Resubmissions
01-11-2024 12:33
241101-pradyaypdv 1027-10-2024 23:08
241027-24hmasskhj 1020-10-2024 16:28
241020-tyzdvsxgqb 320-10-2024 16:26
241020-tx2gtszekk 302-10-2024 11:53
241002-n2j6fsycqb 313-09-2024 04:59
240913-fmwxpswcpb 311-09-2024 15:54
240911-tcmg6sygmm 311-09-2024 15:53
240911-tbsmsszbnh 1025-08-2024 22:53
240825-2t6als1gll 10Analysis
-
max time kernel
459s -
max time network
775s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17-08-2024 23:16
Static task
static1
Behavioral task
behavioral1
Sample
dl2.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dl2.exe
Resource
win10v2004-20240802-en
General
-
Target
dl2.exe
-
Size
849KB
-
MD5
c2055b7fbaa041d9f68b9d5df9b45edd
-
SHA1
e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
-
SHA256
342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
-
SHA512
18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
-
SSDEEP
12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Malware Config
Signatures
-
BazarBackdoor 64 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
description flow ioc Process 219 zirabuo.bazar Process not Found 232 zirabuo.bazar Process not Found 257 zirabuo.bazar Process not Found 259 zirabuo.bazar Process not Found 263 zirabuo.bazar Process not Found 207 zirabuo.bazar Process not Found 242 zirabuo.bazar Process not Found 236 zirabuo.bazar Process not Found 239 zirabuo.bazar Process not Found 241 zirabuo.bazar Process not Found 221 zirabuo.bazar Process not Found 231 zirabuo.bazar Process not Found 217 zirabuo.bazar Process not Found 210 zirabuo.bazar Process not Found 202 zirabuo.bazar Process not Found 222 zirabuo.bazar Process not Found 246 zirabuo.bazar Process not Found 247 zirabuo.bazar Process not Found 252 zirabuo.bazar Process not Found 258 zirabuo.bazar Process not Found 268 zirabuo.bazar Process not Found 209 zirabuo.bazar Process not Found 229 zirabuo.bazar Process not Found 234 zirabuo.bazar Process not Found 251 zirabuo.bazar Process not Found 196 zirabuo.bazar Process not Found 243 zirabuo.bazar Process not Found 249 zirabuo.bazar Process not Found 266 zirabuo.bazar Process not Found 230 zirabuo.bazar Process not Found 208 zirabuo.bazar Process not Found 213 zirabuo.bazar Process not Found 223 zirabuo.bazar Process not Found 244 zirabuo.bazar Process not Found 245 zirabuo.bazar Process not Found Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection msedge.exe 225 zirabuo.bazar Process not Found 253 zirabuo.bazar Process not Found 218 zirabuo.bazar Process not Found 203 zirabuo.bazar Process not Found 261 zirabuo.bazar Process not Found 197 zirabuo.bazar Process not Found 212 zirabuo.bazar Process not Found 214 zirabuo.bazar Process not Found 233 zirabuo.bazar Process not Found 238 zirabuo.bazar Process not Found 240 zirabuo.bazar Process not Found 250 zirabuo.bazar Process not Found 262 zirabuo.bazar Process not Found 206 zirabuo.bazar Process not Found 267 zirabuo.bazar Process not Found 265 zirabuo.bazar Process not Found 226 zirabuo.bazar Process not Found 227 zirabuo.bazar Process not Found 228 zirabuo.bazar Process not Found 254 zirabuo.bazar Process not Found 269 zirabuo.bazar Process not Found 198 zirabuo.bazar Process not Found 216 zirabuo.bazar Process not Found 224 zirabuo.bazar Process not Found 235 zirabuo.bazar Process not Found 237 zirabuo.bazar Process not Found 211 zirabuo.bazar Process not Found 248 zirabuo.bazar Process not Found -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components INSTALLER.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components INSTALLER.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Downloads MZ/PE file
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe AVGBrowserUpdate.exe -
Possible privilege escalation attempt 2 IoCs
pid Process 4348 icacls.exe 5840 takeown.exe -
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
flow ioc 211 zirabuo.bazar 233 zirabuo.bazar 255 zirabuo.bazar 268 zirabuo.bazar 203 zirabuo.bazar 208 zirabuo.bazar 216 zirabuo.bazar 240 zirabuo.bazar 242 zirabuo.bazar 214 zirabuo.bazar 232 zirabuo.bazar 245 zirabuo.bazar 270 zirabuo.bazar 239 zirabuo.bazar 243 zirabuo.bazar 264 zirabuo.bazar 198 zirabuo.bazar 217 zirabuo.bazar 221 zirabuo.bazar 234 zirabuo.bazar 252 zirabuo.bazar 257 zirabuo.bazar 269 zirabuo.bazar 202 zirabuo.bazar 207 zirabuo.bazar 209 zirabuo.bazar 223 zirabuo.bazar 254 zirabuo.bazar 261 zirabuo.bazar 215 zirabuo.bazar 220 zirabuo.bazar 224 zirabuo.bazar 246 zirabuo.bazar 197 zirabuo.bazar 206 zirabuo.bazar 227 zirabuo.bazar 241 zirabuo.bazar 236 zirabuo.bazar 238 zirabuo.bazar 231 zirabuo.bazar 247 zirabuo.bazar 262 zirabuo.bazar 267 zirabuo.bazar 196 zirabuo.bazar 210 zirabuo.bazar 219 zirabuo.bazar 222 zirabuo.bazar 226 zirabuo.bazar 244 zirabuo.bazar 249 zirabuo.bazar 256 zirabuo.bazar 259 zirabuo.bazar 263 zirabuo.bazar 225 zirabuo.bazar 235 zirabuo.bazar 260 zirabuo.bazar 212 zirabuo.bazar 218 zirabuo.bazar 237 zirabuo.bazar 250 zirabuo.bazar 253 zirabuo.bazar 258 zirabuo.bazar 213 zirabuo.bazar 248 zirabuo.bazar -
Checks computer location settings 2 TTPs 9 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation avg_secure_browser_setup.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation ajD01.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation AVGBrowserUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation avg_secure_browser_setup.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation avg_secure_browser_setup.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation aj1202.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation aj15DB.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation AVGBrowserUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation AVGBrowserUpdate.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 34 IoCs
pid Process 3444 Bonzify.exe 4712 INSTALLER.exe 5592 AgentSvr.exe 668 INSTALLER.exe 1760 AgentSvr.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 6668 ajD01.exe 7064 aj1202.exe 7124 aj15DB.exe 5576 AVGBrowserUpdateSetup.exe 6732 AVGBrowserUpdate.exe 7052 AVGBrowserUpdate.exe 2652 AVGBrowserUpdate.exe 4704 AVGBrowserUpdateComRegisterShell64.exe 3108 AVGBrowserUpdateComRegisterShell64.exe 6552 AVGBrowserUpdateComRegisterShell64.exe 5212 AVGBrowserUpdate.exe 6140 AVGBrowserUpdate.exe 6896 AVGBrowserUpdate.exe 5232 AVGBrowserInstaller.exe 6552 setup.exe 5500 setup.exe 6592 AVGBrowserUpdateSetup.exe 4888 AVGBrowserUpdate.exe 4672 AVGBrowserUpdateSetup.exe 4428 AVGBrowserUpdate.exe 6852 AVGBrowserUpdate.exe 3924 AVGBrowserUpdate.exe 3000 AVGBrowserUpdate.exe 6312 AVGBrowserUpdate.exe 320 AVGBrowserUpdate.exe 2100 AVGBrowserUpdate.exe -
Loads dropped DLL 64 IoCs
pid Process 4712 INSTALLER.exe 724 regsvr32.exe 3892 regsvr32.exe 5504 regsvr32.exe 2980 regsvr32.exe 4744 regsvr32.exe 6128 regsvr32.exe 4428 regsvr32.exe 668 INSTALLER.exe 4656 regsvr32.exe 4656 regsvr32.exe 4152 regsvr32.exe 3444 Bonzify.exe 1760 AgentSvr.exe 1760 AgentSvr.exe 1760 AgentSvr.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 6668 ajD01.exe 6704 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 6668 ajD01.exe 6668 ajD01.exe 7064 aj1202.exe 7064 aj1202.exe 7064 aj1202.exe 6668 ajD01.exe 6704 avg_secure_browser_setup.exe 6668 ajD01.exe 7124 aj15DB.exe 6668 ajD01.exe 6668 ajD01.exe 6668 ajD01.exe 7124 aj15DB.exe 7124 aj15DB.exe 7064 aj1202.exe 7064 aj1202.exe 7064 aj1202.exe 7064 aj1202.exe 7064 aj1202.exe 7124 aj15DB.exe 7124 aj15DB.exe 7124 aj15DB.exe 7124 aj15DB.exe 7124 aj15DB.exe 6668 ajD01.exe 5576 AVGBrowserUpdateSetup.exe 6732 AVGBrowserUpdate.exe -
Modifies file permissions 1 TTPs 2 IoCs
pid Process 5840 takeown.exe 4348 icacls.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shellex\DropHandler\ = "{86C86720-42A0-1069-A2E8-08002B30309D}" avg_secure_browser_setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Binary Proxy Execution: wuauclt 1 TTPs 1 IoCs
Abuse Wuauclt to proxy execution of malicious code.
pid Process 5584 wuauclt.exe -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 45.63.124.65 Destination IP 163.53.248.170 Destination IP 87.98.175.85 Destination IP 63.231.92.27 Destination IP 69.164.196.21 Destination IP 81.2.241.148 Destination IP 162.248.241.94 Destination IP 139.59.23.241 Destination IP 51.255.48.78 Destination IP 163.53.248.170 Destination IP 81.2.241.148 Destination IP 94.177.171.127 Destination IP 178.17.170.179 Destination IP 111.67.20.8 Destination IP 147.135.185.78 Destination IP 192.99.85.244 Destination IP 139.59.23.241 Destination IP 188.165.200.156 Destination IP 5.45.97.127 Destination IP 185.208.208.141 Destination IP 111.67.20.8 Destination IP 139.59.23.241 Destination IP 82.196.9.45 Destination IP 159.89.249.249 Destination IP 5.45.97.127 Destination IP 139.99.96.146 Destination IP 172.104.136.243 Destination IP 87.98.175.85 Destination IP 144.76.133.38 Destination IP 45.32.160.206 Destination IP 51.254.25.115 Destination IP 167.99.153.82 Destination IP 185.208.208.141 Destination IP 45.71.112.70 Destination IP 31.171.251.118 Destination IP 185.121.177.177 Destination IP 147.135.185.78 Destination IP 158.69.160.164 Destination IP 96.47.228.108 Destination IP 77.73.68.161 Destination IP 77.73.68.161 Destination IP 176.126.70.119 Destination IP 185.121.177.177 Destination IP 87.98.175.85 Destination IP 50.3.82.215 Destination IP 162.248.241.94 Destination IP 147.135.185.78 Destination IP 146.185.176.36 Destination IP 51.254.25.115 Destination IP 176.126.70.119 Destination IP 139.59.208.246 Destination IP 172.98.193.42 Destination IP 94.177.171.127 Destination IP 192.99.85.244 Destination IP 138.197.25.214 Destination IP 142.4.204.111 Destination IP 185.208.208.141 Destination IP 87.98.175.85 Destination IP 81.2.241.148 Destination IP 91.217.137.37 Destination IP 176.126.70.119 Destination IP 45.32.160.206 Destination IP 82.196.9.45 Destination IP 51.254.25.115 -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" INSTALLER.exe -
Checks for any installed AV software in registry 1 TTPs 12 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast aj1202.exe Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast aj1202.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast aj15DB.exe Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast aj15DB.exe Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast ajD01.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\AVAST Software\Avast avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast ajD01.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates connected drives 3 TTPs 20 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 182 raw.githubusercontent.com 183 raw.githubusercontent.com -
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
flow ioc 3939 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html -
Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 ajD01.exe File opened for modification \??\PhysicalDrive0 aj1202.exe File opened for modification \??\PhysicalDrive0 aj15DB.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe File opened for modification \??\PhysicalDrive0 AVGBrowserUpdate.exe -
Drops file in System32 directory 7 IoCs
description ioc Process File created C:\Windows\SysWOW64\mapi32.dll fixmapi.exe File opened for modification C:\Windows\system32\Recovery\ReAgent.xml msoobe.exe File opened for modification C:\Windows\SysWOW64\SET9685.tmp INSTALLER.exe File created C:\Windows\SysWOW64\SET9685.tmp INSTALLER.exe File opened for modification C:\Windows\SysWOW64\msvcp50.dll INSTALLER.exe File opened for modification C:\Windows\SysWOW64\calc.exe avg_secure_browser_setup.exe File opened for modification C:\Windows\SysWOW64\sort.exe AVGBrowserUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_ar.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_es-419.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_is.dll AVGBrowserUpdateSetup.exe File opened for modification C:\Program Files (x86)\GUM3110.tmp\@PaxHeader AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_id.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\AVGBrowserCrashHandler.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_bn.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_hr.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_is.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_th.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_ur.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_da.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_fi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_fa.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_bn.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_ja.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_sv.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_sw.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMB554.tmp\acuapi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_iw.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_ar.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_id.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\SETUP.EX_ AVGBrowserInstaller.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_ms.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\AVGBrowserUpdateHelper.msi AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\psuser.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_sr.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\psuser_64.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_lt.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_ar.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\psmachine_64.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_it.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\AVGBrowserUpdateWebPlugin.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\psmachine_64.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hi.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\AVGBrowserUpdateBroker.exe AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_fi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_sl.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_en.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMA7E6.tmp\goopdateres_en.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\AVGBrowserUpdateHelper.msi AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMA7E6.tmp\acuapi_64.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_fa.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_sk.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_vi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe AVGBrowserUpdate.exe File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll AVGBrowserUpdate.exe File created C:\Program Files (x86)\GUMB554.tmp\goopdateres_zh-CN.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\acuapi.dll AVGBrowserUpdateSetup.exe File created C:\Program Files (x86)\GUM3110.tmp\goopdateres_am.dll AVGBrowserUpdateSetup.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\msagent\AgentCtl.dll INSTALLER.exe File opened for modification C:\Windows\msagent\SET9161.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET9183.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET9172.tmp INSTALLER.exe File opened for modification C:\Windows\lhsp\tv\tvenuax.dll INSTALLER.exe File created C:\Windows\msagent\SET915F.tmp INSTALLER.exe File created C:\Windows\finalDestruction.bin Bonzify.exe File created C:\Windows\msagent\SET9160.tmp INSTALLER.exe File opened for modification C:\Windows\INF\SET9684.tmp INSTALLER.exe File created C:\Windows\msagent\SET9187.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\intl\SET9189.tmp INSTALLER.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log msoobe.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml msoobe.exe File opened for modification C:\Windows\INF\agtinst.inf INSTALLER.exe File created C:\Windows\msagent\intl\SET9189.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\intl\Agt0409.dll INSTALLER.exe File opened for modification C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.15805.0_none_8ce1f3b4679d3a76\RegSvcs.exe ajD01.exe File created C:\Windows\msagent\SET9184.tmp INSTALLER.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log msoobe.exe File created C:\Windows\executables.bin Bonzify.exe File created C:\Windows\msagent\SET9161.tmp INSTALLER.exe File opened for modification C:\Windows\INF\SET9186.tmp INSTALLER.exe File created C:\Windows\fonts\SET9683.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\AgentDp2.dll INSTALLER.exe File created C:\Windows\msagent\SET9173.tmp INSTALLER.exe File created C:\Windows\lhsp\tv\SET9681.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET9184.tmp INSTALLER.exe File opened for modification C:\Windows\lhsp\tv\SET9681.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET9173.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\AgentSR.dll INSTALLER.exe File opened for modification C:\Windows\msagent\SET9187.tmp INSTALLER.exe File opened for modification C:\Windows\help\SET9188.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET918A.tmp INSTALLER.exe File created C:\Windows\msagent\SET918A.tmp INSTALLER.exe File opened for modification C:\Windows\lhsp\tv\tv_enua.dll INSTALLER.exe File opened for modification C:\Windows\msagent\AgentMPx.dll INSTALLER.exe File created C:\Windows\msagent\SET9183.tmp INSTALLER.exe File created C:\Windows\msagent\SET9185.tmp INSTALLER.exe File created C:\Windows\msagent\chars\Bonzi.acs Bonzify.exe File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_2d0e4759c01cf211\setup_wm.exe avg_secure_browser_setup.exe File created C:\Windows\msagent\SET9172.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\AgentPsh.dll INSTALLER.exe File opened for modification C:\Windows\help\Agt0409.hlp INSTALLER.exe File opened for modification C:\Windows\fonts\SET9683.tmp INSTALLER.exe File opened for modification C:\Windows\INF\tv_enua.inf INSTALLER.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml msoobe.exe File opened for modification C:\Windows\msagent\SET9160.tmp INSTALLER.exe File created C:\Windows\INF\SET9186.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\AgtCtl15.tlb INSTALLER.exe File opened for modification C:\Windows\lhsp\help\SET9682.tmp INSTALLER.exe File created C:\Windows\lhsp\help\SET9682.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\SET915F.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\AgentSvr.exe INSTALLER.exe File opened for modification C:\Windows\msagent\AgentAnm.dll INSTALLER.exe File opened for modification C:\Windows\msagent\SET9185.tmp INSTALLER.exe File opened for modification C:\Windows\msagent\mslwvtts.dll INSTALLER.exe File opened for modification C:\Windows\lhsp\help\tv_enua.hlp INSTALLER.exe File opened for modification C:\Windows\fonts\andmoipa.ttf INSTALLER.exe File created C:\Windows\INF\SET9684.tmp INSTALLER.exe File opened for modification C:\Windows\WinSxS\amd64_windows-shield-provider_31bf3856ad364e35_10.0.19041.1266_none_1abb9653828c3f41\SecurityHealthService.exe avg_secure_browser_setup.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\f\iisrstas.exe AVGBrowserUpdate.exe File opened for modification C:\Windows\msagent\AgentDPv.dll INSTALLER.exe File created C:\Windows\help\SET9188.tmp INSTALLER.exe File opened for modification C:\Windows\lhsp\tv\SET9680.tmp INSTALLER.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh ajD01.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh ajD01.exe -
