439d771aed0a5f99941cb34020a77cc37099d0a0e5bb49c759bfb124cd689b765a4b8c21b310026872ce28c5ff2a61833d6bfecef3fe12350a6d4e22
-
Filesize
16KB
MD59f04e527f7ad4b0ab3bc824be107ba0a
SHA18785f2b26ab6f48aad134747bfd785ed479bfe84
SHA25698e8e2def86dafde77c1c658505865903409962dbbcd1b762e7e36f493e14d0f
SHA5129943371cb1546d7d6917356d34094786fd4a1ac0fb31f6d56b78b175ae01022a81cf41cff7c22d7d3aa45b49c8073fe31b029579e04b636c5e2be9475a872a74
-
Filesize
17KB
MD526f8105bdb0f3ce5d86664cb10f7f529
SHA183c2fc698af7be5fc1c4158056c0f23a8691567e
SHA25631bd463464803f35a7c98fc7667aea84b4c52e3c4107111c425aa940ca8a3b68
SHA512592b6055a58b87c5a15f1f646771491cc8539513ebc35fcbb9665b0274ea9f4709af87ce381b26fa8891c1223b236285ee12c77213985936d9734a9d1caa9950
-
Filesize
17KB
MD5de68e694d7a9b8a77d748b3a52ba4b78
SHA18a08d5baa075fcd65fc2c48b23243dde3f279278
SHA2562d18c849f620ef8e5d745ea54df1b440be1d398e7ff2ac7fa270c0805ab7141c
SHA5125fd2b7b592b909ba6534682601fed28bc34dc4127ec550958aa5d0a112a5e940bab231be024ccf716a504f9ddb2db2be58a431052b259229e84a5a07724bcc71
-
Filesize
5KB
MD5e668398ddd9639e56b21963a58d5e163
SHA187caf0bd37ffcfd5797531813a7a0c14c2b5925b
SHA256efd8245cf311e1e4304774a5f9fcf1d088e2fe9d7e1bd75365d09bf4d6bafe4e
SHA512963ed15c0a92145624578cbb2b64b891ea99fa16bab1c9be17465274d55665087b05bc741440c4e7b28ae6d39d5e83b70c4e541bf5df61fed24fbdecdd149959
-
Filesize
17KB
MD51d999c89f475d8324663eb61cfe1e793
SHA1e3d3f4c6ec3ed860e5492fd50dbf1c2eeb5c7cbf
SHA2567435a335a15a5483f6c6a42f354f59cd892683c077a6edfc36f453742d7a1232
SHA512e675f708eecb8f8bec32c654ab4bebaf6aeeea6b844a5e101625f16e26d015ba087e6e2a634d7a76dc8ec672b887f487c01267364abad2646ba95cbcf6515adf
-
Filesize
5KB
MD59ca5b8e8e6703b3cc20d2850119db248
SHA1d95fba96de342209e66270a687c6f98efe01e6ad
SHA256f9d757adced5369f19aeed70effc7828cbf3581144b2e6585433688647b8c070
SHA5129d4b2d38fe86ecdc6d2fb665911f6c1f693cd61104bf4e9b05ff1e29696311300c5a31ebafeb0f631d6cae93798e0a140a807e4b448f6b83d466adc2a60f2caa
-
Filesize
4KB
MD565b2ae7d07767c76e0319fdd56320549
SHA16a10ed9695ca7c20cb14aa380c364db6d04cad56
SHA2561597808c3e4da309267fdad96257cdb253d3c75a76483962cfb211fa7bced548
SHA5126644720095e65dce5d3dd14c31cb45a8ae7a48f1978cd8fb1d9a7bd3314e84bdc26dd5860dac47ab7b9d4652fa23d485a4cba41246a1074e1097a2d05039385c
-
Filesize
5KB
MD5e51f77ba0e22e5bb4efb53390ea8e80b
SHA10243ad7956d7583b31eb88bddf206d261000ff5c
SHA2569029b2aae81a5567c894ac9ef3c630fd624aa7791642beb94275ba745244d7d8
SHA512b06aca7ae5c80f383e7a6ad78c3c0a96ee746817a077000709406256fe3a847e8db5d12352c0d3f43b5eaca693bab6936f3e6cb1b189a812f2366694178e3b35
-
Filesize
5KB
MD595d45c554d0468ec2b8934994d40772f