Program crash 9 IoCs
pid pid_target Process procid_target 7472 6852 WerFault.exe 331 7788 3000 WerFault.exe 334 180 6732 WerFault.exe 341 6284 6936 WerFault.exe 377 7916 6936 WerFault.exe 377 6676 6936 WerFault.exe 377 5388 6312 WerFault.exe 386 3528 7596 WerFault.exe 429 8280 4796 WerFault.exe 594 -
System Location Discovery: System Language Discovery 1 TTPs 48 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aj1202.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language raserver.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bonzify.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language INSTALLER.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aj15DB.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AgentSvr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language INSTALLER.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AgentSvr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdateSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language msdt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language takeown.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ndadmin.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ajD01.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fixmapi.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IMTCLNWZ.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language grpconv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avg_secure_browser_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdateSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdateSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language grpconv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AVGBrowserUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 5212 AVGBrowserUpdate.exe 3924 AVGBrowserUpdate.exe 2100 AVGBrowserUpdate.exe 916 AVGBrowserUpdate.exe 5804 MicrosoftEdgeUpdate.exe 7104 MicrosoftEdgeUpdate.exe 6000 MicrosoftEdgeUpdate.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI aj1202.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor ajD01.exe -
Enumerates system info in registry 2 TTPs 55 IoCs
description ioc Process Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController ajD01.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 ajD01.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 ajD01.exe Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral ajD01.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral ajD01.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS ajD01.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 ajD01.exe -
Kills process with taskkill 1 IoCs
pid Process 5680 taskkill.exe -
Modifies Control Panel 12 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Input Method\Hot Keys\00000012\Virtual Key = be000000 AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\sTimeFormat = "h:mm:ss tt" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Colors\Hilight = "0 120 215" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Sound\Beep = "yes" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Sound\ExtendedSounds = "yes" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Mouse\SwapMouseButtons = "0" AVGBrowserUpdateSetup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Cursors\Scheme Source = "2" AVGBrowserUpdate.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Input Method\Hot Keys\00000104\Target IME = 110401e0 avg_secure_browser_setup.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Input Method\Hot Keys\00000201\Target IME = 00000000 ajD01.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Desktop\CaretWidth = "1" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Colors\WindowFrame = "100 100 100" avg_secure_browser_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\cursors\\aero_pen.cur" avg_secure_browser_setup.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" AVGBrowserUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\ms-powerpoint\WarnOnOpen = "0" AVGBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" AVGBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\38\IEFixedFontName = "MV Boli" avg_secure_browser_setup.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 AVGBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Anchor Underline = "yes" avg_secure_browser_setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\Revision = "0" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\34\IEPropFontName = "Iskoola Pota" AVGBrowserUpdate.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\32\IEPropFontName = "Segoe UI Historic" avg_secure_browser_setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} AVGBrowserUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\TabsStickyMode = "1" AVGBrowserUpdateSetup.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Settings\Background Color = "192,192,192ΓΏ" AVGBrowserUpdateSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\TEXTSIZE\HKeyRoot = "2147483649" ajD01.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\International\AcceptLanguage = "en-US,en;q=0.5" msoobe.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" AVGBrowserUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\wmplayer.exe = "1" ajD01.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Colors\Hilight = "0 120 215" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.Search_cw5n1h2txyewy%5Cresources.pri\1d7e5369da0bc36\a37dfe62\@{C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\resources.pri? ms-re = "Search the web and Windows" AVGBrowserUpdate.exe Set value (data) \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000202\Target IME = 00000000 msoobe.exe Key deleted \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\CTF\Assemblies\0x00000409 msoobe.exe Key created \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\CTF\HiddenDummyLayouts msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000104 msoobe.exe Key deleted \REGISTRY\USER\TEMPKEY\SOFTWARE\MICROSOFT\CTF\ASSEMBLIES\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} msoobe.exe Key created \REGISTRY\USER\TempKey\Control Panel\International\User Profile msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\16\IEFixedFontName = "Vani" msoobe.exe Key deleted \REGISTRY\USER\.DEFAULT\CONTROL PANEL\INPUT METHOD\HOT KEYS\00000104 msoobe.exe Key deleted \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys msoobe.exe Set value (int) \REGISTRY\USER\S-1-5-20\Control Panel\International\User Profile System Backup\ShowCasing = "1" msoobe.exe Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000071\Key Modifiers = 04c00000 msoobe.exe Key created \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\CTF\TIP msoobe.exe Set value (int) \REGISTRY\USER\S-1-5-19\Control Panel\International\User Profile\ShowAutoCorrection = "1" msoobe.exe Key created \REGISTRY\USER\S-1-5-20\Control Panel\International\User Profile\en-US msoobe.exe Key deleted \REGISTRY\USER\S-1-5-20\CONTROL PANEL\INPUT METHOD\HOT KEYS\00000070 msoobe.exe Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Settings\Anchor Color Visited = "128,0,128" ajD01.exe Set value (data) \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000070\Target IME = 00000000 msoobe.exe Key created \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\10 msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\9\IEFixedFontName = "Courier New" msoobe.exe Set value (data) \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000070\Key Modifiers = 02c00000 msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\27\IEPropFontName = "Ebrima" msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\6\IEPropFontName = "Times New Roman" msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000203 msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000010\Key Modifiers = 02c00000 msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000070\Target IME = 00000000 msoobe.exe Set value (str) \REGISTRY\USER\S-1-5-19\AppEvents\EventLabels\DeviceConnect\DispFileName = "@mmres.dll,-5828" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-20\AppEvents\EventLabels\MessageNudge\DispFileName = "@mmres.dll,-5866" AVGBrowserUpdate.exe Key deleted \REGISTRY\USER\.DEFAULT\KEYBOARD LAYOUT\SUBSTITUTES msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000070 msoobe.exe Key deleted \REGISTRY\USER\S-1-5-20\CONTROL PANEL\INPUT METHOD\HOT KEYS\00000203 msoobe.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser AVGBrowserUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-20\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe\FontWeight = "400" AVGBrowserUpdate.exe Key created \REGISTRY\USER\TempKey\Keyboard Layout\Preload msoobe.exe Set value (data) \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000202\Virtual Key = 4c000000 msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\35\IEPropFontName = "Estrangelo Edessa" msoobe.exe Key created \REGISTRY\USER\S-1-5-19\Control Panel\International\User Profile\en-US msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000202\Key Modifiers = 03c00000 msoobe.exe Key deleted \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-19\Control Panel\Input Method\Hot Keys\00000202\Virtual Key = 4c000000 msoobe.exe Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\ime\IMTC70\CandidateSortType = "0x00000001" AVGBrowserUpdateSetup.exe Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000011\Virtual Key = 20000000 msoobe.exe Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\CTF msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ AVGBrowserUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\Control Panel\Desktop\ClickLockTime = "1200" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\7\IEFixedFontName = "Times New Roman" msoobe.exe Key deleted \REGISTRY\USER\S-1-5-20\KEYBOARD LAYOUT\SUBSTITUTES msoobe.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\CTF msoobe.exe Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}" msoobe.exe Key deleted \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\CTF\Assemblies msoobe.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\S-1-15-2-2922268314-1930440196-3917253608-4275534170-1613359250-253686406-2516286921\wnsId = "Microsoft.Windows.WindowsInsiderService_cw5n1h2txyewy" ajD01.exe Set value (data) \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000104\Target IME = 110401e0 msoobe.exe Key created \REGISTRY\USER\TempKey\Control Panel\Input Method\Hot Keys\00000202 msoobe.exe Key created \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\35 msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-20\Control Panel\Input Method\Hot Keys\00000071\Target IME = 00000000 msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\31\IEPropFontName = "Segoe UI Symbol" msoobe.exe Set value (str) \REGISTRY\USER\TempKey\SOFTWARE\Microsoft\Internet Explorer\International\Scripts\5\IEFixedFontName = "Courier New" msoobe.exe Key created \REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000072 msoobe.exe Set value (data) \REGISTRY\USER\S-1-5-19\Control Panel\Input Method\Hot Keys\00000070\Virtual Key = 20000000 msoobe.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\Assemblies\0x00000409 msoobe.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\Default = "{00000000-0000-0000-0000-000000000000}" msoobe.exe Key created \REGISTRY\USER\TempKey\Control Panel\International\User Profile\en-US msoobe.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObject" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" AgentSvr.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{7837D719-949F-4295-8A03-43B17BE980D4} explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178} AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\AppX6006hzyfsdm0v5mhzsyjgvyh29vvj9sp\DefaultIcon\ = "@{MicrosoftWindnws.Client.CBS_120.2212.3920.0_x63__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.BBS/Files/InputApp/Assets/SquareLogo44x44.png}" ajD01.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVG.OneClickCtrl.9\CLSID\ = "{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Control.2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback\CurVer AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.19041.1023_neutral__cw5n1h2txyewy\ActivatableClassId\App.AppXa2hm0xhd6608a8x0hsrtn = "@{Microsoft.Windows.OOBENetxorlCaptivePortal_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.OOBENetworkCaptivePortal/Resources/PublisherDisplayName}" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" regsvr32.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ = "IGoogleUpdate" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{5E6EB731-46BB-34EB-9BA2-94137C0DF177}\15.0.0.0\Assembly = "Microsoft.Office.Interop.SmartTag, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" ajD01.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E37D9308-A3C0-4EC3-87C5-222235C974E3}\ = "Google Update Process Launcher Class" AVGBrowserUpdate.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358} AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Server 2.0" AgentSvr.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods\ = "10" AVGBrowserUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods AVGBrowserUpdateComRegisterShell64.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.PeopleExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\OSMinVersion = "2814749767106560" AVGBrowserUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1033-110-WINMO-DNN" AVGBrowserUpdateSetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\outlookaccounts\AppXkytm3hnq0vzg49fdp50v6n482apdb470\microsoft.windowscommunicationsapps_16005.11629.20316.0_ ajD01.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib AgentSvr.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14} AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077} AVGBrowserUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\mslwvtts.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" AgentSvr.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" AVGBrowserUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32 AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods\ = "12" AVGBrowserUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlSpeechInput" regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\MuiCache StartMenuExperienceHost.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5} regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods\ = "4" AVGBrowserUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AcroPDF.DLL\ avg_secure_browser_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\HELPDIR\ = "C:\\Windows\\msagent\\" AgentSvr.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\ = "PSFactoryBuffer" AVGBrowserUpdate.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 991990.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 616987.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 301934.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5792 rdpclip.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2844 msedge.exe 2844 msedge.exe 3464 msedge.exe 3464 msedge.exe 2140 identity_helper.exe 2140 identity_helper.exe 1876 msedge.exe 1876 msedge.exe 5660 msedge.exe 5660 msedge.exe 5660 msedge.exe 5660 msedge.exe 5440 msedge.exe 5440 msedge.exe 3444 Bonzify.exe 3444 Bonzify.exe 3444 Bonzify.exe 3444 Bonzify.exe 6976 msedge.exe 6976 msedge.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe 7080 avg_secure_browser_setup.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2056 explorer.exe 3312 explorer.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs
pid Process 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 5680 taskkill.exe Token: 33 1760 AgentSvr.exe Token: SeIncBasePriorityPrivilege 1760 AgentSvr.exe Token: 33 5564 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5564 AUDIODG.EXE Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 2340 explorer.exe Token: SeCreatePagefilePrivilege 2340 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 6136 explorer.exe Token: SeCreatePagefilePrivilege 6136 explorer.exe Token: SeShutdownPrivilege 5300 explorer.exe Token: SeCreatePagefilePrivilege 5300 explorer.exe Token: SeShutdownPrivilege 5300 explorer.exe Token: SeCreatePagefilePrivilege 5300 explorer.exe Token: SeShutdownPrivilege 5300 explorer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 1760 AgentSvr.exe 1760 AgentSvr.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 2340 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 1760 AgentSvr.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 6136 explorer.exe 5300 explorer.exe 5300 explorer.exe -
Suspicious use of SetWindowsHookEx 35 IoCs
pid Process 688 dl2.exe 1060 dl2.exe 3444 Bonzify.exe 4712 INSTALLER.exe 5592 AgentSvr.exe 668 INSTALLER.exe 1760 AgentSvr.exe 3752 StartMenuExperienceHost.exe 1092 StartMenuExperienceHost.exe 2140 SearchApp.exe 5232 StartMenuExperienceHost.exe 5084 SearchApp.exe 5728 StartMenuExperienceHost.exe 4012 SearchApp.exe 6064 StartMenuExperienceHost.exe 3712 StartMenuExperienceHost.exe 4064 SearchApp.exe 5056 StartMenuExperienceHost.exe 3772 StartMenuExperienceHost.exe 4796 SearchApp.exe 2056 explorer.exe 4792 StartMenuExperienceHost.exe 5852 SearchApp.exe 6056 StartMenuExperienceHost.exe 4560 SearchApp.exe 3312 explorer.exe 7080 avg_secure_browser_setup.exe 3816 avg_secure_browser_setup.exe 6704 avg_secure_browser_setup.exe 6668 ajD01.exe 6668 ajD01.exe 7080 avg_secure_browser_setup.exe 5576 AVGBrowserUpdateSetup.exe 7004 ShapeCollector.exe 6732 AVGBrowserUpdate.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3464 wrote to memory of 536 3464 msedge.exe 100 PID 3464 wrote to memory of 536 3464 msedge.exe 100 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 3636 3464 msedge.exe 101 PID 3464 wrote to memory of 2844 3464 msedge.exe 102 PID 3464 wrote to memory of 2844 3464 msedge.exe 102 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 PID 3464 wrote to memory of 4384 3464 msedge.exe 103 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:688
-
C:\Users\Admin\AppData\Local\Temp\dl2.exeC:\Users\Admin\AppData\Local\Temp\dl2.exe {A7D6AB21-2750-47B4-88D7-02E2347C127A}1⤵
- Suspicious use of SetWindowsHookEx
PID:1060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- BazarBackdoor