SHA1fa84727a095b00c4c0b3a4b46d9612f4f3d35be3
SHA25633ab72235e1ff00c0abc596419620c2fddc644b56938341dea8e1dc8fb8e9cc7
SHA512e89b458e1bfb1daec223c87c8d41ec8449c4f6a5bf5f2f4f84c3da4b8025f7ccf353ccade82ee21cb958d2abb3ff0d56c882b4b5827720dbac7abe09e7af8ecf
-
Filesize
5KB
MD57a766849d2eeb70af4bfec0b692b14d2
SHA1545d137d2d13f6f0b36186bd4108ed838e66c00a
SHA256e63330deaaaf26515d839555a2de4f36843083a27dbb6589bc8d5ef117e66c55
SHA5128fd48c9fae248220e28e901619086977cd5f432862242557444c26a96a05e726a3c022e27be49c7d9ff51e803e682979c17524d5687884966eaec9bf10273f47
-
Filesize
5KB
MD58425280350dd41eb4860dd7ab6610093
SHA1f4534bd58f98680c2eb3aed43268e3bce0c660c3
SHA256da92f39b65997c7c1cded4fe65d228f959d347a26cd980c3e9a1154077536962
SHA512a1132982d5d6b582c1bd4df045d917a09f54f88fb6e001d1f1e16351a779964207e10c7c9987d2954e611fe6799305908959d73500446853df7e70895726b886
-
Filesize
5KB
MD509c35acec22b5e8acd24b4000065b285
SHA12b7f5abd9f03e372eef89374b47fbbe34ba28fd3
SHA256e37b1daaa5155395b3e701323545bad0f9550fee659d0432fdcf2373e1f3bc4e
SHA5128f0919c9cde2e0d17c6ec11c7ff0e409ab37766a424e6e7cf8c1edca7bc4b00f5a63b93b4ec5f95d61249209a2f6fc2b5f8739806000babf0bff7c4a80fac5ee
-
Filesize
2KB
MD5e9414430bdd398e921cbe6dc183ccac9
SHA12cce3ae39b20a669f4083a376d6de1bdb1f0ed95
SHA256c69733ec87b14b9371e91531b96254a8912798e92df4f23bc333c990b6053674
SHA512676f1f4597c3c193371b9107dd93035ed04c3925e8164389dd6ed3b4306a34ea28142938143013bc5c5133958afed5ea1cb0f27fa681f9206825ef5fc6072394
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD523ce791c60021562c347bf5418053ede
SHA1a089320cc8472bc3ac445228072b3d17329c5d27
SHA256c30c8985f6ee0112ad5ddb8aa7212f323e5130c6c927736a660eb6b4889030dd
SHA512cc8e7a5113da270e4056162f8c05b1bbcdc4e05463694cf77a2cae62bae5759483cb18275fbd4dc5b099493ce62d6a706d568311b37b7ba76a712736ac5dfca0
-
Filesize
8KB
MD51d78cf43315b8039433bc4e14915ad8c
SHA13095b739c9971bb7f7b44aad3346ae21c870821d
SHA256b2c91ce1ecf46b25d55ad6ef99f51553f819f83c59e3c9d32ee2210f95161c4a
SHA51216b74acf04d0d9155b800e7acce8679368f4527f80d6f598aee1ecdf6d02a0da8b71886f3e13b8c382473096051576d734b776edb427a750778000d7bd55194a
-
Filesize
11KB
MD58e6bccd581b902c5cbbc6c4419a59a7a
SHA141871ba71e97929b5a54a8c4b03606abe3630541
SHA256e81483c829e4c848f97520c78620f41fd1657edd38757f10898cf0518efcbeac
SHA5121c87e70b5f9a67e7a72a3246420f6a8b66f5187dfc4ac8ca21df3cb6b326fcc97fe6dc421f658cef82e4a49fe9e8e5c92cac4e335139b0595b98675db7ec49e8
-
Filesize
10KB
MD51b9123d31e617e691714f03f20f91fe4
SHA1f17491f9cc5297877b735c8d22054280be1c3f6c
SHA25607a7657b052ddb2042ff478f2611970023b4a3d8821a8aaf04996c3296ce3497