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad4dc46f8,0x7ffad4dc4708,0x7ffad4dc47182⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:82⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 /prefetch:82⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6580 /prefetch:82⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:82⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:5124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:12⤵PID:5128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:5432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:6076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:12⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:12⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:12⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:12⤵PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:6148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:12⤵PID:6160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:12⤵PID:6296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:12⤵PID:6604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:12⤵PID:6612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:6252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7272 /prefetch:82⤵PID:6580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:12⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:82⤵PID:6860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6976
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Checks for any installed AV software in registry
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7080 -
C:\Users\Admin\AppData\Local\Temp\ajD01.exe"C:\Users\Admin\AppData\Local\Temp\ajD01.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6668 -
C:\Users\Admin\AppData\Local\Temp\nsu1136.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5576 -
C:\Program Files (x86)\GUM3110.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUM3110.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"5⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6732 -
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:7052
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2652 -
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Modifies registry class
PID:4704
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Modifies registry class
PID:3108
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Modifies registry class
PID:6552
-
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EzNkNBOEMzLUM3MDYtNDVFMC05MjEwLTZEMkJGMzY0MjE3MX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2NkVFMkNEOC1ENDU0LTQyMzEtQTk0RS0wRUNCODI0RTExNDZ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA4MTciIG1hY2hpbmVpZD0iezAwMDBDQkM0LUFBNTMtOTMyRC1GNjQ2LTgzNTZEQzZDRUMyNH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDgxNyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntEQTNERDlFNC0xQzY0LTQ4QUYtOUFENS0wODUxMzFDODc0RDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIyOCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTk2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5212
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{A36CA8C3-C706-45E0-9210-6D2BF3642171}" /silent6⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
PID:6140 -
C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_908b22903a403149\ndadmin.exe"C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_908b22903a403149\ndadmin.exe"7⤵
- System Location Discovery: System Language Discovery
PID:4312
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.19041.1266_none_82441dbab862ff6a\msoobe.exe"C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.19041.1266_none_82441dbab862ff6a\msoobe.exe"7⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
PID:3360 -
C:\Windows\system32\provtool.exe"C:\Windows\system32\provtool.exe" /turn 3 /source OOBE8⤵PID:5032
-
-
-
-
C:\Windows\SysWOW64\fixmapi.exe"C:\Windows\System32\fixmapi.exe"6⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:6368
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\HOSTNAME.EXE"C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\HOSTNAME.EXE"6⤵PID:6588
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe"C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe"5⤵PID:6648
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-unlock_31bf3856ad364e35_10.0.19041.746_none_428efbd28b482d1c\bdeunlock.exe"C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-unlock_31bf3856ad364e35_10.0.19041.746_none_428efbd28b482d1c\bdeunlock.exe"5⤵PID:5584
-
-
-
C:\Windows\SysWOW64\raserver.exe"C:\Windows\System32\raserver.exe"4⤵
- System Location Discovery: System Language Discovery
PID:6884
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.746_none_1da55dc225237a0d\ShapeCollector.exe"C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.746_none_1da55dc225237a0d\ShapeCollector.exe"4⤵PID:6488
-
-
C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe"C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe"4⤵PID:6540
-
-
C:\Users\Admin\AppData\Local\Temp\nsu1136.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=2-"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:6592 -
C:\Program Files (x86)\GUMA7E6.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUMA7E6.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=2-"5⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:4888 -
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /healthcheck6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4428
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezRCQTk5RjUwLTlFNjEtNDkzQy04RTRELTk4MTU4RjgxRjc1Mn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Int7NjZFRTJDRC04LUQ0LTU0LTQtMjMxLS1BOTRFLTBFQ0I4MjR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA4MTciIG1hY2hpbmVpZD0ie3swMDAwQ0JDLTQtQUEtNTMtOS0zMkQtLUY2NDYtODM1NkRDNn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDgxNyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntDMUNEMkNEQS05N0ZFLTQ2NkItQUFCQy1GODY5NkY4MUVBQzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IjEuOC4xNjkzLjYiIG5leHR2ZXJzaW9uPSIxLjguMTY5My42IiBsYW5nPSJlbi1VUyIgYnJhbmQ9IjkyMjgiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI1ODMiLz48L2FwcD48L3JlcXVlc3Q-6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3924
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=2-" /installsource otherinstallcmd /sessionid "{4BA99F50-9E61-493C-8E4D-98158F81F752}" /silent6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3000 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 11087⤵
- Program crash
PID:7788
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-disksnapshot_31bf3856ad364e35_10.0.19041.1081_none_f52da7b1195e2d45\DiskSnapshot.exe"C:\Windows\WinSxS\amd64_microsoft-windows-disksnapshot_31bf3856ad364e35_10.0.19041.1081_none_f52da7b1195e2d45\DiskSnapshot.exe"6⤵PID:7552
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsu1136.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=3-"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4672 -
C:\Program Files (x86)\GUMB554.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUMB554.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=3-"5⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:6852 -
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /healthcheck6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:320
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0JEMjJCMzU1LUQ3NDItNEU5OC1CRTQ3LUZDMjZERUEzNjM0NX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Int7NjZFRTJDRC04LUQ0LTU0LTQtMjMxLS1BOTRFLTBFQ0I4MjR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA4MTciIG1hY2hpbmVpZD0ie3swMDAwQ0JDLTQtQUEtNTMtOS0zMkQtLUY2NDYtODM1NkRDNn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDgxNyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins2OTE1QjNDNy1DNkZELTRBMkYtOUE1QS1FMjczMzE1QjA0OTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IjEuOC4xNjkzLjYiIG5leHR2ZXJzaW9uPSIxLjguMTY5My42IiBsYW5nPSJlbi1VUyIgYnJhbmQ9IjkyMjgiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjEyNjYiLz48L2FwcD48L3JlcXVlc3Q-6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2100
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome&hostprefix=3-" /installsource otherinstallcmd /sessionid "{BD22B355-D742-4E98-BE47-FC26DEA36345}" /silent6⤵PID:6732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 10567⤵
- Program crash
PID:180
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 15126⤵
- Program crash
PID:7472
-
-
-
-
C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1023_none_6aeab5d4bd0371a8\instnm.exe"C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1023_none_6aeab5d4bd0371a8\instnm.exe"4⤵PID:264
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.1_none_e9d80fa364d364ec\dwm.exe"C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_10.0.19041.1_none_e9d80fa364d364ec\dwm.exe"3⤵PID:3708
-
-
C:\Windows\SysWOW64\msdt.exe"C:\Windows\SysWOW64\msdt.exe"3⤵
- System Location Discovery: System Language Discovery
PID:6008
-
-
C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.19041.1_none_19c9b562d4b65581\IMTCLNWZ.EXE"C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.19041.1_none_19c9b562d4b65581\IMTCLNWZ.EXE"3⤵
- System Location Discovery: System Language Discovery
PID:3960
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.19041.1_none_5b736f76bce3fff9\msdt.exe"C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.19041.1_none_5b736f76bce3fff9\msdt.exe"3⤵PID:860
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_10.0.19041.1_none_56e294df085b0025\BdeHdCfg.exe"C:\Windows\WinSxS\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_10.0.19041.1_none_56e294df085b0025\BdeHdCfg.exe"3⤵PID:7292
-
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3816 -
C:\Users\Admin\AppData\Local\Temp\aj1202.exe"C:\Users\Admin\AppData\Local\Temp\aj1202.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
PID:7064
-
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6704 -
C:\Users\Admin\AppData\Local\Temp\aj15DB.exe"C:\Users\Admin\AppData\Local\Temp\aj15DB.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:7124
-
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵PID:8068
-
C:\Users\Admin\AppData\Local\Temp\aj92B7.exe"C:\Users\Admin\AppData\Local\Temp\aj92B7.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵PID:7764
-
-
-
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"2⤵PID:8088
-
C:\Users\Admin\AppData\Local\Temp\aj9288.exe"C:\Users\Admin\AppData\Local\Temp\aj9288.exe" /relaunch=8 /was_elevated=1 /tagdata3⤵PID:6936
-
C:\Users\Admin\AppData\Local\Temp\nsc93FE.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"4⤵PID:2880
-
C:\Program Files (x86)\GUMB57E.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUMB57E.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"5⤵PID:3572
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /healthcheck6⤵PID:7068
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Q5NTlCMjAwLTY1QzktNEU3Ny05NjNELTE2RjkzNEY0NDRCOH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2NkVFMkNEOC1ENDU0LTQyMzEtQTk0RS0wRUNCODI0RTExNDZ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA4MTciIG1hY2hpbmVpZD0iezAwMDBDQkM0LUFBNTMtOTMyRC1GNjQ2LTgzNTZEQzZDRUMyNH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDgxNyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntFN0YwQUJFMy0wRDg2LTRGN0YtQUQ1Mi1ENDFERTMzNEQyRjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IjEuOC4xNjkzLjYiIG5leHR2ZXJzaW9uPSIxLjguMTY5My42IiBsYW5nPSJlbi1VUyIgYnJhbmQ9IjkyMjgiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9Ijk5MCIvPjwvYXBwPjwvcmVxdWVzdD46⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:916
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{D959B200-65C9-4E77-963D-16F934F444B8}" /silent6⤵PID:7252
-
C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\wlrmdr.exe"C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\wlrmdr.exe"7⤵PID:5112
-
-
C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_81cc87a43da05fd1\control.exe"C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_81cc87a43da05fd1\control.exe"7⤵PID:5200
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_10.0.19041.1_none_d2e378e1475d4847\fvenotify.exe"C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_10.0.19041.1_none_d2e378e1475d4847\fvenotify.exe"6⤵PID:2144
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"6⤵PID:4768
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"6⤵PID:3276
-
-
-
C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"5⤵PID:7916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 31604⤵
- Program crash
PID:6284
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 31684⤵
- Program crash
PID:7916
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 32164⤵
- Program crash
PID:6676
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:12⤵PID:9668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:12⤵PID:8856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:12⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:12⤵PID:6852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵PID:8184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:12⤵PID:7800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:12⤵PID:8024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:12⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:12⤵PID:6260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:12⤵PID:8940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:12⤵PID:7660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:12⤵PID:9300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:12⤵PID:6220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:12⤵PID:6860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵PID:8760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:12⤵PID:8340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951812537596982222,3438063475510507404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵PID:6148
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4508
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3408
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x460 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5564
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4372
-
C:\Users\Admin\Downloads\Bonzify.exe"C:\Users\Admin\Downloads\Bonzify.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3444 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"2⤵
- System Location Discovery: System Language Discovery
PID:5820 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5680
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5840
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:4348
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4712 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:724
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3892
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5504
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2980
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4744
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6128
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4428
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5592
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
- System Location Discovery: System Language Discovery
PID:5408
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:668 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4656
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4152
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
- System Location Discovery: System Language Discovery
PID:5452
-
-
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1760
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2340
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3752
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6136
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:1092
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2140
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5300
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:5232
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5084
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:2240
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:5728
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4012
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:2836
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:6064
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:1572
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:3712
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4064
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:3920
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:5056
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:2632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad4dc46f8,0x7ffad4dc4708,0x7ffad4dc47183⤵PID:6024
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:2964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad4dc46f8,0x7ffad4dc4708,0x7ffad4dc47183⤵PID:4420
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:3772
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4796
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:3580
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:4792
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5852
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3312
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:6056
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4560
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
PID:6896 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"2⤵PID:6760
-
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5232 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level3⤵
- Executes dropped EXE
PID:6552 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{C1751EBF-A082-4AA0-BC73-199CA398D049}\CR_1C35A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff67144bfc0,0x7ff67144bfcc,0x7ff67144bfd84⤵
- Executes dropped EXE
PID:5500
-
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_10.0.19041.84_none_f9792ddb393f9467\rdpclip.exe"C:\Windows\WinSxS\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_10.0.19041.84_none_f9792ddb393f9467\rdpclip.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
PID:5792
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WinMgmt.exe"C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WinMgmt.exe"2⤵PID:6572
-
-
C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe"C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe" -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:7004
-
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" -Embedding1⤵PID:6856
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness1⤵PID:5532
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s dmwappushservice1⤵PID:540
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1⤵PID:4704
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6312 -
C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level2⤵PID:7288
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level3⤵PID:7376
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x260,0x264,0x268,0x1d0,0x26c,0x7ff69128bfc0,0x7ff69128bfcc,0x7ff69128bfd84⤵PID:7824
-
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\LaunchTM.exe"C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\LaunchTM.exe"2⤵PID:6488
-
C:\Windows\System32\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵PID:6540
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\quickassist.exe"C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\quickassist.exe"2⤵PID:4036
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"2⤵PID:8184
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"2⤵PID:6136
-
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level2⤵PID:7988
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\CR_EDDE0.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\CR_EDDE0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\CR_EDDE0.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level3⤵PID:6672
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\CR_EDDE0.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{0BF23898-D4ED-4F75-8C63-ED53647B69E7}\CR_EDDE0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff6c892bfc0,0x7ff6c892bfcc,0x7ff6c892bfd84⤵PID:4496
-
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1266_none_119b1e415d838a28\convert.exe"C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1266_none_119b1e415d838a28\convert.exe"2⤵PID:8116
-
-
C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\poqexec.exe"C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\poqexec.exe"2⤵PID:7096
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /report "C:\Program Files (x86)\AVG\Browser\CrashReports\55690504-4e23-462b-8b1c-4c4f9b319510.dmp" /machine2⤵PID:6012
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6852 -ip 68521⤵PID:7448
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3000 -ip 30001⤵PID:8108
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:7960
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6732 -ip 67321⤵PID:7536
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:7812
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵PID:6312
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level2⤵PID:3096
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\CR_BCB87.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\CR_BCB87.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\CR_BCB87.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level3⤵PID:7616
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\CR_BCB87.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{2AE3FC95-558D-4E21-8BC4-216591294E7E}\CR_BCB87.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff7c811bfc0,0x7ff7c811bfcc,0x7ff7c811bfd84⤵PID:6460
-
-
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.19041.746_none_18520236ff9eab63\colorcpl.exe"C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.19041.746_none_18520236ff9eab63\colorcpl.exe"2⤵PID:7004
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"2⤵PID:5388
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"2⤵PID:7936
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dmomacpmo_31bf3856ad364e35_10.0.19041.1_none_856b4f50911c6560\DmOmaCpMo.exe"C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dmomacpmo_31bf3856ad364e35_10.0.19041.1_none_856b4f50911c6560\DmOmaCpMo.exe"2⤵PID:8096
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 19522⤵
- Program crash
PID:5388
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6936 -ip 69361⤵PID:7780
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6936 -ip 69361⤵PID:8072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6936 -ip 69361⤵PID:3568
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:2768
-
C:\Windows\system32\wuauclt.exe"C:\Windows\system32\wuauclt.exe" /UpdateDeploymentProvider UpdateDeploymentProvider.dll /ClassId 93bd6a48-015c-41af-8e5c-a776f3266bab /RunHandlerComServer1⤵
- System Binary Proxy Execution: wuauclt
PID:5584 -
C:\Windows\SoftwareDistribution\Download\Install\MicrosoftEdgeStandaloneStubInstallerX64.exe"C:\Windows\SoftwareDistribution\Download\Install\MicrosoftEdgeStandaloneStubInstallerX64.exe" /asyncupdate /silent /installsource windowsupdate /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&needsadmin=True&usagestats=1&brand=WUZP"2⤵PID:6592
-
C:\Program Files (x86)\Microsoft\Temp\EUD2E9.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUD2E9.tmp\MicrosoftEdgeUpdate.exe" /silent /installsource windowsupdate /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&needsadmin=True&usagestats=1&brand=WUZP"3⤵PID:6708
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵PID:8120
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵PID:7988
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵PID:6696
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.85\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵PID:7544
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&needsadmin=True&usagestats=1&brand=WUZP" /installsource windowsupdate /sessionid "{C959CC38-A728-492F-9CCE-4AF8FE8363CA}" /silent /offlinedir "{55FF9140-9E40-4FCE-9B23-25FE9FC9661A}"4⤵PID:7048
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource windowsupdate_zdp /critical4⤵PID:4916
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4916" "1072" "1040" "1076" "0" "0" "0" "0" "0" "0" "0" "0"5⤵PID:8132
-
-
C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\SearchProtocolHost.exe"C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\SearchProtocolHost.exe"5⤵PID:768
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵PID:5964
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5964" "1144" "1032" "1148" "0" "0" "0" "0" "0" "0" "0" "0"2⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83A3E1CD-B57E-4806-BDD0-DACB534716B1}\MicrosoftEdge_X64_0.0.0.0.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83A3E1CD-B57E-4806-BDD0-DACB534716B1}\MicrosoftEdge_X64_0.0.0.0.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level2⤵PID:7916
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵PID:7992
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:6808
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵PID:7684
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuODUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuODUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTBFNTA1NDItNjM4Qi00MEI2LThGNDktNkJFMDE1REZGQjM0fSIgdXNlcmlkPSJ7MTc3NTk4M0YtQUJENS00RTkyLUIxQjMtRkQ1QjE2Qjg1N0FGfSIgaW5zdGFsbHNvdXJjZT0id2luZG93c3VwZGF0ZV96ZHAiIHJlcXVlc3RpZD0iezU5MzI0MjUwLTFFQTItNDM2OS04NjZFLUY4NTlCQjQ1RkI2N30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTUiIGluc3RhbGxkYXRlPSItNCIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNjk4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:5804
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1C0623E-428F-4E4E-A7DF-04C0219841C4}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1C0623E-428F-4E4E-A7DF-04C0219841C4}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{50E50542-638B-40B6-8F49-6BE015DFFB34}"2⤵PID:7596
-
C:\Program Files (x86)\Microsoft\Temp\EU3FFB.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU3FFB.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{50E50542-638B-40B6-8F49-6BE015DFFB34}"3⤵PID:7184
-
C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.19041.1_none_62cddcb4116c2175\grpconv.exe"C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.19041.1_none_62cddcb4116c2175\grpconv.exe"4⤵PID:8108
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵PID:7880
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltMC.exe"C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltMC.exe"4⤵PID:6808
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-security-webauth_31bf3856ad364e35_10.0.19041.746_none_099c40ad55bc5d6c\AuthHost.exe"C:\Windows\WinSxS\amd64_microsoft-windows-security-webauth_31bf3856ad364e35_10.0.19041.746_none_099c40ad55bc5d6c\AuthHost.exe"4⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵PID:6228
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵PID:8292
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuODUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTBFNTA1NDItNjM4Qi00MEI2LThGNDktNkJFMDE1REZGQjM0fSIgdXNlcmlkPSJ7MTc3NTk4M0YtQUJENS00RTkyLUIxQjMtRkQ1QjE2Qjg1N0FGfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QjU5REVGREUtRTNFQi00NUQ1LTkzQzgtMzA2NEMyQkU3MzM3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNTUuODUiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTUiIGluc3RhbGxkYXRldGltZT0iMTcyMjYwMTcwMSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4MzAwMzc2MjYiLz48L2FwcD48L3JlcXVlc3Q-4⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6000
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5500d10e49b43346\ByteCodeGenerator.exe"C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5500d10e49b43346\ByteCodeGenerator.exe"4⤵PID:6616
-
-
C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_4.0.15805.0_none_dc3886319c616739\MSBuild.exe"C:\Windows\WinSxS\amd64_msbuild_b03f5f7f11d50a3a_4.0.15805.0_none_dc3886319c616739\MSBuild.exe"4⤵PID:9620
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 7323⤵
- Program crash
PID:3528
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuODUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuODUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTBFNTA1NDItNjM4Qi00MEI2LThGNDktNkJFMDE1REZGQjM0fSIgdXNlcmlkPSJ7MTc3NTk4M0YtQUJENS00RTkyLUIxQjMtRkQ1QjE2Qjg1N0FGfSIgaW5zdGFsbHNvdXJjZT0id2luZG93c3VwZGF0ZV96ZHAiIHJlcXVlc3RpZD0iezI2MjZBOUJBLTAwNTMtNDZEMi1CRjgzLTk1MEUzNjk3MkE3MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE1NS44NSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPSU1QiUyMi10YXJnZXRfZGV2JTIyJTVEIiBpbnN0YWxsYWdlPSIxNSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzI0NTQxOTQ4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVhjbDlCWXhDOXM1WjJlVzhFQmt1eHc5TVdUelVEV3F0UUtOOWh2RVczVlVDOUtuMWNZQnVyVENDQ3IxQmFHcDZKQUk2bFFHWjkydHFYZFM5JTJieUg4S2clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSI5Mi4xMjMuMTQwLjQwIiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSIzNDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMTUiIHJkPSI2NDIzIiBwaW5nX2ZyZXNobmVzcz0ie0UyMzNCODQ5LUYzN0YtNDhENy05OTk2LTU3ODcwMUVDMDIwOH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxNSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjg0MTA1NTQyNjgyMDUiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjkiIGVycm9yY29kZT0iLTE2MDYyMTk3NDgiIGV4dHJhY29kZTE9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyBhY3RpdmU9IjEiIGE9IjE1IiByPSIxNSIgYWQ9IjY0MjMiIHJkPSI2NDIzIiBwaW5nX2ZyZXNobmVzcz0iezE2QTc1REM3LThGNEYtNEFDQy1CRTA4LURFQTU4QkJEREQ0Rn0iLz48L2FwcD48L3JlcXVlc3Q-2⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7104
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6312 -ip 63121⤵PID:6008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 7596 -ip 75961⤵PID:7748
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:6816
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level2⤵PID:7780
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ddc7bfc0,0x7ff6ddc7bfcc,0x7ff6ddc7bfd83⤵PID:4532
-
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\AVG\Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0 --no-pin-startmenu3⤵PID:4452
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff6ddc7bfc0,0x7ff6ddc7bfcc,0x7ff6ddc7bfd84⤵PID:5000
-
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:6228
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:264
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:4868
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=tile2⤵PID:1008
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffad5f4f7a0,0x7ffad5f4f7ac,0x7ffad5f4f7b83⤵PID:8112
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:23⤵PID:180
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2256,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:33⤵PID:6960
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2308,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:83⤵PID:6740
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=3540,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:83⤵PID:6820
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3612,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:13⤵PID:2016
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3616,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:23⤵PID:4788
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3932,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:23⤵PID:5548
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Admin\Desktop\AVG Secure Browser.lnk"3⤵PID:4220
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4744,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:83⤵PID:4368
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5228,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:83⤵PID:1144
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5388,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:83⤵PID:5652
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5580,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:83⤵PID:8364
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5432,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:83⤵PID:8400
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5740,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:83⤵PID:8532
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5232,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:83⤵PID:8564
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6152,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:83⤵PID:8576
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6324,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:83⤵PID:8732
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6480,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:83⤵PID:8756
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5868,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:83⤵PID:8848
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6688,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:83⤵PID:8972
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6944,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:83⤵PID:9156
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6164,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:83⤵PID:8412
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7112,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:83⤵PID:8680
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7416,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:83⤵PID:8708
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7588,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:83⤵PID:8984
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6328,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:83⤵PID:9032
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5400,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=7760 /prefetch:83⤵PID:8324
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6664,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:83⤵PID:8484
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6676,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:83⤵PID:9208
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7424,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:83⤵PID:8368
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7576,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:83⤵PID:9224
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7260,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=8468 /prefetch:83⤵PID:9248
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=8476,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=8624 /prefetch:83⤵PID:9260
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=8640,i,16313600093161347869,9705657296197175978,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:83⤵PID:9468
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"3⤵PID:9708
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk"3⤵PID:10188
-
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵PID:9176
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6ddc7bfc0,0x7ff6ddc7bfcc,0x7ff6ddc7bfd84⤵PID:8888
-
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\AVG\Browser\Application\initial_preferences" --create-shortcuts=1 --install-level=0 --no-pin-startmenu4⤵PID:8728
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25891.89 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6ddc7bfc0,0x7ff6ddc7bfcc,0x7ff6ddc7bfd85⤵PID:8252
-
-
-
-
C:\Program Files\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"3⤵PID:5492
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:7268
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:6524
-
C:\Program Files\AVG\Browser\Application\127.0.25891.89\elevation_service.exe"C:\Program Files\AVG\Browser\Application\127.0.25891.89\elevation_service.exe"1⤵PID:548
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:9552
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:10104
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:8456
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:2728
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:7140
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:9564
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:9792
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:8540
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:9292
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:9760
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:7620
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:8452
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:6228
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:5952
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:8580
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:7692
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:9624
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:8836
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:8460
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\JoinConnect.xltm"2⤵PID:9360
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceSet.avi"2⤵PID:10208
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:7992
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:7256
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c1⤵PID:4796
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /cr2⤵PID:2568
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"2⤵PID:3216
-
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"2⤵PID:2616
-
-
C:\Windows\SysWOW64\pcaui.exe"C:\Windows\SysWOW64\pcaui.exe"2⤵PID:3204
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 14522⤵
- Program crash
PID:8280
-
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ua /installsource scheduler1⤵PID:10008
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper2⤵PID:1312
-
-
C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_e304dcaa2490f61c\SystemUWPLauncher.exe"C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_e304dcaa2490f61c\SystemUWPLauncher.exe"2⤵PID:6764
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵PID:9832
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵PID:8856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4796 -ip 47961⤵PID:840
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
5AppInit DLLs
1Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
5AppInit DLLs
1Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
4Pre-OS Boot
1Bootkit
1System Binary Proxy Execution
1Discovery
Browser Information Discovery
1Network Service Discovery
1Peripheral Device Discovery
2Query Registry
7Software Discovery
1Security Software Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD546f18f6762b55b8af0d4639739515e0c
SHA141fa6151ff5fc28e933bae89f4de9c7affc70591
SHA256be08a86f06caf84efcc9322ebe94e23d1520e364b9f99df6846265d5ee12cdb1
SHA512d125c4855126dd7b1c889066e2142743e6e84357da7f05a50dce111d1bea6d3175a833a1bb15d3cc11813733e58e698a92563192f91363afc7a71e2664ce1752
-
Filesize
506KB
MD5c6a2bff8e96b5622bf6841a671f4e564
SHA1fb638e9c72604cc1b160385fa803b0ea028e5d5e
SHA2567a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992
SHA51222a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f
-
Filesize
204KB
MD5cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA5125f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\SETUP.EX_
Filesize1.5MB
MD5e31b73da9dc7a6d8ca7b139f7a522550
SHA179a803d34a754c52066ad9d2df5cc9bb1cc786cb
SHA2560ce04a08d0b4a838bef104423ed86adfc82e1b531d2e53be460db397168eaef1
SHA512b1b223fae8c8e45ff1a1dad630885e4906aedaa47addc8e21bc6cafcaf42dcaa417cfd655f91abea8db27beb8e69e3ce245a08e49b4d2ff0d34913f5ce6f596f
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{A72832CD-353C-4925-ACB0-481DBF0E0781}\CR_56B05.tmp\setup.exe
Filesize3.3MB
MD5e6366523f73253908728beaafaed3411
SHA114b126352091ada349f5a2e50f383aa34449654f
SHA2563691bc89d718a236f6f425ab18cb6e3667b6efbc488100c95af4ca35f9c0692a
SHA512fb4345f06e286cc081e326aaed98e4b25e7a7a2b72a34bdb1ef6ccc3b87d1ed030ce73756ac2e5f727974c41f1da75f317deb4908fc18e75177038f6d1fabd69
-
Filesize
27B
MD5fc8ee03b2a65f381e4245432d5fef60e
SHA1d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f
SHA256751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4
SHA5120837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4
-
Filesize
428KB
MD52a3ad7362e6c8808fbb4d4ccaba4ed4a
SHA13f896f7df7fe202f4a717713c503665bb4dcaed6
SHA2564dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759
SHA512892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679
-
Filesize
149KB
MD5f73e60370efe16a6d985e564275612da
SHA12f829a0a611ac7add51a6bc50569e75181cdfd58
SHA2569cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e
SHA5122e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc
-
Filesize
170KB
MD5deef1e7382d212cd403431727be417a5
SHA1fac0e754a5734dd5e9602a0327a66e313f7473bb
SHA2567d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088
SHA5126b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d
-
Filesize
150KB
MD5db30f912115edd14d1243ad3f19dd4d9
SHA11708b6e7f8df03d121c6415fac9cbb2b11bf57bd
SHA256d5c7600c6a2a070a504f850cc93ad727f1247a8bdbc90d1d48205a57ac1d2115
SHA512fa7921e4f93262b50b10ed49330676d33d67f623de2834a3538efe96138b8008516d208421573d2f8fc80bfcd98926758730036e4c6cee5e2c828c46a44f9f77
-
Filesize
512KB
MD5dd5dc945cd848bf503862d0a68c3ea5d
SHA19b277a0c733ed5698b0656da8c3b99d2f90c7ef8
SHA2568cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f
SHA512f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1
-
Filesize
32KB
MD566140e921ffc869e5dbd7d0337503f1a
SHA1cc26b0818dbb2a4d3e242fd1caf7b45e036961c0
SHA256d2ef84b42a4358e58f5566d842c389b229ba073fcef20b2a3007b6ce76a06d2b
SHA512eb4a787e76a6700112349b5eba78a4467ba4a2364d30eade70acba480e4df1c5d48bcb31ca136f81b350c466911af97cb1da1ba964c2d35003a4e3e86c738772
-
Filesize
150KB
MD5772d18249265097851dee4129c277653
SHA1e55ccc571e5180a3d5f395d4d00974cb70493e5b
SHA2562496f8d3c663d72b547c16371dea14cae69ee6cbc90f8ca94ba942d095fe897a
SHA512db423fe798acaa10d367b5836d5a33d4b522c7b0391c8fc38b5eb1810f5c66c8038a85cb7716652d0d9243688b4d593a6f968b947ed666b3db32892304f47fbf
-
Filesize
150KB
MD54263bcb0124faedc84cb07b46cbeac0a
SHA1b93a75dbac32e10d474a2d05a660c4ff2fff725f
SHA2568bbe2f03f0740cff0417ba798a632526c7f2f397b8c1907baa386bb96b7847ea
SHA5122f811022e55dd6e6f797eb2acf77b315cadf34d7ab1670cfadcc993bb1ec081bbb908291cbaf901b2044a146ed2db58546a955761236644b9c5aab0490b20db0
-
Filesize
548KB
MD53c43e274193213b6b955afefb645f007
SHA1ebb2703e2626f2dde67c111342c47b20bbc275fa
SHA256c1365762eed2b4950b8702d0508bf84caf2980f9c06840d82c4e8f9e5e83d8f3
SHA512134c8e745cd0604fa8489b924ddda5229656427084981437fea5a3e96efe0d75b898bbf8eba3bd27867500cb884a39aca8779ab1c62c0c95f69f0a6fb7a69b30
-
Filesize
702KB
MD5b1624894c7a3b09042b2dbe0fa040663
SHA10466d959d3263f801925058543e16c864fd95c07
SHA25612d68a3f503e82aa68ae0ca60c3ed2ab5006987d89bbd9b63bc149c6e359cf18
SHA512a5e5a8882a94ed5fbd4a4787d8580975a6ec17f76b7044b138a178598da9248f92f8d137c0a1ff6a81329215c9300c63dfb7c8452adb386cd537a6b4ffc4407f
-
Filesize
1.4MB
MD504a6438c50564146e880c5eb9d57905e
SHA1edf5d454de99159d832cc9bd0d8dbe132d749804
SHA25626109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA5128705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d
-
Filesize
42KB
MD5ba03b29d5d44341084eb06bea8f1e702
SHA17d8dd7556ea5e299b55ddc7477ca758fe2c64f48
SHA2566a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b
SHA51229f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2
-
Filesize
41KB
MD59c77be0843f0fe4864a04f8d5f24a593
SHA1be03adb4d3c33520e652c7a6ee45f09d5ff54a54
SHA25639547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1
SHA512f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28
-
Filesize
44KB
MD5c0b41217fc33a6a53ec69ae7399460f2
SHA1d7dd8d543b7297f1a1e138efa1806972c9489c3f
SHA256d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b
SHA51237abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253
-
Filesize
44KB
MD5aedf6d96ccb64f488379bb1fe65f697a
SHA1901bbb7873d8f698f49c4b6be74fb50b353d7b5e
SHA256941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90
SHA512d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc
-
Filesize
44KB
MD5f951cf3ca93e5ae5fc1ce2da93121d98
SHA115bc869406857437babe41cd3f500c356913499b
SHA256eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746
SHA512b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc
-
Filesize
43KB
MD57f3dcd851645d3d75f636c8440fb057f
SHA185debe41ddcb46555a0d00795e41e460a35583c2
SHA2560b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043
SHA512d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4
-
Filesize
43KB
MD59a421423686559027e4301d36bcf58b2
SHA19669424f4e7c765ddb917a515d5a8b1486f87daf
SHA2569d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69
SHA512f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951
-
Filesize
45KB
MD51c15851d9dd22e4ae3f3bf249da79035
SHA160fc5652b5e1c55056c961d4d3b961492cb3432b
SHA256a9dd72a08c0c58a71b2289d76efae681a5c8eb5faf73e49b873f15ba4050baa6
SHA5126da386c35b317f39613da73340631f927606bccd0a8c626537eda896eb32c9a2ed1d71c7cf838f1a4b90553f3f788eeb5e02fe84774fb0ad2f574bf4e4d7e248
-
Filesize
45KB
MD50d15748f01df49dae986f1e27dc098ef
SHA135a435bdaaf47795977b28cdae2e4ea1fdae73a3
SHA256df13c38061cb0b02dd8a9023a17da0bbe1cda6fdedad5203129fc702c7fdd9b1
SHA512290e9936f50e3bd11c1b9d28decf3b43f5e23bbff16801e7b0491690773d057b6bcdcf48c48a7ee16fa2400723b3e974e2b74e3899590a8e660c2e9c78b9d141
-
Filesize
43KB
MD502465169cd873c4492196e03457f2771
SHA1837ca5e54a8c12577d0d05a32996dfc04067c5ea
SHA2564eb9edf550bf1f66382e5d8bd4958438891cd2ca46557d14f4b945dc176ec025
SHA512e73b5f3951050f2903b80b89d2b9fd9ebf69adb922eb8238ef4c01f413ae67727d7598d4ac15f7ac8b9257aef0139e0924c70c5898357142a303d7e2b15394c3
-
Filesize
42KB
MD5418853fe486d8c021d0cca2e85a63d63
SHA19504500a7b5076579d74c23294df4bdb1b7c517d
SHA2564cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3
SHA512dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3
-
Filesize
44KB
MD53e5971e8559c77e8901ce30d14034730
SHA104cc21ac4a84abd29f7d7585282345881fd81721
SHA256613418b8779f7440b88f1734d6c514706df9dc9a58a623966cc1c9ba4e29c28f
SHA512b4592b25cf676db6d6de1be811c39bdeecc24bbfd4dc72fa4b3f97de866f9b0fec7c85f7d56f048f61829c1d8b4109e4a0c7e14a9e410e30a6a8da702941e00e
-
Filesize
45KB
MD55f8ea18786d5ef1927cd95537abc3ae0
SHA15530650ecc719d83b7aa89e0b326b5698e8adda2
SHA256fa416294b078226a8919dbb8f75533a6ef96d63d5bd17aac854eae68791433cf
SHA512577dc7d19e4443e8aede759a781826c091c17d12fb06e89b1306133f21e01dab919045183a916e1b5647ddf485134a8459745a9199df5c7e36abe192645d8e25
-
Filesize
43KB
MD55029406d9202d6f2f279fdd3a06f55a1
SHA1dcca8bf9392faa0038c6cb5d25929726b16804af
SHA256cac545e04d701c39f4a730aec4c3dad177d8ea4baca10651f150925644874864
SHA512519538e05f8e21966e4878291692cf25057bba3c993c0034a33b1da7c9eb0a8fb881565717ceb6c1139fd601b73b1f1e2aa46e20aeb6b93f897cd2ef93172934
-
Filesize
42KB
MD58564514501256ff045cf7aa6c1b5a797
SHA140b9aa8d04c48fe2ecf193c2089418ccc938676d
SHA256f3f46a6da6c8ccb3ce7fdd0cb5882f45523decca95852b8c775bb90f8e92c1b3
SHA512701077c8a1c70c1bd0c35f54aa838dba7b7b6f832e0ef2776673092fca546276166c3638676451c9655086b740b9e193cd54f952fd5fca481b964083b881bcc2
-
Filesize
43KB
MD557dad7c22bd635a5af8fcdcd63d4e530
SHA18aa11ea5c1cacd9b23c29989f22e82c43c827d0e
SHA2561e0d05927a455115265db9308e0f78ffb7bbb5442f36b8483549efbe415454a2
SHA5124236609e37ec41bf46d0f45e228c9021c1624e2f98a642eab513d290a4482da13764fcc2d044f78ebdc09e0cfc63a251678d169cb33e251d6f6d5de9b96c31b6
-
Filesize
44KB
MD55ed0105f4043466a99557dde1f70e97f
SHA1c57c935cc4b25b6375ab3fcdfbb265f4c586ec3e
SHA256cfbe0120ddf8d5574f7c44c85488f53aecec4df9bfb25f1cefbabcad5af46096
SHA5124fa641810f758e0031388ec146467fc130780e2f2cc8495b6a2fff0679d7bcbe7526356f85a97b5338e84d791ba14e812b2c182fdae01763640be3324fb59526
-
Filesize
45KB
MD58ddc3f7276c12ac407cadcda6e2a3e12
SHA178c5e802f67c8b6ae3fe13202e6a54d3cca69df4
SHA2567f2f0f9f443a022f5aedacc40c28d0654fec488f34435c75979118464256a8b7
SHA5120d05bdd2d5e9f36eb09182e8b13507ba03e256c4aadb77bbfedf29584a47fd1e0733a825a3f687d3058e53c8075caf6dd9d24ec93f1bdd58ca97106827323540
-
Filesize
45KB
MD5a4061e8408cc59cb898adfdc4f173278
SHA1ae34e3058a40449481590bb3a63aa0225b4f6f98
SHA256e033c950ecc6333dfcb944e70622e77a6498ba0e23fd144117dbe9a2a0c15be6
SHA512d8a847e9a21c86c7b9b072e16914f42185e3c0e1d99f6ea5259382eb0fb89578c7a7f9f62f892f1d20be180dfc327bc076ea038057895c8b92cb1f0c053e0b2a
-
Filesize
43KB
MD538525b8a1b15a8aeb4fcfc8bee8358bc
SHA1ac2ba33b8ad778a8165c87b579dad0dbef5bed75
SHA256271e83bc86e490cd5b6cb9cb34057c7684d233c56a53f4f553aa07507c9dae52
SHA512ad8df196174ceeadce4588dcd365066665267b922078d92b328ba661a4ebfa6d06b4263a4b8a28e4efb4d86e1140d71a3c3bf4b7b60970aa20552aa7f0c73acb
-
Filesize
44KB
MD527c0dbd61a71420bb4d1a0be2373a175
SHA147b4c107b711caf5a6b2978bd6fd6b53ebdec5e3
SHA25643191a4c507a112e96e06f959b6cf78406bf970b021ad8d7db59d1b9c52779bd
SHA512d1f20e9a628bdcbd26b8d5de89b87bdbc8dab871651c86d47c023daea86c7ada0a565fdd05b48c7643a63db044639f4eb89d1640e58c9b32722e4926c3c5e72a
-
Filesize
44KB
MD5114cc594fab2e564ccb24a826f3623e4
SHA1c3c3fb4ef6ea6ff0e7a1e0289320b2fd2788b03b
SHA256c89e223a42d7173f915dd088ebc84b0048cec772bd4221b4b90ce4c0e419ffe6
SHA5129a7eb5710340cecb2d32de26322dc862812e185b6d260d76c0c7f642f30cf9e43c88aec76b515148ef986db0c77fd0e31f71c8fd26d56a4cc72dff0d023abb5d
-
Filesize
43KB
MD57e7deef6ac35c9d52410fc356391c7e4
SHA143b3d918867a93ba109a3e4eacb45f3cd5c40b93
SHA256963f4d2ad7ddcdcfb6185521c0590a92f2014897d5f5f525471ac81f3807fc5e
SHA5129eb0e9be0a973693b4bd167f6c1118dd9d702b1951a90f0a3a6103e77c43ee6afa173b79d3ab21fe94a98c320b17ab0b787cf5b6ec47d9dde9e3e8c14b8cadc7
-
Filesize
43KB
MD5dae35fa037b6248876347521c5298566
SHA18358fc05a675ea56f720052fbb4b384d97b94d86
SHA256ce0652b8dfaf21b6192b66bf75e140b3d72aa545e0edf62d9e82e9b0878ac5c5
SHA5124158b8fef0da76ead12b5d6e421c5709664ba84d1ddde44ef6bbd1023084cad3820a37abea03b206635a945a2435b301234cf5bac3c8e2861a852b2699036ade
-
Filesize
45KB
MD53ae3106694098f8420b182ad5e3354ab
SHA1bc9dab621b03d4126b97c260becd7f4525255462
SHA25659b406b29538c3c3d0f060b5fc0ccd36556f8a6278327935a5475c6b21741dc9
SHA512f3625be57976083d642b01a41a53d6db6cad3bfc584a50de3565fe10975a5d7d2cf4f8b41bcdaa5ac70f8fc4ada113084de07e2ed45f26401dc2d4f8f4c322a9
-
Filesize
41KB
MD531227325c8617b308ccd268c2be7e72a
SHA171e369f26e644e643fcd538d933e4087dd593f1f
SHA2564a98e34a528eff04c2baf4e9e50489086e58d2e32e1851f33674abbe5e104c68
SHA512ba8d94dde5b7b74a39ed54a5f3e47a558e0c1deb632018c82423c06806071143851bb1d8c7a7bada6f13e71734e7a29457f3741266972b777cded41c953a9645
-
Filesize
40KB
MD50cfc5b7b3f86d6bfaec9a0713da74df3
SHA181a278fdee9edc302fe4e7a88c9addb230ce6df2
SHA2561d7fd1b6a614538530385e7a40efc95d3b8be75057ae03bf999aa2419d1f9f24
SHA5128b8f834ccee41c69c581f0b80f26b0cdb536f87bebd5a6b1f02cdf6f1aea5cf5b29c356e82c7a8fd591bb16c0938a790ac8f90f6d27edc95fc48a5aa3c30cbf0
-
Filesize
45KB
MD549000b4a101e635b05123f21b360b492
SHA1635f697f41c0591168e0eee10930728d9dec5a53
SHA256a2aab58a4397c040bff69d45bef4ede6842034bf897799a9347232c4b6c9c7a5
SHA5129b62c2048e9c132089cce7da02ea5c95b5856f1c6e28d5581f4a0b1748e681bdd78c7d537d273a64f9d476e4ec62da5c6021cc1ccb69f7bee216e7bec6ddc6e0
-
Filesize
39KB
MD5dd2f783c0017630f9a2969957f4eb84e
SHA1d42218de12a7c1c48fb5e7d60e61e32ce0cd9ac6
SHA25607e63e0e3d23f192ac131efc459c2d9f79a4ecdc39403d43fbff320c4b5fa261
SHA512689f625df8aec45a6343249739ec094cbb1245a9dd8847ffe6bf62fd2d7042d529f77216dd22e8b33830cf21b158f0ef6ea42af2248051c8d97205eb0229a22b
-
Filesize
43KB
MD538606bfb6c9bfdf74503f833ee2733e5
SHA1670abd1279f642ec7b19f663e53f2813a716331f
SHA256df6c4228da3bf66929d81b99cb35df4a4389418490144630e1d9d5f422b56b38
SHA5126cc6f2fb0e5bf0241656cce5dc7311f05b8d79633f2176f8c172a9fcfa9813e3963576363d539fa1a8a58fa6bba138dd0baa7562274fbe99be5cda60f4671747
-
Filesize
44KB
MD583c356f6310d51f8ffc1d67d580f5914
SHA1f9bc318975f288fa47e8426b4c450a93b10af45c
SHA25698e35cea7cddce15191594a70f8e15ff2dd1c02bde87225af0331441c65bca26
SHA51228a26cb1d88d072d7898ed27c3e9d056efedaa2cd9eccf951429f41df2c0162be3c14e58cfb4cf50b633d759825fa815a9249e7690d2ab75f60424b30dbe0424
-
Filesize
47KB
MD574e24332295807ca5ab8be9f37dd19dc
SHA182feee443e0c8342ef830c182fc2a3c98f57faf7
SHA2564675474b7ccaf45c9fca9c4d141260f233807ddc68cf854d0900bb1f58522b67
SHA5126682d18ed66b06f07bb6b1dc227808d5c872685ed271ff4b34a57d4ec7c7fe5316b6207d1094327db4e3166fc2288e47065cb72a275666a4b403dde8e33379af
-
Filesize
44KB
MD5390c8645cb5e0f93054c063c5e5928f4
SHA10d17ac3976b3219750853715c06baa34e8ed751c
SHA25698ae5da68f38dd4e43e307543d3218d4180c09433ae72c3b661eb73591a7a589
SHA512b1bf09a5111890fa61dd944dbf0cf2804cdd96c5fee3193a80fb15cdc6fdb455fb4e535e8aec337ca4595623bef29c7f6784e53e222c7a5df400dc61965830f6
-
Filesize
43KB
MD5d9999c911f60a32046d1a4c559ae5de3
SHA1e84c1c32708a97a81358dd8adb3fb40681f5a7aa
SHA25631a64ff7f0b1d8bb81e83680c3391c0dc5530c798b9322d11e62e2389933b548
SHA512eefb62c906c85a94025d79a0dd35b634a08b457fca57e2b97d514f1b5f0b9ea8450c9d387b4d9683c5d01d0088e03fd106b530470aa88229ab4123edf00032aa
-
Filesize
44KB
MD5ccadd45844090d479f00d8707e962f35
SHA10654501881968cb2d954cb95da6150047c49c0c7
SHA256854804cb86a3059bec32d10f44123ff93060aae05eaa72821148a4e2764ace3e
SHA512098a384baf41a11a6e50b2d22e1c1e1cb2d9f5897776afa676b235f075c9ed3f404a92d4593c229e6ededab4da614b25e5cd0c73f3cb7e0ac02231cce800f7a4
-
Filesize
43KB
MD55a19716ac62f7b636d666ba166d00a3e
SHA10fa31113684f879e259f8521be08ff87286724e4
SHA25694365146ae8320732dad96344dcf6fa83d9eaf65cb7bf30e50613964f5a33e66
SHA512accfbfd86c4648fff856fafffbe7317907e19261ed81ce5e6cd9e5ad59ae9abbe677730527704a1b0ba898195dcc6a5081a136b4d95563863f05a8eb9fbaf9fc
-
Filesize
44KB
MD55215164235c7dc3d72bcd0f832ddcd22
SHA1bde57f57953bf119b6767e0b56380dbf0e4cad35
SHA256c997f4bad6082c5d2483684b6a72d22153c502df6575e28cc1bf02789d08547b
SHA512721423ea189d096764088fd8079988cbbcd98503ae2b82b0f485cb71bc81cb367588a9fcbdc9c5d09f20067f5ec8744572d252500af034edf900243e096526c3
-
Filesize
43KB
MD597c200cbd682c1b4bd28222437d7f630
SHA16bed6312571ea79df6deda2934d328683674b059
SHA2563adc3bd14d6a1ae14de42ea501fa74ed651b197a7c8912b43d31fa92f500d630
SHA5128e1af6b73729f5f6e3015c3890e8ad28ed851d1615fe0ae2b7997f3ae48958fbc90e74ce70ce4ef35aeea35a810de0699494d5b913f4774416acc1aa8ef0a9d6
-
Filesize
44KB
MD5d30b159a64d1698cfc29d336b26dd922
SHA1cb22d98f4f03c718b7588fe7d61469b53b3f5488
SHA2565436a04ed13f635e820c748d10efd86b94931b689f5ac834fcf7d6081d0aab4e
SHA512448f9b2dff2fb48f31d5d7953b4ddf347369ade4b08af9c8ccb337de5e7d14b8b49e5c436d785a3a0df00e41289ad29e0581840ad8a00653d290ee9c121bb691
-
Filesize
44KB
MD59d85d4410fbc05ad19686079129bb0d4
SHA18b21633a2190aebda899d7902e130cf4c035de66
SHA256b0745258f9b3ea6f011b2ed61d61312a9636d5cc8706d525d403fdab5ff5b46a
SHA512636f997817edc9531fea2bf7327a78203626ee8b30b2024905f9f4f88b121a325471c2c16e691a590713a09c040ceb0f9ba9f468784c959a2318b9626b59a247
-
Filesize
43KB
MD55c7f5208991b9f8ec135a8bb06e805e6
SHA15ab93b5efcac3a7d0b6e17cc1d32521e92388d2e
SHA256776084a71292c1402b439ad1d4f0414bc196efe453c338e42944d4bff6816817
SHA51212f9f541ba0cab26b414ccf8099337a6a730fb8693f1f7bc30b5254acc2c883dccbdac1b4f243218dfe5c41b3059e1a3c877c0c14e872609029b071c8a1e27a0
-
Filesize
43KB
MD5c89b0c8c3b91985ea2e215667f7fe79d
SHA13d646b06b540a12e9b4e1e3c44da70334875e0e9
SHA2566e139010616388b1794f6c5d88835ac963ae60d53a509ce54f5aa994a35cb292
SHA512c050748256998d0361fb02e5d9797b957917b20669a4308a3a3e0f54946060ff7cc39fde71d8bf7bb2af12058075e6156e6eeabd2050b65dc3c8e3d9217f1e25
-
Filesize
44KB
MD5d35230f93f12e95ad99c10d39dec016a
SHA1c303793c2ee4b9995862d7ffebc78f966344843d
SHA25685813f97ee64c8633d3ceefc0fa13f1de021eb6911195c72fab2c9b95496cdc7
SHA51278e39bda68e28963d0c4df8d24c0b4c56bfd2666fc02e7952916cb9f98724c3d758caaf99aee6e936461a9a685437327f10a543cb457e562fe70fe557665b589
-
Filesize
43KB
MD5f8709246b0e8f490cf9d02d2ccea3da6
SHA13909c4aa86d47c799e5df03556c5d39eec254850
SHA2567cfe886dd1fbbe9f3cea93d547e88893f30471b3866ba16357ceb29f47e8916a
SHA5121ba16af0aa64a64aa1fbf0c487e467d1432dbd8048801590bca9c9ae0a935f1df952068b6ad6d10e1d02714570141dafa5a021b50fee6ff597f65ea03398a249
-
Filesize
43KB
MD5b8d8d9b17cc97212360c25e681100f53
SHA16bc19bdfb2b3c654dd7f046d76fb40a67b852d42
SHA256f26db77619f6971c9bc93818a4c09b1f0ac2eb8dd3750750f7a5687d3dc6821e
SHA512b409cf8540ddcdcff78ccf80819fa6c77bec5dfea07c4a7fa260f6c6363b932386c0f1b5c4bdcc317fe2df3839eb58a0e69196b2a68d70915081ebc983cfb8b7
-
Filesize
45KB
MD52bebacb8bbcf1ab8bf0c8d99d5f023a8
SHA1fa6bba3e1302e68db673490595c5206ccbe278be
SHA25671b1892d0a58fda202b93bee5e25da3a33091a728551870ebb09003aa0178cc9
SHA5125c7751fb54531c06b26846807e3552c150cff737096166c627e66bee87cf1dc0bc4e5f245e4ba26660a0d0aad0708bcd09c7f8334504dce35552dd62f774f441
-
Filesize
45KB
MD5100f983bfbe3dd304e3460d0d763a5a0
SHA1554a6ad7f279d88de4beb0d110f08eb1f6079a40
SHA25671cb104a5a65a2217046ba791aadf6d92d26fed572b8bab426f1977dcd13ee84
SHA51246fdbed864d098654cc804819bfa193d0ecd5d1cb206ab558e3ead53aa01a8a7a4bf30a493fe51c861eef630d20f697c880d90db87e54f4063ef3b8bd3782002
-
Filesize
45KB
MD509f080d9b57532ad375924c8b79aa863
SHA17c3589d33ce76c61e9078a38b843c52e9abb5098
SHA256866001cf685e35f808b626add94f8dc1aa6ccc3f7f93622e4f1749e8276df8af
SHA512f6c33d74e095c1babd14237d61230203cbbfc1675acefd32b7905d563f2321c55c26cbb0cc05c6ff2ea5816d23220e510f6d5b7916fe0ba314f3c0d9afb21779
-
Filesize
42KB
MD507db9ec1c345be55f5124be7b5c2d0da
SHA1bfb3409ac023dbba2532f57aec2aa22097b452b9
SHA25657a70c0ccb809bb7d4ad6ac611bf99266ae50badaf0ee12d145080e79b1bcb29
SHA5128e9c0800a70ddd2868c7866f0da5eddd90ea014228b92b186e97131feaf534c1477c902995d03f40d2d7661387f007fbed6e5b88a3324d5f770f6a80bbd05d78
-
Filesize
43KB
MD5a2408056e2891786989ae7089b03f045
SHA1fb65851e2d17a85cdbcf86edef757c1db9734216
SHA2569e3c6f396605850cb66b09870fdb346f64ba19001fb04bf416b504a5fbd572ef
SHA51204c1136638b4f99adc0a46760843f0bba502d4ed3d715b42d90b3caf0fb49cc4b878590bfdbc7fbbfb71c0ec9aabf4250c375d4977e7c722b8f283adaf902c13
-
Filesize
43KB
MD5f13699d054b4a5c7f7555bdf42dc2b2e
SHA1899d230bf0e4dbf51b552288b7a65faefdec15e1
SHA256585b4e9581e4531445a41676c87822a8f721e384a5a9dddc17642b39bd983e7f
SHA512dedb6e3da8025b45d1d7a87fc9235dc156c4e5e322dedbbf8ed8c3a4e719bd6d9232e836c7ba0d14e93fe70728195bb8213682a324b3765b868b9780269130a9
-
Filesize
43KB
MD5440107ffdc419c31118e13311dd07092
SHA1e19cd50aa757d6806a295c18a9ef52f92e85f124
SHA256fcc94c5d16a4fb8c3bdb191e9cf1fd2b60a780c8e7c247f1b513b2dae7a51af9
SHA51220f150d0b4fa888202fcbe0c1249f81579a81bbf41ea2f64e44dd03a10e55b504664058cace169c122260f9ebf30e143f75a92c54877f3b2098e84e3c699b21c
-
Filesize
43KB
MD52390c3c4ddfa136a23575187550c7612
SHA1dd539ec73e7e9c706ca2ea305cba1f9c8b3ae257
SHA25688499f0e0d5e4f3c34c020dfa672f7f16992290cc624a4b086c1ac5357fa214b
SHA51229c327b44a1eae93196bfb2c65f4246b7343de00921beee641b53499622998c73e356d20e454df7c2d68d5b54334e423e64a27d31b537bb5b5b315ad3c218e24
-
Filesize
37KB
MD530ff48252da52c816ede2e88b9e03d6a
SHA107d16cbef6f0042173a783d91f5dd8fdaad4c399
SHA256f53a4ae21d6b6d92a38d53752cb3a8375778a8f06e8e3d934c37fb3454925c52
SHA51248a50815a0e9111cf144514362c9e6e68f7e7c123270a25a5a44ed8c2ac58652a9de0740593698e4ac55703fe94d6c14c74b52da6757253288b8a3db5f9f2129
-
Filesize
37KB
MD549bc03fdd21621e636f35ac544f6e002
SHA1bd55d8b28ebf714a22b57a671a838967b2b166a5
SHA256c2f447c5b563a081aef0f73bd7835927c6a8869d2b57888d7499f0738c31459a
SHA512adc2d172d554c0455cf81bab3f107f3b138b5c132df4a4951234f911f5aeac77f7014f83a8bcb2209fe1111946ac30ee2b703d80ae6b14bee9c5a95e248c7174
-
Filesize
386KB
MD5e105363ea90f281e16d3166a5604048c
SHA19fd0de31161cde1c74132b33ef1f81a9320a73fd
SHA256fa1676cd10754717fdd8b92dc5660e621cd9f9e1f056ced548723b6c5bd98355
SHA512e70df3e9cdd01c9a16d5748296b0577a18204ee7630d855a312b6fb833847ece2697996cf2ac5317d4d8519d84ec0c7180f760b0f38fb42f8952cd76cba2f973
-
Filesize
509KB
MD50636b267bdcbc3f0dec2a7223220a5f7
SHA15a9ccc93b7076008e3dee777f593e7d13b566386
SHA256e1933e8ea4fa969c52ed1306fd4065b4b6f0e236f582d8c3cee69dcd087cee4d
SHA512509f5f54322208179dff56b238974c3346ae962ce927c54a4326fe541444acd0dd66e9c43d142ae4d592f5ccc4599e07dab8e50664e044f242f0ada8b3c359dc
-
Filesize
386KB
MD5334e1a8a1ad36afeb01cd518acb0a169
SHA192f743d1b1aa9fe90572dfacd5c9e951c873bdb5
SHA25653ea8b812a6e95b065b81ac09ac66c2a9a92c01fbb9ff7fa80745c54e3e1084f
SHA512e192d16e6be355687b332008348faa58b04ba167758301f01f4ad9da3a4b2b2b79f0833d7bc14021c818677a3516e005988ac478eba4d5cff27c784e01cbb373
-
Filesize
509KB
MD56fc24c326ebac1247427537d237b4ed9
SHA1597ceef4704dd4d61aa768eac276be02f24dfec9
SHA256b428f332df0e881437c78557a646a6a3e05f69072b3bd3a6343b23a3e84edb0f
SHA5126c28a388a71d671331e9a861ce35f98b8aa47900da37d072e13be786c24dc5711f5776b630a7db22f46414fc1e347659bc610b7a8ef06f39ad99f84810854113
-
Filesize
28B
MD558c639bc7adbdc11a26c89684d673218
SHA113a8f04201134c434080ca6119ecccc39584292a
SHA25641f9f48afed09769a7e4d2e755307b6284994e0557c064409e665dad7ed8f081
SHA51262fbe26a97d91af664c4965fe6f9b22a91c6a5c43ecbb335a19a7f8e3dd0f3ea26e6f9a274e03198c517211f5d90e6f01d15948c9a447aae4c04ce2efc22639e
-
Filesize
210KB
MD5a4fc8ec5bc41c41918b0c1541e4e4be6
SHA1618c61a5f7dab66e7ec08e1da08ce24ec41ae65d
SHA25654545f352215a9c0f370a01980aadcd5749a93589931662d89a974d7bd60f476
SHA512c42c3c7f44257c023f2d68966f90818ae8fd8aaf0c6bdea87f2e0d701c5e986fdbc689e3af075552cac41fdc8afa5972973dbcde6067ef608dfda87d7e64764d
-
Filesize
2.8MB
MD5008cdaced740617e8f80da466a345087
SHA1642f5aad8c5599a36b5084c6a466ba33498dc71c
SHA25648bc21e793d245199d3f27af456befffe3b3cf297fca5c8eb995cf3945adb3ed
SHA5128204a6dd189e350492f9d0de7406a494c47019b30a997e541357b574acf3e21a6e18997ddda46ab2ff784e7c2c91cc4fd467e299989d7cdee5fdbc4bfa121c8b
-
Filesize
708B
MD512631788f0d73d3363d8190a8156ca97
SHA128f40fef244fbadfe97538dddb5400b28e7e8999
SHA256c4cf5cad4a71b9438b272bf47de08e4c4a10e5533eea21795ec7be5826e928a4
SHA5129778f619fe3b18c2a63d403d06ce61357199c73340addef87042bcd4991f4ed637378c2ffeefde60a3e8c2786d4cdc8d547143a1c9956deca66e63acb145746b
-
C:\Program Files\AVG\Browser\Temp\source7376_156648291\Safer-bin\AVGBrowser.VisualElementsManifest.xml
Filesize413B
MD52baa8619d25283e6f21bfcb3d3c52535
SHA1c396c139f4146106435dfa83703ffb43370989c2
SHA25680f3ad6885982782d1e7ba97fbbcac87e75c7ad84876cf820d049dc840b837f9
SHA512a7ab71bc7db32644ec80f42c0eb622effea8168803fcebc31eee1eae2f7186704006e104c5016c9a7aeaf991b60b73c50c8e710321bf9beab93731ae44cd68b1
-
Filesize
40B
MD5b2d84ea227a0bb50fceccc097dafa45e
SHA1d12f28a2955c98166ebbb253aca2019462830e15
SHA256f3be9db1d7559c09767f84e3bd5306cd8d8a7a0d6d9a6d930d1b975a1fd8eea9
SHA512a2357b3b88f7ddbe94a0ea1f16df6a399af05a74240af6f95c29e2216eef1c3aa20785afa50503256cdccc85f3ba88393729ebd32d98b0e63953f2a2425cf79f
-
Filesize
180KB
MD509bf4bb0321239ea248c7d15a3e7cc8a
SHA1a204fcf0d6b3a43dc002ac076d80152089b1cb31
SHA2568a8c2b728e0379ee82232676c466ae99f3e80ede473d5347cd3fb0fd991bb758
SHA5126476bf53931f327c3f3a96a7678ecedcbbb52a8547ff00996bc7909ebceba41ea4cf6403e806c048a1786f650fa54c8aa76442bdc03cd733f9ac26160b823f38
-
Filesize
271B
MD5d6650e3886f3c95fb42d4f0762b04173
SHA11da4b8bb6bb45d576616ad843cf6e4c2e9d4784b
SHA2569101f028c2288850be393281297500902b297c8b6ecf793292678b04a72709c9
SHA5121f82db4bd6ea401bb5610c21ed48848b9b61c55aabb4efada31dc677835b8e4451045006c4067e9cc51267a1c861765b49c3b3ab4c568be1dca0c0109fd8ceaa
-
Filesize
40B
MD580b86b1f6772642e1cb5bc52056b8f6f
SHA16c0758d3fb33aa8405ce034c30cec66519952125
SHA256079bbc247e9f15efc50ef2edf392caa41bad726421adc8392340026441083e51
SHA512ab828b7f79221c713eba0b95de954751977380fd7437ff4b15ffb099b52f8139c7c4cc68cb995104c999d67f9524eecca45656a6c1e62f75f703b4012e0c7807
-
Filesize
168KB
MD527e0a973f1449e90508c04e5a6a5b86e
SHA1a73aeda6a24c88cd513edb51fe82057888b33e31
SHA2561a1d3f226e1b5d6b13a15080b67865bbd624d8bfd9c4f8a2f7e35b029c6b39d0
SHA5128724eced195065a2bbb38f3fa940ae8b66202690e12fdc598a669574ffaee36d86a32e7fc608b23c83715f7859e6cfb556cc659181f7c90178b7241240449679
-
Filesize
120B
MD5924dccb05700f9fe280366e64027d5c6
SHA1b538767a77c306a66c976596968ccf967abfa6da
SHA2564ff266d0149995e03ef63a5b082e5c06c14302418cd7ef2a22a5b8586d53f3f2
SHA5127996fa2a2241c9ce48b4a04f0dce9a0a2aeac91bdd38185eed0f04bf189cbe9077c0ffbb45d42c0bb3068c93370641c56f7e15bff5de1a328b117c5069bb1695
-
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe60c018.TMP
Filesize48B
MD512c541a810d475b97e9c5c3420cef3f0
SHA1ee1330b0d2bd914d86ea3b3f750b6615a2998ddb
SHA25615005fb65184208d05c9ab92e643c9e43dbf1c6a49b20024d8ce8b3b76194de6
SHA512c2524a53ac37128b05649218431e7514547f6d14ebca26abdd0ace993f4d500800dab21c699033cff031bdcd6a9f224df72533efd8524b4b07c54672606cf08c
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
256KB
MD53bc2e923a3bca6bd8386aaaaa50559ff
SHA1553fa53d9dfc508d9fe132f59b40e1e6359f11af
SHA2566638cd7303df2b81631b96386b34f0cea884e297976d41e420e968ca30c6837a
SHA51252951e1d03f632848215b6456899b6f635e3e47049ce2f76bff86f7565fe7d6adcc5c3d9691b2635cba5f3bb1c2b026296468f1977c50f547ee426bf1c48d423
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
61KB
MD51ec37b86d875a8f0cb970a56dc0a03e9
SHA101062f7e49c34cfc0df7e27669e166297c000b55
SHA256a102738655a9fb091e7d6de9a22d157fd5d86cf23457df248f10c0049df3090b
SHA5120c66dc5838dd8632f3891e0f558d530fb077a2a913d6d4f942fcf4334318f958c79e4bc4d454fd9ed9ac14006eaeb51bda1af62f325cc76201abe5370bc0b48e
-
Filesize
3KB
MD535dda0d4148e3f10b9cde6218c2934d8
SHA19e7637d754af3d9a34749663a9437662bce95239
SHA25608cf9e639298e807018cd8eeb021b3718386d8cc6a407f4a22ae53c2b4d4bd70
SHA512497bfb74d725d61eb4e4183ad6167b087ff9d0f8e952a38174e48d18beeeca8821d5930a2588e237364b3d9e363f2ed21d9f1c2ca1776bdc42ed00950af944b3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
5KB
MD585bf6d35dfefb63bf611c91241332e80
SHA1643eb8d109552a9febc122e6b6bf8612f9091fa7
SHA2562bb24bb7a83c4f68eea41242b8595ab95b44804222d489104616034949b62028
SHA512cf5121edf9b7e3811a680acfbb18ed9b71141f0bb8706cff0f46c2f003a25ac6cb53a1d2f08f808c1b685d6db60a2797fc14f4fe09edca90e998347e7ae33d62
-
Filesize
1KB
MD53452546b78b5a5df88cbf55920ebada4
SHA1a97909258e9856dddd6c3b27d5c1e097972d6afb
SHA256d9aab93351354254d8315581eeedd319144a53bb3af6c1296005198f3d1b9ac2
SHA512d1603793445ae6d0312697679639d3b6fffb3a4b9021154d802e7c779d3d3d605f6edd2699ca136b2e3cd96d9e11fe44c454e0d4df70195ee6761a3d9645bb8c
-
Filesize
1007B
MD57eaeeeea108e946e6af6109696e64257
SHA1cbc4d773af7aa098007ede7458c6df82250ced29
SHA2566f5c200244ac9a7064e72a9b876cba80be7b6648c04e48d5d3263efb29d144ff
SHA512c923094d2d2e2d27d728c366f57290d8559c80531cba7163ab76ee035559f4ebbbf1075f8f38ccb1f06cfbcebfd7e6d6192f70d28ac6138cab95dc5b5885046c
-
Filesize
1KB
MD502b6f33726625278453aab2c569e21dc
SHA15fa6f8ec54062e065cd5d3fe0c58e4f17d34baf6
SHA256c124d9a92cf6193140d7a103d897a01727738ab30671ec263c33be7e72dd7986
SHA51290824f21768f940355d9b442dee23630a5e30e07706ca808d8a42381169d78d690b2f996de7fa778bcf55b931b5335e28d817e71f2bb316af6e8ef93d20763ab
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
43KB
MD5e352d970a4f70796e375f56686933101
SHA120638161142277687374c446440c3239840362b4
SHA2568a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52
SHA512b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc
-
Filesize
67KB
MD5a074f116c725add93a8a828fbdbbd56c
SHA188ca00a085140baeae0fd3072635afe3f841d88f
SHA2564cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA51243ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.2MB
MD50aba6b0a3dd73fe8b58e3523c5d7605b
SHA19127c57b25121436eaf317fea198b69b386f83c7
SHA2568341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac
SHA5126a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb
-
Filesize
16KB
MD5bd17d16b6e95e4eb8911300c70d546f7
SHA1847036a00e4e390b67f5c22bf7b531179be344d7
SHA2569f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352
SHA512f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb
-
Filesize
17KB
MD567e30bbc30fa4e58ef6c33781b4e835c
SHA118125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA2561572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228
-
Filesize
19KB
MD55be81d7ad6cc31905fc542da6f7c572e
SHA17e8aa144a7be977232b0fa8433cfdd422a1cdeb3
SHA2567bce00c6824d69355bbbc48b3418183b4ebe106b6fab6d6c6884679a83e86054
SHA512f5d3418399d2b20d1a7baef59b30810583d836ac82cc54d3181e5d21852fee36391e9d485b0832728070d0df4602df7d303aa76d55e0738a452184873a5a1831
-
Filesize
104KB
MD57651b1187bb58ac4c7be625337b35e5b
SHA1307d969ef4137a66fe2793737dc1c546587c7f43
SHA2560632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a
-
Filesize
31KB
MD5cd11bb5ac586117e5f3e52723c813a3a
SHA10756fa6dbe245b7023f720b18575c5e34d600e0b
SHA256d452e136790820aa5a5e6b639c8fddfc3afd3de4ae3f4c6aab74e98ed6637c68
SHA512c754117ae7a1acb1e8c4ec3d843de00fd64d5db8753e43853c790ee6d53b5700e085637217263605065d19dd3a19221e0488c1669a2b166aefd11846196c6935
-
Filesize
136KB
MD5f0fc11f430b0a5ec2ce01a9253e9c685
SHA1f4ebe61fe0754139e8b90471fe5af44379f467ce
SHA2561d72d41cd472db24def4bf295a6df0d38f6ec35f14c8b4c0780ae374590501a6
SHA51209dc82d7df5a37b0bff3f876ab076aa30d1d08e9e0aebcb2949339225459185de8657ec649e03b9289e5bcfc8c223407ee3a72520f5381809a7430aa8d682a8c
-
Filesize
98KB
MD5ed9615bcdcb4bebe7ee775a67d33604c
SHA12b1a0d4a6e7f91fb586f4903041bd92bd0672ddb
SHA256fbf7d9d3d4b7d3f26797c7add53f752ed14456948c46fb1c84e27371e5805045
SHA512caef04bb2d57c88bbb5ca7f7eb0ee5702386ba1ef747e1bd991389c9bfbc11b322e960767faa0ef0a0fb28f7e1252033b4f499ba446e8bd6ce86c080aed69490
-
Filesize
21KB
MD5fe958a3c63fc2ce43e500731f65a3d58
SHA16d188725b02b388e38fc93f1b24a140465c4cebb
SHA256740c91ce906534f374760cc89530e71911a3394c1df9c3caa6c851be65a57e06
SHA512786b1e123ab446c0aa3c0b8ce28285bcfba59318568b030f69b8ef4e7cc5fc9a228d2d4a7c8b576da4d6f5b22fd81873c4202aa0f6942a982b163af790cd84b7
-
Filesize
148KB
MD56c0daa90ea5e7dd0581744958216d8e7
SHA10a562b2fbbd27fb07cd1daae855a1a63624dcda7
SHA2569d750fc101e5a7d2b63e370136413c28170e21c024497afed62dcf09e4b08ff2
SHA512c93eb5c4f82f610f941bd480743c4eb7e7a508b88ca3fc50fed69ed95abad19c217e22973038d899e657f9bc021e8669616444c07748cba9d9aae07b482d559e
-
Filesize
83KB
MD5e2e8e0185c50984b140e210f90d0ebe6
SHA1fbade2ab14f93a4954c125f93a8884d880d3438d
SHA2569f789de06876666f77bee8e55e057a4eadf3a4cf400ec26b4275602bf9c4ca23
SHA512e16985b554df7128a3a6b2fd79ea3670c7f4372a4fe30797557993046a52313ae1034f2c870104b06812b0a6fb25cdafbd7984a83f4311bbcc18dd3685245abb
-
Filesize
49KB
MD521d1f13dd0a539d781365dab87a85012
SHA1c9f461f54356958c688fc60ed86b4e577e1aa646
SHA2563265ae164fb8270d967f962d9b84f6ba1d19fa493a7eeee3b32f92421c0d9547
SHA5120ebc1ef86aef146f9970635f40797a610a4ca9403e45f225b0737309a7e330adcaa15bf8444d82bd7ce5a6f84acd078402a85992a644d0614a69b104d37d1b65
-
Filesize
133KB
MD5da7159b526a8f070c9a105c145c50ac9
SHA1d4cbab86052563c02bc673a97f979f66f66c0d59
SHA256da8e7139a7907651e7ba16e70b67747ed7475cf5128cd47d16842d54790054bf
SHA5123f681ff0589677e34a126444988b3f563b31807396647f12702a5d983d486fa5db0be9863babf805a9514f916afa6e79de98a0f50c9559dd456288af965dc7c1
-
Filesize
78KB
MD5e127018f83d22cf66b59a33a09cc36da
SHA1fd26c3306f539e213d956556178e28f3cc16fb7c
SHA2565e3c9dcf9342a63059f955e3e25caca444a21fd2088ed5320c7a8345fb11d1e8
SHA5121b36544d6e4339d881a41d3d694c876f83e191bd1ab552e73dc936bfd239bc8289e79580086a013a39407cf4998a843e326149552a0ea5599af497c4716b78be
-
Filesize
83KB
MD51a21336c75bd6112cc0f9794a07612c9
SHA1e2e3ccdeaccea31a5314d9c7d321268124412cda
SHA2561471a925c4a75f5d8bb4f396d95147d8aa8e6c41d7da2593ea218072a88e4316
SHA512ecfa3afa6c4cc60e7361208e42b454d05c8a4b6773150c4dfba510b74a1342b75eb191c46b911d67ecb2d99d048edc18150591f4ac1dc221245d7d3a807c60c1
-
Filesize
38KB
MD5bacf9b57dac78f50bd32901ed94e2afb
SHA10ce481f457be11d31e4d9cd9f90361b34f072be6
SHA256d7f02d336f937440b188a287eb39d0544e16b2a6af6bada16bf469a5b085f7bf
SHA512109485a740935984040a11a47d87631aaa5fc9e399bdefc3b9f0d2a95aff56e04718be43e080b5fa93b5dd232552ade85abc46b57a37bbe9adbee7dcea1f54f8
-
Filesize
27KB
MD546e6043b3a70e5986f0b72a748d9e3e2
SHA15d3ac460401a49fb84286e0f8b9edf6167530fa6
SHA256171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005
SHA512c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385
-
Filesize
63KB
MD543cc09b97215698e9db8e497a6713a56
SHA1d615cce9482a461d2293cb03e4941c8be1b28a8d
SHA25637734f15b6fd252e570ef39ce0efd1e7f8ee2b1fbb35bdb30cc59dd3a865e880
SHA51266255c736e71c6701a968c11b3a656dbdd1b6c91f6d6a487d416df692acc0e271495cfd02a35757cfab31e431fe10dd6303c910286bad99943729f3ca436d3cc
-
Filesize
25KB
MD5773a3f7b1bfb878ccfd3172373a7a44e
SHA1734ab81b02cc09b00cc9461cc80d57d9d66c3f4d
SHA2569d1f9a5fdf2afd743568ac44aef0fabb0e5272bce34528dbabdbc99670987b56
SHA512f0b55294896f5d0ef6ed77ba39c61812bef17f558433f4a0925fccf0ccc9c39326e9d3f7a651b74ac422499a970b10e395c333432272f2b7fd0148ff21e31bcd
-
Filesize
19KB
MD525783779c090e1e2bf2417529dc1b05d
SHA108e6bb54784bf1a0e33d36ff199de55c80829f7d
SHA25680e322e8f461220d3dd9351032206f2f3a2d2600da6dc1e393b72659b0df5960
SHA512fc07ba9dfa0d49b2ee545af3838267794850f719e6e8e2e689056104e496f6f8d9cf03993ce0b80cc804d5794f99ba2644479c59e1ace733b72eb1cea9b2dffd
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
4KB
MD54af4e9b3d854a925ea4f6cba21174003
SHA1e0631d6010ed1db5354fb12bc76931ad0f99c751
SHA256fd246dcc7b620fd232fb801820877f22ab16997f55f606f17b8e1ff3dfbf07be
SHA512ae098207b06ca5a76b66a20964876935286531576c48e4fad48819367ca9bd5b1e195c19f5b2112a823de0c2f28eae85be138bc6e046402da058c247460cac00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD58d1257f965d70f18f506832e731db154
SHA1150bb96bc6edf24955d138e10fd1d3f30296d847
SHA2567edfc7925610de4ba9914c631d23808fa64d6658e158807921461a221ab8d392
SHA512f43d99bad1a085ade9bcb4c37bfc97d2da6a568547a2efe4677e5c0e71888994c3f09206a52aba9712f357e61094c1e9eec3148fe07176e5219635510a142fbd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD558b5092240355deece60706c2f8a4ad7
SHA175d5c6a41d13f2b2f93f79401c26e31a7f51ca83
SHA25624fe88f0e86c1b34c39fa423d7493c44400b5d653dfef0485e000b73b18cd5a9
SHA512456a3e3e16731e3fd6b865b7bb7af1d709bc2f8c55eaa831fc4dbc5d92db51636e6d92581d5fada6adcf0eb4dbd43d58ab27b19899895a67642696be04779ff3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize10KB
MD59e40ba5da1256f6e947ec9c1d91cf948
SHA1644718a2a16d6bed585274b6262cfb14b8927575
SHA256b2e257652fbe3ac7b6afa96cfa4eb80302b0db72f03874d5f435a302041d9dd9
SHA5124b5f62dbe9280bd6103353fb9f657577f3f42e59a2701ce415af0e43d3ff23065d4e4a268ff5704edf4d6e1522cf71293b4c13bb30aae85a9c7567979435d3d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5a8f571a6fa31d0cd17a97f06313e027d
SHA111be96a767e1b732101844d266977f6370733603
SHA2563c1dfd864ff37b7268547ce4d105ae931e41738e2fa08834f22e0c480686c235
SHA5127b1f7dca28a75091cf3c7940758eade6e2869ab7e1acf6a4210984e8a35d8377ca1873ee7db103f66a3b32012a29575bfa42de064c9469512a0f507664bdfc0d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD5a972629a446ebb6f792767563ee943fb
SHA1bdcc27016a2e62e1668ddacfe688eb5e031e9f5a
SHA25650e85357764f3e682648a3779b1f9347ea00f3054620f78d7b652504630fa0fc
SHA5126ccc8f597ab97209e8046da5c22cd3d070844d9235c0a323898468fe6be4fc597fd1375e07debce7220da97701516302c64a55da13c07ff8860213566cb1d05a
-
Filesize
1KB
MD5f67761b046223f391651696ab4f3388b
SHA1f47d35f052ad9bbc05ade3c7a500a585196775c4
SHA2562b43ba2922f20b9614d9096a4718240bc44cfcebbe588741cd9632644b39fd0b
SHA5123698023e3c5452b8a980eb2de1a36b89f1bf743f281198b77422ddd002997e18995315a56ea4e49cf49b5b801d60946095b63eaffd72c088e0e4d2c42bc561e1
-
Filesize
11KB
MD5783b0431d829ac0c485a281780c15357
SHA1cf1983e84c0624f317925fc329c345923da23ce7
SHA256dc4832e7d24f252e54023d963d0a9b6049e2eb9cb16b7184e7e0f89e0f7858df
SHA51230d78fcfab97be8b34dfcdeea4d415d0bd14ee49729a0f1769880858913d11cd93099e4ca9a1cf1ad5b11800044a970b96b28a5e9c9e3b15bb07935a8035a401
-
Filesize
624B
MD5fe7c6907edb70384d63428606df7b9d5
SHA152ce55a3ef700bdcada4fe37bf91db80e19c357a
SHA2566b1c7755ad7a45d52bcc575065190c04a4b906ea66e87fa588a71ea3f6081f20
SHA51292bca5e38658e8bef395feb4b4ef7f0ec1276b09ab0d5ab3a753e1be57e941ed824d14e757cb1b4316cf56035863dfe2b4a325a0b1916cb117fe81bbda2606d5
-
Filesize
17KB
MD535a57ab49bf382b8c688cfd69b5813ca
SHA15c19b163de26c7df5c982b4b37dbe4c5aaa4a2ed
SHA2569ac929265f5537603334b7cbbffc3e962d52399a76145243461969abb0bc0b8b
SHA512446ae3386750e4e2fd6ac46199ca6c8adf0c854a7c683c6b62aa35d8e3736478ad47a04aecdf01250a5c51fdb7e501c66b8e2fd84646edae1c9695a061f48fe6
-
Filesize
624B
MD546ca23930d19907638fbbcc7c147468f
SHA1e8d22f54fcd0f513aa3a59981a83a0b7f3a61e74
SHA256f1784fdd66c9b1eef5b5f4f4a37f2af7456bbbf1c84394089135d27966782684
SHA512411fe33bbee8d784364823415bf92bb66a12918f9272122b1b960462669189b6311de7ca16fa9d31bf80f68d54a76c1c78b114793305f4aaf54daf75d00cbc30
-
Filesize
11KB
MD58dca9004eeea7a97e44a9431df52cbd8
SHA1d0b37ad054da81ccd9f6560c88243bbf9a17f6ec
SHA256307278d0bc7fc98b584a609ac53b7051026aa2a16f505dd1e549a1afd0b8d0f3
SHA512dc748fa07d32079a9d4e355ecbad7d104e4b52671ac3551a77fc8a005c32eaf11fec7198edd496189d194baeb223eea7c4f7ed29f631320db080092bf2dfa30c
-
Filesize
9KB
MD557deaa5117b2dca3578cdf48f11385e8
SHA1ea10b064316bad13d92826e3c3fb6c3b48bbbf34
SHA25690742d04082d8424ffa3a73f1662ef472dba37bfb0323e71e7437830070b07e0
SHA512be549e34fe807432e37efdf5069f14aede26120ad6149bdd5aaf71f4c1e7504a6edd25618bdccc66f4a44f5796f9183319e975dd2c70c8ac4fd3e98a4a114b9c
-
Filesize
5KB
MD5d5a90f4701a019904d157d7965771acb
SHA11b1f1f21eba00a11665fb9dfdc5cf651d6af9c53
SHA256f4b51a98241d9a94be884dc64ec24f27363a96eb3d1796ce006818d24f4e1d3d
SHA5122408ce4783e011ab09383f14953914163d039c4ed43405f3398996c1463a855c6956ff616b5c3facb88c55498a2e15d8b16abe9f84bf7589d5b6b15617788e0c
-
Filesize
7KB
MD533f2ceaf4853364e5e006a298256b78c
SHA1b61b6ff10b229041044faecb863b969d3417605e
SHA2563b76d4dd0644a3691c1400885f6895aefdefe8e5944d28ac87771ca309cbac01
SHA51228f3abd53e5443f93a3c71b047f73740f681e99faa0ee5a96686946b8e3ade4f3a24001abbce2ca2afe0d1dc1cb48453cfe8e1f437d17fa46af27aaaf478e1a5
-
Filesize
7KB
MD52907113b5a851e344ec72f31c36623dc
SHA1d0daf33f3821f40df78ae2f3efc1280e9b1dee06
SHA25654fdafc90896f36d2ae8a00ccb69a3aa24f448257b5cc266f40e60e83d1c38b6
SHA51290978f31c3589f80228cfeb8ad702bf5e194845ba0ae24c522ac35bcd05ea34b34366351d83f0c81cfc23338482c44e44673b6e75ab22f35bdfb8a1bc803cfb8
-
Filesize
15KB
MD562a6a39fc7739b80003f607569329c22
SHA13177fb89d332169b142b55165ae7156e0f055fc9
SHA256f73c34a7c35401e0afed566f58ac1464b961ff183c1c2d07c21a0fd896c4132c
SHA5129d2d523927046271c106674ad5531535d3e820038816430ffb3ce3c1e08a7fd86bb5f36c85c490982c17703d37f7e53748727e0075fe6f3fbcc455f3acff6635
-
Filesize
6KB
MD59c3eac6b862584cf799e66de92e5e8b6
SHA16a92aa00b0c7b2930e2e65e1bdec00c9b262d67e
SHA256b5350adb86ed974f3863e8b6d391adb4e18ccd61ca23ed20c64abcb39b0f250b
SHA5120c35cd55e41e8f6e095904f8d07ec9d6a3837da54e09f760bbe5cb292d951f35ddec81dc6a730f59fa0f080a72e2902967da67363e0248643eb1c0dff1a53386
-
Filesize
6KB
MD5f4be42c21c9826c1cb9c02684daa6d9e
SHA1a9d128f8612c233d5645f4288ea88e720dc7229e
SHA2567df8d0cda3f99ccbc552f8ab87fbd6bbbf45d128606feec72604d617d7791779
SHA5128e57fd73537d355639944f2339931870f229fb01a1dba1cd7faa88f1a8904fabc496db5a2d93266a592e742433215eecae5909dec985385105aea079098808eb
-
Filesize
15KB
MD5fae9c845f1de78c04ef40994bb21492d
SHA1d07d6e4f37d2c0f0d6a2043f5d11203c057b5760
SHA2560903ece1b0ffef2ff9c2f597c4d809e22207387043e0f79a2b87ff51a1f9cc09
SHA512dd367f888aa390336d700b4fe9535bc32c31d742a0a5d61b674d12de9ead230830e6dea4bbc5f2f3f1341cc49ed85279b1642004fed79eb5c1755bfdd5c5e516
-
Filesize
17KB
MD536a8a7f1c279014a98c5ce91f81958c3
SHA10d5593985606b294153bba0b1b9a4f7f6272f8db
SHA2566dd5731b75677292b5ee26bb6e7297c96ffc68eebfa87656f58882c9b8d98c14
SHA5124330396d0499b1dd801940ff6065e5ca33345972fd38978ec6bc393a5bf299990c49702da1a8a23d47d9e084307c8270bb7ac2815826c5f6d49378660c86b7b6
-
Filesize
6KB
MD508ad5af5a1ecabfb429e83e1806851ba
SHA165e851722d37bc3dfd80c0be74a189abcb1b8515
SHA2568aa392da2af12a3862662605a04c7d49185f1ccbd6ab7aebedf6c80befb09e3a
SHA5123516f0f1997806429b7bca457b0c1acd889e69f245cf490b438384a5b4b96f52ba0253f5a0b9bc22471d18dd23cefb256d9153d61138994c0ec773b7789992a2
-
Filesize
7KB
MD565e1a053eb2ca73d62b9dfbaf8376a12
SHA15cf9f21dd50bf32f7cb3382f422656c92ec1edfe
SHA2564fccbc0e9388a3ef72edcb8650645c091b6ab0e79224544281debf0007c21d3c
SHA5121e81de492bd6cd6d48884f426dffb45072e1f0e3f050a2db0b0e292bc37b0de403721cf29415bdcaf4812d26887b688e0aafdff368526d2f9923b4f5d0d2c2b3
-
Filesize
15KB
MD53ee3210c8695b3c6c4a7c66f7300e9eb
SHA1bc0d93c448b76e236df585fba7c052498dc38429
SHA256c9e469a37568fd86f4ea002e15a706502de438d87c1c765254fd41a4dec88816
SHA512f9412419ff13007a444ef28c296ad033d2d588d13a7c6f415038597ac049e1967d93120442ae376456f7602912e2fdfcad8c9a5d3e38ff56420b45f37cd2243a
-
Filesize
18KB
MD5032ac999cb741cca4b49a75a3c29212e
SHA1fe7d862495b4dcdd935560a03f2f24085d5d31f7
SHA256bcf10ce22aea34b52b3ecc69427b223ec357c71cf6b94f581428249be3d88175
SHA51246833c9539d525b171d6d8db32f5ea986edc218ec652df5f7f45f1f620046019bcf3d9205ac05e645a0c8284950fd8dd4f714d8544dc806aa88189a38bd742bd
-
Filesize
7KB
MD59162d742a12018608d23433ec86bbede
SHA1018fe0f0542f01ed4ff516d3d41d1c4e9b4114df
SHA256d3930d2cf35cab292d8c4aaaaa077a820faa9ef994d15d5c29d8314836680030
SHA512638d8d264497eaa2ae524080a581e93085a12cbc3d1dcab54e649233488a9082a43ddc088b1dce059334eeaafc7b3f8709f35ab52c356614f3f9f1a70f1f2980
-
Filesize
18KB
MD5a9f9c70461091fc996809f8ca1f51e8d
SHA1d5da14d8f1618d55586c71eeebc48e0637547eb4
SHA2566c882dc5de6983e8a56b07f4d14b3c586d0dc549a5eb0531967a8c26f345bb23
SHA512c1e7933b4860db65c7a1ff51987ac63358e8331001ac2309c38664658e9da91d848e518e9714686c4e6516c878a95dff09d313bc5364e4ec0bfd4e3e72f0ba9b
-
Filesize
7KB
MD5b1608f52065a1de68b722738d4381b33
SHA1f0fcab6cdd396f199eeb1b116d76b5aff0b7e1dc
SHA2563b4a8050dd68ea59305d811ffa12a7f55aa5d18ed8fa3baee130900642d045c3
SHA512d7ed08ae06991306331a4df9898a749ee3019007f4779c8681a5123dfe19e73f00eb6f1c0141ccca14a8a38e4f3b8b5e7b54a76a7f3afbbeb0a4acdf324ef65b
-
Filesize
7KB
MD5377d7416f7cf490a27b61edfa5b8bb22
SHA150ee4717789d0bb2a763c6dee0ff4af73a3397e8
SHA256be9cd6574e3f4311429a6bf45c1df7b90d3eb72743b939ebc9a1e20753a239ce
SHA5121bbeaa9c930df1d3abd9834c95613c545d04a454940e7e524803b7795560fa209e788b4be249c5c8b8210a5829611a8141ba7f9263a98f93930768999ea9e6cc
-
Filesize
7KB
MD5cf1f135a3f0a7ad7ff858587ce876a3d
SHA1b0f4bcc369977cc3f473885a57feb6e221ddbe99
SHA2562ce0af7895a648578678a6bfc9f795201204abefa7a3d4cbfc6cbfd3c9488ccd
SHA5124a4fa1496572116cc45fe1a5f008535e0e25d8caad55f8c6175c70f7f2033a72ea6493581cb1276c7628f8b0b702c3f4acf3d7c1a83134b77fef0f2ba6970aa0
-
Filesize
18KB
MD58174587884c1eca385b44b9393e8c12e
SHA17f3ca593f31be3211c3046c63a29a344a83c460c
SHA2566306aaaf5cbf01db7cd264b1747be1351fbe29ad67941ac399f444034c6b6432
SHA51230fe3d29a052ca10b5fd614cfd1bf3a4fe2d3d193cbe5961f866ee9e038f165c7b95bcbe6c73ef587e5cbd23cd3517faf0d2fcf71f386143e0e707ac59783c23
-
Filesize
1KB
MD5d14606c9257f63935856e1ef4e74c968
SHA13a50f1c8d3975962a84a47ba59cbd58277afb46c
SHA2568acd4104f3c04c18cf46da8820ea1332c15574f6ae202c6fff7492d00bfffcd0
SHA512730df375b26dd75a1b2207054b1f4f886f571ce94e79230480406f5a28d96ec4abc7c4305bf02b405e49158e33fce3ffd8069065b362c7b8ae07125582a07039
-
Filesize
6KB
MD552e217b68435bf9a643b4ff353df394e
SHA1472301702c6423cb4c18026cee627caae3816321
SHA256f094b916c687207937a0a93927e358810dfcc396c1e28e8a26b5b0bd0da71388
SHA512c2956c05e170e2605c1e060f388ad5f2510d0a3b87fd8f736150828274b225b0b2bd085863bd9436ff437a128bdcba13213113f0aee14caede43091353ae6d15
-
Filesize
6KB
MD5240ccf8ce48887d78d881ae07840607d
SHA134032b3e3efbea74f48826eabf543b1774d3b29d
SHA2564c921caacd29ea8405bf7624bc0248a2d3d13966d1c2930ce0ecb8db0c1d1c00
SHA512d76e687d44b655cce0d483ab3b4bda816681923df10102e9072d569b0d5f2fdaa3f8c6d9c2bab0a4ba741c8e145aba48eb03d56a817f7fea1c3bf7e1e08ec5d7
-
Filesize
9KB
MD507b7973b8dd01a3f951a5004cdef3ee4
SHA1d9e644593e3865ca2d9bbbcbbaaebace0938b77f
SHA25680a71f2335885807ba90187f8258281cd55ee924456dda5a938df49f639b609d
SHA512c8d2df2d350125888e5fb1cd558413b3b23a41c84a77d65bef82bd9d2dbab3d46fbc0ed6a5c2e64f98f8aab99a298367fc7a39b0c48508f3693b06cbdc99c462
-
Filesize
872B
MD5d981756c3a99e167f8380e0a64aea341
SHA1d193172fbb26f19c524799e72179921706664d2f
SHA2568255604aa4c5a87d39fba3ed576e4ed55801c23e6233cefed1601eea78fd1a24
SHA512b10f77608a62930e11b600cca39c2c126e8918a592ec8f5bebb8f4e4bde05eb6718d3cd25b55405a1c227634bc762577cb6691cae395b7a58f2d066a2a7e951b
-
Filesize
1KB
MD58634358e2a0e4dc2dd720cd7dc0ead05
SHA14e5e317054d90c319edcb4a3631f64f9ddf135aa
SHA256871f4fd2675fe0089f6d2a6aac14ff177c7a0e4252ae6db46b4f93c8af510cda
SHA5120b3b7e0206692db9e0f1e97a9ec8745bf5286c1e8920532b8aede4866006c13e22b91bc75c5afda8527bedc06ca13b21b30af8a5c56ca8336a7c56b7efc92c15
-
Filesize
1KB
MD5ee5c5c4c920a024e034f14b9b40f1a09
SHA14bddb3f66747872634d2494f4738e28272af81cc
SHA256aaaeceb03bf3626b1c5fed2757fa458439a98d88dbe5bd6f3b5acbf4f08e896c
SHA51201ebba2d4b2abe6631317c0cd5dc8aaaaa89c83b9dd71c01fece3f2eb20af4201533337a78308913f179646098461741a517fb720942228d7c03aea49519534d
-
Filesize
1KB
MD5a889223be111575b149e877666ebac58
SHA136e2455a02305911e7184c62a94886bec86f3240
SHA25687f280de458a5762d366e3ac2e27918ba2af68cbad6b6a9ce4fb0f53f177d27f
SHA5125686e06bc59102b0c235496c346b9e2feb2d014376d7e4101b90330c2458da3b8817f94ff2ab18f48e27ade63bad5c8917d1805c6a0212dc59c9a0735da52112
-
Filesize
1KB
MD54ee8c80469cc77c9d1a1d951c4f7c6c4
SHA1898a01e4c5ca23bea02a24c45cdb89163b8723fd
SHA256c6c1381e4af3ef6b304ba0d701469eb926922769af12124ce862fe94acd62b36
SHA512d73c120fe3b67be929ca22cdadc57316c5dc2a59748c042cc6a1a4b5cc12162f51e39e436da79019b8161b1fc7e3f91021a7298fd9d46a154947004cd58fd8b4
-
Filesize
8KB
MD5bfe250f34161e2f1d82f8791fcd987b6
SHA13f93ef680efcc48b7b9acfa26f6ab896cef09c40
SHA256185641d225a3e9a46624013c3941f1db732328171f2ba4e960c2fc5277aaf93e
SHA5120a7cd7d96fa00d26f22f519c8df1d252882c8358e1b11024b0f4bd4549d8c355e3d55860da8fc87b9c3bd63ac048e29399158ff63e3b81f8c272c1b68f12935f
-
Filesize
9KB
MD5203c5c1410bd9192840b52107a65689b
SHA1699e977c594717b3fcdd7b574401ed2f9c319955
SHA2561692ee5dbef317dfb8c043e475c4073951cfcf1d27768d8ae2988e0e7f0b6bf8
SHA512ca5601316eced5559115fc8490e79bef727acff145897cff25a42b30b353c3168d5671f035f17e8412d46055764b843b1d97d353fa8cbf4811191a94058d4fde
-
Filesize
1KB
MD53fb6f6c8b5a9d41487d9f8262c46846a
SHA179a9c9a52e035df0a7f8f6e418f8e4f175cb9bb2
SHA2561211b19f4cf43a7a80495ead4a5890980da1ada529625e1d913c8ec95add9925
SHA5128a1f5f1a718dd51b23a9f67098733a68a22e1266f2d722ccbc0203b16f84a54250cfcdf18b5920362b5bbb03f738fe23edf9c545eaf38f6b4c83751757bdd5fa
-
Filesize
9KB
MD565d4bdc147f162de165cee3bb003384c
SHA104fe660cb815c96b0b625ce1bc77ddb14094e8cc
SHA2566536be2c5067df04dfeae18890e2e151cc39e0c867f2b30c99bc0a2f9cba1a6f
SHA512996ca269b403f888f5a0d415e01aa4628461bd71dd96e670254140e2de4e0a0f2f874b64e7ebee00697f0ca60bdaed65135db85a6b8388185d09c82e5590eb42
-
Filesize
872B
MD50b9d19cd10124eb3e3ee670bbf813918
SHA1d8c2d917bc14c869b9db5b4a19c106799a58c0f0
SHA256b950c26f76da4711f52d495c6fcf7a7a54305dda1c29ebb438321d9b2c24be21
SHA512d404d0fdb4a50e8a8c138f6ec52e1641ae84a86ef61395373cc32c0367aa7d43579cc2b0e1b309137f812650e132534affcbcb2fd1f50444479f08bf488b0b0f
-
Filesize
3KB
MD5731d5b26824d28e5059a04f1a3f6b27d
SHA1caeb4f30671e0d86da169974dc96f10eddaa2aab
SHA2560b459805c4313a4d09b2823016851f0406fde13a973c650219a9933d64c6339d
SHA512bcb6b3d452149f63ccd4f95877856bb56b7b6863efd000c07d12808b8468fed0471d25f7ce359fb152651d3e73bb12abd59681e7fc11af3f26df84495d5c2618
-
Filesize
704B
MD5e0aa10a80bc7580f38f52573174b3fba
SHA1c0d28f06939c9f7bcc73d582fed67f2422768327
SHA2563b0a4a5a50a500f67bf1a4e8fff0020a006b27548290cd89850b3f2c7ffcbd2f
SHA5124706a59234ecc0fe9e9d277ef361de1521a5ccc71c5e10ad8cfd32aedfab82d8e25d58ebff24453a269f5cfa0d63662421acefef0f52f435126ea9f5612132bb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD50a3317b640144741168e844140a26b49
SHA13133ee6fdd5aaa1188cad036010ca7c88ede4a02
SHA256412ccdc4e4381b8f164e09e64a1454e9e6605fb5db61b426e655e7602b30d31f
SHA51213f1e26ff8e07fd7a3e4b1bd514744520777e4d6fd26444d345bcc75ee555a405298fb2db326fc5062383cf12a47c2a06ff7d050040e0a2b0e460fb3b4217145
-
Filesize
11KB
MD52ebd3ed977178324181e9ffb825619da
SHA1754340ad45701292b6c631b2574c8b459f0d9639
SHA25686e786518d995b8c57f05980d4663b0ea3ed8d910c11b29951ceeffec80e969e
SHA5128971f1f6dc6b6b87eb613c0832c0cb0516627654d84b02f275a68341bc6797b5b3af9de079590be0d230cbede2fc14f2ad13d6f68c9811a6b1043b31c7a75c09
-
Filesize
12KB
MD509669f228aad67e46ccf2627148593cb
SHA1545e1f637c81133ef30b21a7cf6a8d6e14d29bfd
SHA256da154937527185a6b949be4ed8924fe8a4c6468d8b599eba241178202ef39b3e
SHA5123c91217b0ff0172d498181278ad0bbbf72b6013e6863954afa5bd79254666ded396a6453a7a1895f427f8b7c880df7cdd01f107498ab129c6d7b8faa9ef34e9a
-
Filesize
12KB
MD529d863ef80e783d30402687af6ead406
SHA1247d5e0b8d7db7ae047edd84beaa8ca711384703
SHA256bb0b54bfdbad7fc511e9f7d544be6716129eb5b2d4f7203edb6546ea8085ffd3
SHA512ce96b2ee52bc89dd19ce78c1d301bf3b1094163ef279ef3a43122cbc07d50b237dcc7369975f3f13621adc7763fdef8bd932987b1ccda1df45d28cffff3f2dcb
-
Filesize
12KB
MD54dbe37cf3aa3b40ee4de0ccf60052d5e
SHA164d350711595fd7aff6e75f328b13cbc3d23a23d
SHA25618195593ecf10b3ee0eb23669da345a26bce4ce7fea38bc2b5cd1894e5b19ae3
SHA51246d5e7202a84a489b166836e757a59daacd22b9e5e4506a0a29798b3f80d1b628cb7f55b2119d43b6f0161622940510449b9720f591faab93a063687db27cdd7
-
Filesize
12KB
MD59c8f6fc8c45ff6d9e17865c10fd032d1
SHA18a96212cdb8ddc4f12ebc50eda866eddb437c280
SHA256195ad10542aecc6c355a9e7fa4ca327603fd0de4abebba1c8019b3290339e221
SHA5122a6fbbe1f60e7683e6a628bb9ea445c56250ad9ad334e3409b38cc11512f3221fa0866679f4bdadb35fc760d5cfdc9b41bc092b0f3564d7c4644bdfeb9d9a22e
-
Filesize
12KB
MD524916aba95ecde1356e4c2543fa705a2
SHA164ba503b4b4d6b3d1fde1daf74423a9870ca564b
SHA256e831aeeee8b1b31fd0e0181b36ec18aebce70da392dbae1939a59144eda1265d
SHA512e30c1396d08e7c8843292435584df1d15cd732977a84940bac710030ea088676dcd1238182dca819a43f7f2d26c2fd1c3d84899b2b9e374c1b175d6ad081e13a
-
Filesize
12KB
MD5b1e163fb9b751322908efeece9c1fd74
SHA13fe3337731d62a6ade2bf1d7b079f2f8e186341b
SHA256306ef60da7117a8c1c09d554ab1191f1863b0d80ca1b8ced63adbcfb296dbb52
SHA512422ec921d8e0781aa4ce7a34e81010b0ed49a3de38effc10c21ea377f1dd6d8895ff7df5cd01a20bc3f68ceadf204de716e271521770d155dcfd4cba0b80d645
-
Filesize
56KB
MD57c1b8326fc81094620d673be4fe95615
SHA10c0a9bb65a05898f7ab168f7584be2db24450753
SHA2566876180c6e6fa679334df8eea3c574e116a81a7aacfa1558f4ab0a6fd226dd87
SHA5122825b3cb8478e6454385903b553a90845ee8961089c4872a9fe424b80f9c825ad126a62684c4d1b0252b2852c55445aee25abc550f5d185d1108e748fb8cedb6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MP05IF81\microsoft.windows[1].xml
Filesize96B
MD5188f8f76ad695de69c313c1113722ec5
SHA1acf66cf340e75c0997ab844f745ed139e05b5c1c
SHA256d926dfadf64142c9d6e871f8e3d4709e78b5e82e237fcde0680740eed9c82b5b
SHA51200eb7bda00afe8efe5b3f29460e2d92d173911f7deabb097d9995fb9af556371c4cecb473d328c8f9c7c85978fd560b1b9cec723805c44bd167ff59c3cf5bbf3
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15
Filesize36KB
MD5d73810507446e10f35cef691a91cc5f3
SHA1f871fc76285b469eaf3f77697acb489438671a31
SHA256bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3
SHA512c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
Filesize36KB
MD5ab0262f72142aab53d5402e6d0cb5d24
SHA1eaf95bb31ae1d4c0010f50e789bdc8b8e3116116
SHA25620a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb
SHA512bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9f14621-d413-40e1-9b0c-e57d49ca5ddd}\0.0.filtertrie.intermediate.txt
Filesize28KB
MD5ab6db363a3fc9e4af2864079fd88032d
SHA1aa52099313fd6290cd6e57d37551d63cd96dbe45
SHA256373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f
SHA512d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9f14621-d413-40e1-9b0c-e57d49ca5ddd}\0.1.filtertrie.intermediate.txt
Filesize5B
MD534bd1dfb9f72cf4f86e6df6da0a9e49a
SHA15f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA2568e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9f14621-d413-40e1-9b0c-e57d49ca5ddd}\0.2.filtertrie.intermediate.txt
Filesize5B
MD5c204e9faaf8565ad333828beff2d786e
SHA17d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9f14621-d413-40e1-9b0c-e57d49ca5ddd}\Apps.ft
Filesize38KB
MD584ac0c242b77b8fc326db0a5926b089e
SHA1cc6b367ae8eb38561de01813b7d542067fb2318f
SHA256b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92
SHA5128f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a9f14621-d413-40e1-9b0c-e57d49ca5ddd}\Apps.index
Filesize1.0MB
MD5f4514c93191e0efc0f61036e4ebb341a
SHA1c80478e9a734790c18584f67a43518aa4a7dcf58
SHA25643da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600
SHA5128aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133684104663236733.txt
Filesize75KB
MD53a4568b8886b85c6614298da345ec1bb
SHA111fcb49e456f98b3dae31924c3d969b79019f1c5
SHA25638efd6511aa9e76811ac67e443b4091fa131b08c5889eca9ad0dc5dfff22d42e
SHA51220c0bf451a9a1efa4b9aacab31d8014697ad8d607785f1ce25c15c95ba5abd01143baddf716a60f59a753d7c7a84aa49bc78a04a25ea6ab54f1d16b7552a9ca1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133684108314647024.txt
Filesize76KB
MD54b39d3ffed8671799b5fa9c54cbd7a06
SHA1f019ce80e39191caf65b8a86ed9adaf2463f866e
SHA25651f949d2943d7be6f0bc49dfcc8a6eb8d108ee10534bb821b7f951e3315208e2
SHA51270fb00e80f7d4b860a5f72ccba65175790c07243030cf2d542bc3729ea80808eee34c69ca3b340ad2ae8c80fd50af69087bae2f62847a4087780c72bb916a160
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
2.2MB
MD53c5b6ffc8cb33d0c1ef202c458fda0f9
SHA18fcc32a5c4645c1bf32535f63981834bdb6e5e4c
SHA2565b8a2e0689f2ef0ea38ee8dfdcec9d5dfb7ab6ee57e822027478f61e676f5b29
SHA512d656da0fa51b1551178f5080d7ebca7d4325d5d76ed86e62efa4d105d95e73c5e2d23fa993eef3b22059b651d1c7002342416910cdaa3d0d7e6cece519d831e1
-
Filesize
1.2MB
MD57fabb7813703295a20612e6c811f982a
SHA1be28a80def657caf474829dec119858325115d9f
SHA256493bcea5b2aded060e245e3285276813795831006abf24abb2463479148fb570
SHA512724f2091a84eefb064e39061b8787511f08b935e552c706796cb1ffd2a4b2451c30f3e47c272b327a2c3164fecab018344908f76612aad9ed39016215d3999dc
-
Filesize
1.2MB
MD5d343a7167bf2962f27b54de17ec166a9
SHA1cec2497d5ea819f05be656b8e15f79a6eaf27acf
SHA256a00f73fe6dedd17fd34252c40d89c6be5524027ddb2c0effdbb298d7d7065de3
SHA51264ada12e0bbd202c2f4817bb804d7583baaac469eaac0fd8db0df6bbc9d8d33603feb0cbeae6830b205fa056765da835b0e35b0733e3ce8964b8890aba382a4d
-
Filesize
391KB
MD566996a076065ebdcdac85ff9637ceae0
SHA14a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA25616ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c
-
Filesize
997KB
MD53f8f18c9c732151dcdd8e1d8fe655896
SHA1222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7
-
Filesize
73KB
MD581e5c8596a7e4e98117f5c5143293020
SHA145b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA2567d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA51205b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6
-
Filesize
40KB
MD548c00a7493b28139cbf197ccc8d1f9ed
SHA1a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830
-
Filesize
160KB
MD5237e13b95ab37d0141cf0bc585b8db94
SHA1102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA5129d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb
-
Filesize
60KB
MD5a334bbf5f5a19b3bdb5b7f1703363981
SHA16cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA5121fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46
-
Filesize
64KB
MD57c5aefb11e797129c9e90f279fbdf71b
SHA1cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a
-
Filesize
60KB
MD54fbbaac42cf2ecb83543f262973d07c0
SHA1ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA2566550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA5124146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e
-
Filesize
36KB
MD5b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA2568414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA5122c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4
-
Filesize
60KB
MD59fafb9d0591f2be4c2a846f63d82d301
SHA11df97aa4f3722b6695eac457e207a76a6b7457be
SHA256e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a
-
Filesize
268KB
MD55c91bf20fe3594b81052d131db798575
SHA1eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6
-
Filesize
28KB
MD50cbf0f4c9e54d12d34cd1a772ba799e1
SHA140e55eb54394d17d2d11ca0089b84e97c19634a7
SHA2566b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5
-
Filesize
8KB
MD5466d35e6a22924dd846a043bc7dd94b8
SHA135e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA51223b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247
-
Filesize
2KB
MD5e4a499b9e1fe33991dbcfb4e926c8821
SHA1951d4750b05ea6a63951a7667566467d01cb2d42
SHA25649e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a
-
Filesize
28KB
MD5f1656b80eaae5e5201dcbfbcd3523691
SHA16f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA2563f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003
-
Filesize
7KB
MD5b127d9187c6dbb1b948053c7c9a6811f
SHA1b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA51288e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476
-
Filesize
52KB
MD5316999655fef30c52c3854751c663996
SHA1a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA5125555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44
-
Filesize
76KB
MD5e7cd26405293ee866fefdd715fc8b5e5
SHA16326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA5121114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999
-
Filesize
552KB
MD5497fd4a8f5c4fcdaaac1f761a92a366a
SHA181617006e93f8a171b2c47581c1d67fac463dc93
SHA25691cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA51273d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25
-
Filesize
2KB
MD57210d5407a2d2f52e851604666403024
SHA1242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA5121755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
-
Filesize
4KB
MD54be7661c89897eaa9b28dae290c3922f
SHA14c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA5122035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f
-
Filesize
29KB
MD5c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA14567ea5044a3cef9cb803210a70866d83535ed31
SHA25638ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e
-
Filesize
1.2MB
MD5ed98e67fa8cc190aad0757cd620e6b77
SHA10317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0
-
Filesize
11KB
MD580d09149ca264c93e7d810aac6411d1d
SHA196e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA5128813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9
-
Filesize
2KB
MD50a250bb34cfa851e3dd1804251c93f25
SHA1c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA25685189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA5128e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795
-
Filesize
40KB
MD51587bf2e99abeeae856f33bf98d3512e
SHA1aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA51243161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a
-
Filesize
161B
MD5ea7df060b402326b4305241f21f39736
SHA17d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA5123147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0
-
Filesize
1.9MB
MD521b06e448a0bee23eb6b80dfb39f1e82
SHA1d60b3a9021a704247af4ba58bd539d42f780661f
SHA2563cad9f24f2ec2bee7bef2410ef713924640bda964e865096db6dde37103481ba
SHA5129678b1302eb289f04c0fad0a60455da7d24da4bb72177561f8668f0995d695485eba915bb222d7231a8188ac6ff3b4b0ffbbfe3b725b9c0112ca6af9465f5709
-
Filesize
839KB
MD5f50e00df362d5a597b9e7f549df2587c
SHA1cf6aafdc3f25bcffdcabd3a5db2e40d1cf42dbc9
SHA2561518106d36a5770684ce0cd86279e19ee601225d9222f7f555421990a130eebf
SHA5124691ef983c58d2f027bb0a283ed0a3b11da972588c4c4ab3462fd2e4546f0df85ed1c1f56a481cd86470e3ed02ee8859f22bd04c75a47ce1fe5cb5c983e64577
-
Filesize
5.8MB
MD5c79bb78a0bad2559a7037913dd1f1f34
SHA1a5b36348ad93fdf971201f31136d8c9b056984a7
SHA256f63b47288af395ac9c02c980592691e2d446fe8b4d3813007433ae262af693c3
SHA5121bd81cbe784427e54903159225e0fd94c0fab1d9498c11db177d86268f34129e6835759a9a3e3822c717349043930e13168390fcc2f9a74f9699f14497cfc888
-
Filesize
34B
MD5d31cc067f585fcedecfd1c0717937ea1
SHA1de6cfbc40f02e8edbee2b3f9d094eb62470541bb
SHA2567af6c530c6538048cb17143bd35d34635db7991f9c1682b92302510aa38da5dd
SHA512080209af13c2402d994cb20aead7508ea4276811307c4a4d2cb6dd3d7c488e92896c72b928822bd0c298e54a5bdbee796fcb71e2a57715d971eeec1153f3943b
-
Filesize
2.8MB
MD5f75cbfbb5eaa5f46574955ed6651da78
SHA14ce276c03898e57667b401761fe1df5f11304a68
SHA256643962e7cc16bb8e9edbea5f05473764199c7179d06a65bd88a0d101d1d5a9bd
SHA512287847c5caae39fc80e90ae105a5fb0c9349f402872721c599eb9c9ccaf171437879f0ef8bdeae923bf4520befa316b60acd3e975caf8496f05dad24e1b34e40
-
Filesize
88KB
MD537ca6101dbe6d2324a651fe678e9c97f
SHA10b478e9b5e83b6a45cf5fe47e0fc0a97e527ce74
SHA2561d0dbdbb94609afbbd7a7b123c0334996c0ea928c41119f7a3063ed0b61c1f54
SHA512a53e90fa5fe10eec65112bc4db96cfcc15f3a7216cf3a3f93763373faf589acbd8a1cbab93a5818f826afacecf165a6d63f87b1c4f4aceca1446917218600041
-
Filesize
1.3MB
MD506d466a1cde4306356506b35153c5ebd
SHA1c43850528e8150e1f0e253653d2f0155d00585fd
SHA2566b1205e9b435c6241ab9c244b1dc3c309c1d82211268501e71e43c4425fbf590
SHA5125d79ae61fea7097ddf4b5f2c639ddd1ebdffb7d0e69b74aac47e166afbe94e88e3a4dbd1cf34d55c6c8b0fcba3c30b676c8460b120470c17278caf22896b0b33
-
Filesize
26KB
MD5d4fa24f021f155ce9214dccf812c3b7f
SHA1864001ab7d2c87af00b7153cd096e0454b3f4e9f
SHA2563b0889281ff6367bb736690229f461bb4ff34b7437f54a5c71b877a104c0f876
SHA512de1720af369890df89c8550d49b4e3e2e353e4a21ef30be5ebee9216e312a57ede9f7919e71de592d0bad6e482d48fb759dd1d1323caafa506634e9f877f6213
-
Filesize
37KB
MD5650e0e39808140a1da5abd3d27880c7e
SHA1b2ec540caf946ee5353f52227e8c9942cfb42f22
SHA256aab155dcaaafebe4b84a9aeec6ffbce9b484a99b316657ee9b7a98b346f9538b
SHA5129f00d912c123b1b235f0b63154693d294b7cf2c0571fc9bb462ba5c9ef350aa79680436ba4a094c9e28c867bc79bdeb96b0622d153a107bd8a9631d99e4fa6dd
-
Filesize
25KB
MD55121c566ac9315a53e558bf62600f9b6
SHA16da036314afefeb8c1dd88cc6eab0efb432a3b4d
SHA256d88e38df30887c722fb837278ee3782914574414c741cdfd3bd6126799fa3167
SHA5124f6de42af54cec8e63bdfc54ac250a5f5cc09081e9ae85d0cbbcad952f58727cc4cf68501a020474539c51a771537993bc12272496fea5eea924d7058f76fbce
-
Filesize
26KB
MD5c845234dd1e1cdf6f63ec1b025b75742
SHA1150dc042b54e3dc34172d5a2507125eaf619d14d
SHA256ca418ce0992368c09827a76b0cca14070b9c518badc95085c7d71034784fce5e
SHA512b08b899e523da279b9e56306b237eadc6fb91fe460b0872bb6a4b163d3c83480621d2e5e70d1de64fc9d751d8704dd4ab8400d5a901846e4775f4d34977ce605
-
Filesize
6.4MB
MD5f40c5626532c77b9b4a6bb384db48bbe
SHA1d3124b356f6495288fc7ff1785b1932636ba92d3
SHA256e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
SHA5128eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056
-
Filesize
2B
MD5e0aa021e21dddbd6d8cecec71e9cf564
SHA19ce3bd4224c8c1780db56b4125ecf3f24bf748b7
SHA256565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
SHA512900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874
-
Filesize
676B
MD592ff3e51f55a2f70720c07f67acd3ca8
SHA14aaec240b744fa049bd6d2043106e9b5ca138bdd
SHA256607783ec67ab3cc77fc9298011d53f2c1bb6b0882504c0164a167f787599532f
SHA51247117d866fb6932bb0d6bf00e54a6e26517127be5f84fcdb9759372cbf6da2db4e7faf830793c215ecc94f6d080087b7a28663e4a358c9e1659e0986b3b1b93b
-
Filesize
127KB
MD52027121c3cdeb1a1f8a5f539d1fe2e28
SHA1bcf79f49f8fc4c6049f33748ded21ec3471002c2
SHA2561dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
SHA5125b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c
-
Filesize
36KB
MD5f840a9ddd319ee8c3da5190257abde5b
SHA13e868939239a5c6ef9acae10e1af721e4f99f24b
SHA256ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
SHA5128e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a
-
Filesize
1.6MB
MD59750ea6c750629d2ca971ab1c074dc9d
SHA17df3d1615bec8f5da86a548f45f139739bde286b
SHA256cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA5122ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b
-
Filesize
160KB
MD5f310cf1ff562ae14449e0167a3e1fe46
SHA185c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA5121196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad
-
Filesize
124KB
MD5bebf08ce1146a76ccd360d5842e008f7
SHA1102bdab0df6927f7e55a319912ad87af77cc0e0c
SHA25655756ac0232eb29b8e0ab6974be9d983a1cd44bee0d3f9f815b6f40b897162ce
SHA512d2bf6ef723d6755e9c725e1bff849ddb1131f2cc856cb77e85c8c3bf8c0758cf80f9610347aeacd674121777c22e636d5fc4400941c272954037ef62ff4bf75f
-
Filesize
5.0MB
MD5cbece3c2194c72ccb5970bc76f5b257e
SHA1b33cddd26253cf1fbbf7e63f9529fc0f8ad270cb
SHA2565217ba740476f6b332769e9e84b8f2ecdec8c1f4ad7145c9a9b802011644353a
SHA5124f3de0fe5a2ab6d1e7685a79b6cfbdc69740bd7853a52afb5bb189ad21b8b899cea19522ac1e7e02dbd4e58fc3794e7ae3cb9faa429988573ec5b5748b77af3f
-
Filesize
126KB
MD52597a829e06eb9616af49fcd8052b8bd
SHA1871801aba3a75f95b10701f31303de705cb0bc5a
SHA2567359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
SHA5128e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35
-
Filesize
16.4MB
MD503076700961c862bab2e80b2a4cce172
SHA102681dd25f5bdea817c9521d5a7ca9f8b8f85e48
SHA2562ffefb372c2d283200cdc3d28321c41a74505f62fe9037c6506879768b10d437
SHA51218aadbf6f072e8cb6d945386bc78e96cbe3a6fa9feba86be63ca912cab7676d8756c4f3955e8613a1f77bc57073667ef23fd5a4c7f430d9fa85c36db20bb7876
-
Filesize
2.1MB
MD5d21ae3f86fc69c1580175b7177484fa7
SHA12ed2c1f5c92ff6daa5ea785a44a6085a105ae822
SHA256a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
SHA512eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f
-
Filesize
195KB
MD534939c7b38bffedbf9b9ed444d689bc9
SHA181d844048f7b11cafd7561b7242af56e92825697
SHA256b127f3e04429d9f841a03bfd9344a0450594004c770d397fb32a76f6b0eabed0
SHA512bc1b347986a5d2107ad03b65e4b9438530033975fb8cc0a63d8ef7d88c1a96f70191c727c902eb7c3e64aa5de9ce6bb04f829ceb627eda278f44ca3dd343a953
-
Filesize
93KB
MD57b4bd3b8ad6e913952f8ed1ceef40cd4
SHA1b15c0b90247a5066bd06d094fa41a73f0f931cb8
SHA256a49d3e455d7aeca2032c30fc099bfad1b1424a2f55ec7bb0f6acbbf636214754
SHA512d7168f9504dd6bbac7ee566c3591bfd7ad4e55bcac463cecb70540197dfe0cd969af96d113c6709d6c8ce6e91f2f5f6542a95c1a149caa78ba4bcb971e0c12a2
-
Filesize
4KB
MD57fafe793c9bf9b5b43aa5d128c89b866
SHA12c954082b4939602a52d1c8c9b239da70bc96c09
SHA25623f8c9ba84b4654ba6a0d7f7eba743a1b3efb0d660424044bc07a98495056613
SHA5128fe4bbcb64b517001227de504acb4c98d0bd630650356a55edbc7f51e7aa5844d041464267b2c489be02534bd677ed7db389410021efd3943a7380855a3e0974
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir1008_1546393979\dfd9386e-83c9-47d8-92f4-1e3f76fd9230.tmp
Filesize626KB
MD5e2044eaa2fa3e05c09aa2d6f49650b50
SHA16cde6eaef9358dfb2de74fe729ae8c519fd574f9
SHA256253914b6a6d3def7501d200a0e938305b47eba84a7c0b6a5a7f2cdada0488d14
SHA5125f6e9ed38736abdcdba9fd1627673f1efefc35f952392e9806402d28b45bdc2c93d7d8cc35efba2076c8d5a8736eddb4e24363af046d4b16ad4e4409ce020ea1
-
C:\Users\Admin\AppData\Local\Temp\{F1DA65D4-A99A-4B70-A71A-8CEF1EBD689F}-MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
Filesize1.6MB
MD5a9ad77a4111f44c157a1a37bb29fd2b9
SHA1f1348bcbc950532ac2b48b18acd91533f3ac0be2
SHA256200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889
SHA51268f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898
-
Filesize
1KB
MD52412af2bc0209d5edcb0277f1aa5ef0c
SHA10b33f3b900f900cf4406257050d21028d96917cf
SHA25644aca418c5a7b98269f76e74cc7950dcbdf8ce97d0e6eae874935b57e7352769
SHA5125e62e028b8b134405d126c17d37d6a7eccd1fea38f445c66b6c9f3c1d0dfd7509680ef156169da99479b3f47de47ccb63e48959c9b56c24a84a5c298cb13c267
-
Filesize
1KB
MD5fd9c9e81bec6a32441eba036085783f8
SHA17d435c85f7c9698fc4e8ad11bcfda676bdb7f854
SHA256cb13ac91d5090a3c2eb28370fa4a49d04a2f040b32ffe218d39835ced0bc4e80
SHA512a120338d51c9ac373b12a0b840eaf171e16345a30b468910ed83034d880d96441703030ebcdb261f06de523284f2031198f64bad1faf464667ac0a3ae17887e9
-
Filesize
1KB
MD5ef60b1e5680dc58f03614b6753fe36cf
SHA185c1c3f4152066f5e337f5cbd98f956d30fb3b63
SHA256b419e496e0aa5d06eece63b9aa51323745315a0021e52c3cb0e0b7f7a055990e
SHA512abffd69a53d2e79f9d31e5303ec43431a1f1104230a93ab561fcf59c5ae8792338eab798dd973926f15f56cfdb35d7ddaa9c37fd51dc75b7a0b156d788d285ad
-
Filesize
1KB
MD5e89a01a7674dd0d02d762b0fdf6740b9
SHA1de588cb1c9c6cf02ff7a0308c8b0f07eeaefd4f7
SHA256529a3303129f50d269bf7fa996481021be04491d193cb2fefeb84bb68425567c
SHA512e5ae7b89a5eb8db4a024362dd939f8597c9d0e70dcce2d78da68b6d01d8e5481e5046c34322bfbb97113e9361a27c456056d9723494a2753687d6e7d2317c085
-
Filesize
1KB
MD50a713c16e6a17f7947270c19fab74ec1
SHA173933e5e9c514e2d05cafddf0fb19614bd8a28b0
SHA256728caf8935f8813f5adf49acac667cd3c5fc2a530c7d7ef12f811d4685068ac5
SHA512530e59bc319661e4898f96461ff6846dda1059c6f29ef76c60f8848db1da0bbd0611594a58b55cd0cf4a90f72cb6ca44d3c022e8bad0a789316562b0841e4b4b
-
Filesize
1KB
MD55cd85da8b06b7c6a227a9a264ab77339
SHA12afca2c49892951ff79125c58cb0a695ebfa3706
SHA256bcde5269f804b99999887de75294130dd8c5ecff455c0c46718001f27cc5b5b3
SHA512f0098220752f4c083c7e345a76f1d895c7113903ec4f1fd5271f4507cd300e88ae54d8ca1fd5f4336b362c1f6a933a75749df038d3464ef5d3c5dad3726cba30
-
Filesize
1KB
MD59d5349d276fa1b45bedc0f80e1f18bbb
SHA1350de333d324669e7aae791a9a73a1ab13bc41f8
SHA256339ef8c16088ca438b0652a777df01ec1caf12543b23a61f80544ec94808c641
SHA5123d406938f1ced7c447f3d075c66a7a611f457eb6406183c6f2002f0df7964b5d792980906b94ee0d18d4a767f2e976f18ce8a5dc7aa65cbefd99762c226969d2
-
Filesize
1KB
MD52de6e471f06099da8deb8cfd6d201def
SHA1d46d09a3f2696be725609dbb1aee69a4e51495d4
SHA256076b2ba3bc2a75a063259b41fb64563ebeded4f67d32007a235f165276ed7c79
SHA5123faa22955faebe42bde7c84db7ff5e95b5f3ba3b591bdbe7d4b5788a4d23317a62b4ab12ad688ca3d49824dc7ab001faf40183b5bee69d9c9539320f02cb2578
-
Filesize
1KB
MD5bff25a0403a54a140068475a9f81f285
SHA16297282334956bd73f033bb1284e4ec5f032157c
SHA256bed12ad855efd57c7b1cbfc1acf9e578ce839f67a31756e1b0fd34da1c5d7cef
SHA512b7bdd181f75a52f7cce57b3863f27bcc68c596e371f475cb1bfd7acdddc8d6563e5e1876468edffcff2efe04a739f2c3e6dd62d301e0e8cc2cf3804a687b0892
-
Filesize
1KB
MD51d519d32b3ec40d433393a182847ed34
SHA19ad41fa7a02729d9e0b0b1566f8f9709d91ef999
SHA2568e8b97b2d2c16f3d7fce26b2346cbfe0f5979d4a98febd70f5e6eff845d8532f
SHA512958d015b23f4cbe9a7a92bdf87ab0a1efbd8f72455486ebe53eaddad806338232f78194c9279ad8c97c25e554fd678fabb6b0647c0baf17fbd745496c8f322a6
-
Filesize
1KB
MD55ed2be49ec9741c75b823d3ec602e94f
SHA1f9c913d6e31d867f72462a25ad1bca8d75c32892
SHA256ad516b5df04ebbc42e18547d0a5cea920e0bef68ec1d689543921d16a20cfc06
SHA5125a33397840372bf3470a6c524436e37a332be2bb9be77c9ac6d697a559fa6ae3712750a9d8fa8e6a5eff5d8d98aae433d4d8d10be7422e124ef5f0c96cc4cc80
-
Filesize
1KB
MD51ec9cffef55983450a85e31e48273f6d
SHA13acd697823484ec5baf5e77d313ff32fd4872b18
SHA2566301c080b44f3cdfce088a604791cf55dacef995c194783678871a9a49657307
SHA51221c1e4a504c383543d9130fce3068906b12d7f1723feffd1056dbd3f4ffdbaa08e8f7b542fbdd9dedaa11fd47c652833ebef60f9df59654fd514510a6394223e
-
Filesize
1KB
MD508b8968fe873dc3ef343d020360a676e
SHA14ca3dfd1b178030887618b23657d2ac16e68e11d
SHA25614062c99a72e9bfdb1f264d52663023ee1dc4587484418aa63b69497477a2176
SHA512efbb1b0a4e3e4a2ddc5927f86142c2389d0cdfe7a880c18fbc6014d613fbf8fd570381546802c8c6414bc614381c48bcce11f409418d572346592a3de6eb33a3
-
Filesize
1KB
MD5fabbba72015892a3756ee7ef70f2ec87
SHA1e9077bdca9812c60a4ff0dbb88b201ec3eb0f033
SHA256728795319d4adc917e3e20a73076e00ab9414783e917a8de1c6c131224098ae2
SHA51246097b70c2021de890cef0922e0ab28c6bf32ab949e00983ccd07ea97e8865236bf3685bf53ac53e3028a56f5dc9a170cd03f66966b67d962b806446c1858a6b
-
Filesize
1KB
MD5b9b93ff0f39d74b076eb7722594a0fbe
SHA1031f37828b91a8bb4cb01b2c1752f876585430b1
SHA25612b13dc7b4fee1fa8b1ce91d81bc9793d4d839fb8b62a4fa48868b5637d7a9cb
SHA51218deafb76c108912235b837b8e3f2c914ae022ad78cf821c790b0a99bc499550b490b883a0c441a3436249a834cd2d84477302d5fdc5a7bca2124eda899e007a
-
Filesize
1KB
MD5b68c2835421afbe69c48e9f25a462e0e
SHA12227ed0c5f260e3f75ec05752abaf3e609d0ef3d
SHA2569a516b05e082675820ba7155184cd5baa2fd8eba88aa3773b516991aab377b1c
SHA5128f211c79a2dda6692f3a2dc58e8ad90c07fe9e6578a2c91dfc4124ac565ae28f8fd36811b984c3859591cb2ec50e9b7a12dead7987ccc3b008286b3fe916f338
-
Filesize
1KB
MD538008cbf267c2e36968c0d5a6f4dbbb0
SHA15d6e97263b676fa2fa25e5d05ba524ae0c0bedb5
SHA256b93f8675f395cd5d6867b29875b85851bb9d92ed9f5d50ec20b5266ebf721d63
SHA512865327afc339fdff916ecea404388318832844b2a01226195502adada4f516495ffac3b9c3a1682648dbe173ea33d86bbe2dc0c1ede1b92e105e69c1f9d4f722
-
Filesize
1KB
MD5ac141d1d3f1f8344a5d28ab93984a4f9
SHA13d9fbcdfd4f78d4663bf5e9861b9c13c952a4f5b
SHA256879fa86cd42f90d82db984ba86662d8ddf4a267340746bc0069044af9e7b62bb
SHA5120422327f22740a664b91ed6831639b86ccc960940be4a35a593edcfaa8bb3c00be5362cc0f5979ff422bbaa2593130bda0de58c2c87a01a302d8553a408ed3c1
-
Filesize
1KB
MD5e552ed036c0bd82f7049202496647886
SHA1bad1926a9f2b7941c9d70ab96a243a41dfa103c8
SHA2560fd76bfd8de0c601240e426b535080752a2edd1d52ca93a73e59c35ee7b802a2
SHA512bbbbddd900f420cf84a16630cd778db645ab09debfb662cb79dd28efea468a803b4dbd9055d56b7d52997f76a3ec6949d6801ea26374efe9bc8f5f5b455cb257
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser (2).lnk
Filesize2KB
MD54396138135f1843c3d72e2c61c06d0c1
SHA1d86b05de5c431c7317990512f1fdc83d105a0cd2
SHA25682a427d0ab992dfc75fe7caa764d890a8eda1cab21daaa798f95c43a8777d5db
SHA5123499df8e2bfdb0b746664fcbeded06204ecba2794295fc350d93814b5915d64f9a0174dd29647e4eca588b680e258e7b79b777c73ec439b7e14f3f501c9f9fb6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk
Filesize2KB
MD5b0a80296520bb4864be0e3181119f661
SHA1ba8dae326c9562d52d037aefd9f677193bab1ce7
SHA2567175cc974653ccea458fa9d7391f5fb56e8b56b26ec227ec785cf1ebdfd85d60
SHA51299a31bc811c754d1a612c76441e2e52646d36d3674b98e085790993c8cb85ca942aae4482cc419975ae5812c00fc50095d8d8908ca1f6d81ea901fd0db4d7b93
-
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_646900029D94436BBF9636A38A6F28F3.dat
Filesize940B
MD521628838a17833cca220d77ca8cc32fb
SHA1719737eee6a7d5c3d2d0051a0cfb86384a8c7ab6
SHA256b638af8df874f4a242ca2ad31a7224b506efebbdd7c5f978f813ddfad931e0da
SHA512af8b198499365622d31714f530601956804a1f393f905390e5cc9c548e762306ab62df053ea9a2f14df9626073c4354d00b37f76c8ad31456a1470b68d2e261f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\faef7def55a1d4b.automaticDestinations-ms
Filesize3KB
MD58fd8d22999f6af4ebcec140573bc648c
SHA15bb44b14cb694525518c3589a9a5f45be1a56960
SHA2564637d928941ef96bae698c258587ab31dfc14ace94430643b87359b2184504bd
SHA5124ac07779a5b59fd90f92bd3eca0d60be1f5f91a3784dd92742fc4e346c2a70a31f36e35f1d750b4f40eb7e776825ff3d8f145daa48cccdae5d38d6e6aa3b6ea4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD53ae695482a78829cca6e27ce28e3e31c
SHA1f5743b602292d9da2e70bc9c949d44e43ea1aef3
SHA25630b7656953e14a0e24e1948ac51636620d779f40643754b4ddc389ef56e8ce26
SHA512f24e24e9ae11e0721d8c900d1dd136380d30b11330176d8fbcf3c1c3778ad2072f29ff1fdee78ed8ad19b013a0c605bf2c18cecad48a4d8394d44ffed07ba82e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD577365fe1265340e21d33715e7ac885ae
SHA144455b5f5c86b7f512dff74bec1272fa57bc4309
SHA256cd49eef6658bde11baf1089f88646fbd986ec39c01d58a2a5c06764334f717e7
SHA512c5ddac8fe766042b628a3c815ba31dc4ae0d1d4a5fe41b1c08c426c5ab9b4469b193a2ca72b0b594732268152ea7ee5df3ea3988bb2335a65a93b97acc8fc991
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5462d9b675025b1b237af87e2947504cf
SHA157f75dce3842f8c447d2112905ca61167e9f5b5b
SHA2567a9d115665f7c538ed93a00b1f73ba285ef41944553ff2bbd08378ee23979824
SHA512b2b186fa5c459ada0a1efa6033161462c8eb4c8aeaabaf512c32bb13a3278357b9fabc8722dd3b2f0e640816b400d2e487b08e31c145bfb47449225e57750fcd
-
Filesize
73B
MD54028313352213420dd9f91ef682c8b74
SHA1a9e9fd67b3d4a662438cbf084f808f8c81ee354a
SHA2564bf137bc9a6b41cb4f5883ba36ca7fdbdc54d19c7ebd0216b64ac3f3ba5d187a
SHA51243b4da110d41e63356c07722bedfe5879c7eff368e0c40d1dcc008d7b4ca8f10d5b08ae268d7d0e90b72dc01a4b0c934fff65c53ffbd9c9b3fa0a566d4da096c
-
Filesize
19B
MD594cda07c2667dd02566daa13ccd2f9aa
SHA16e77199cb2499d40e93f728a863ec2d720dc67f1
SHA2567ca82dc3cfc415208fd62a6a5ac5206932796d5242adbb511d12502754fcfb3c
SHA51261dd85e53b0c25eb90a1640a5261e41cff4ba6c5c05818d0b2edac337866f14d8ebeee29ed156341a317b119ff5ccbddb0aaf116288cc7e089014f7511f9ed4b
-
Filesize
5.8MB
MD