SHA5129d40c7fa432b57ce4e591aa870a546c3d3a1ebbfed2d1622a2debe368c143bff4b59d3069c6ae32ef726e9c9e4552980551ede00dcce46c2ddd860ce779d81e0
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
5.8MB
MD5c79bb78a0bad2559a7037913dd1f1f34
SHA1a5b36348ad93fdf971201f31136d8c9b056984a7
SHA256f63b47288af395ac9c02c980592691e2d446fe8b4d3813007433ae262af693c3
SHA5121bd81cbe784427e54903159225e0fd94c0fab1d9498c11db177d86268f34129e6835759a9a3e3822c717349043930e13168390fcc2f9a74f9699f14497cfc888
-
Filesize
26KB
MD5d4fa24f021f155ce9214dccf812c3b7f
SHA1864001ab7d2c87af00b7153cd096e0454b3f4e9f
SHA2563b0889281ff6367bb736690229f461bb4ff34b7437f54a5c71b877a104c0f876
SHA512de1720af369890df89c8550d49b4e3e2e353e4a21ef30be5ebee9216e312a57ede9f7919e71de592d0bad6e482d48fb759dd1d1323caafa506634e9f877f6213
-
Filesize
37KB
MD5650e0e39808140a1da5abd3d27880c7e
SHA1b2ec540caf946ee5353f52227e8c9942cfb42f22
SHA256aab155dcaaafebe4b84a9aeec6ffbce9b484a99b316657ee9b7a98b346f9538b
SHA5129f00d912c123b1b235f0b63154693d294b7cf2c0571fc9bb462ba5c9ef350aa79680436ba4a094c9e28c867bc79bdeb96b0622d153a107bd8a9631d99e4fa6dd
-
Filesize
25KB
MD55121c566ac9315a53e558bf62600f9b6
SHA16da036314afefeb8c1dd88cc6eab0efb432a3b4d
SHA256d88e38df30887c722fb837278ee3782914574414c741cdfd3bd6126799fa3167
SHA5124f6de42af54cec8e63bdfc54ac250a5f5cc09081e9ae85d0cbbcad952f58727cc4cf68501a020474539c51a771537993bc12272496fea5eea924d7058f76fbce
-
Filesize
26KB
MD5c845234dd1e1cdf6f63ec1b025b75742
SHA1150dc042b54e3dc34172d5a2507125eaf619d14d
SHA256ca418ce0992368c09827a76b0cca14070b9c518badc95085c7d71034784fce5e
SHA512b08b899e523da279b9e56306b237eadc6fb91fe460b0872bb6a4b163d3c83480621d2e5e70d1de64fc9d751d8704dd4ab8400d5a901846e4775f4d34977ce605
-
Filesize
6.4MB
MD5f40c5626532c77b9b4a6bb384db48bbe
SHA1d3124b356f6495288fc7ff1785b1932636ba92d3
SHA256e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
SHA5128eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056
-
Filesize
1.6MB
MD59750ea6c750629d2ca971ab1c074dc9d
SHA17df3d1615bec8f5da86a548f45f139739bde286b
SHA256cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA5122ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b
-
Filesize
160KB
MD5f310cf1ff562ae14449e0167a3e1fe46
SHA185c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA5121196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad
-
Filesize
116KB
MD562240b0adc48fd7601a9e73647972a49
SHA10be54e958d099670fdd1025dd4d47ee7126c6b81
SHA256bfe3dc80cfbe21ef46bbb30897dea4dbdbf31d4ab67d581c77ab9025e0fd409c
SHA512c68b84ec5517e5beec3b31a49196771ac2111710f863e5a44751bb70b4e7e206f2a0ed7487801e9b4b4785d3328fe12c2cc7ff80a5f5567bac66d923a74b5da8
-
Filesize
5.0MB
MD52aa52366fb2dd82cb67415f219fcb07a
SHA1d53bf1f0b134cea7e92bfa88256a23b2bbb04c4a
SHA2562cf80be9708a102f0dda102c28cd3a868e062385ba649ce709e7527c924901bc
SHA5128d06cebb327874ceb8e29fcf6dab200646fa1eb89df4fa1d5e5a7b405b53cacd72a8403c3e8bdee99284860415c6031641a4fdf2619b0e7cef141b39de9071e1
-
Filesize
126KB
MD52597a829e06eb9616af49fcd8052b8bd
SHA1871801aba3a75f95b10701f31303de705cb0bc5a
SHA2567359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
SHA5128e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35
-
Filesize
127KB
MD52027121c3cdeb1a1f8a5f539d1fe2e28
SHA1bcf79f49f8fc4c6049f33748ded21ec3471002c2
SHA2561dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
SHA5125b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c
-
Filesize
36KB
MD5f840a9ddd319ee8c3da5190257abde5b
SHA13e868939239a5c6ef9acae10e1af721e4f99f24b
SHA256ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
SHA5128e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a
-
Filesize
676B
MD592ff3e51f55a2f70720c07f67acd3ca8
SHA14aaec240b744fa049bd6d2043106e9b5ca138bdd
SHA256607783ec67ab3cc77fc9298011d53f2c1bb6b0882504c0164a167f787599532f
SHA51247117d866fb6932bb0d6bf00e54a6e26517127be5f84fcdb9759372cbf6da2db4e7faf830793c215ecc94f6d080087b7a28663e4a358c9e1659e0986b3b1b93b
-
Filesize
2.1MB
MD5d21ae3f86fc69c1580175b7177484fa7
SHA12ed2c1f5c92ff6daa5ea785a44a6085a105ae822
SHA256a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
SHA512eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f
-
Filesize
195KB
MD534939c7b38bffedbf9b9ed444d689bc9
SHA181d844048f7b11cafd7561b7242af56e92825697
SHA256b127f3e04429d9f841a03bfd9344a0450594004c770d397fb32a76f6b0eabed0
SHA512bc1b347986a5d2107ad03b65e4b9438530033975fb8cc0a63d8ef7d88c1a96f70191c727c902eb7c3e64aa5de9ce6bb04f829ceb627eda278f44ca3dd343a953
-
Filesize
93KB
MD57b4bd3b8ad6e913952f8ed1ceef40cd4
SHA1b15c0b90247a5066bd06d094fa41a73f0f931cb8
SHA256a49d3e455d7aeca2032c30fc099bfad1b1424a2f55ec7bb0f6acbbf636214754
SHA512d7168f9504dd6bbac7ee566c3591bfd7ad4e55bcac463cecb70540197dfe0cd969af96d113c6709d6c8ce6e91f2f5f6542a95c1a149caa78ba4bcb971e0c12a2
-
Filesize
4.1MB
MD5ab2242c4aba7518eecc26620cbd1d4aa
SHA1ba46c9820732a289cd30a25bfcfc1b3492a6dee1
SHA256b593c2f3d90d0205c1c465d8295514f8e1ec4df4acb3b45c844c72a9529e46f8
SHA5126c3f80b5e6628481a9cbb7c14e020c46c6d4ebb2bcabc5701035c47417000631e6d6c8b3650e0a60e6ad6d1a8e36d75c81e6b36c2539f522aa7cc72eec678472
-
Filesize
5.8MB
MD50dc93e1f58cbb736598ce7fa7ecefa33
SHA16e539aab5faf7d4ce044c2905a9c27d4393bae30
SHA2564ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36
SHA51273617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff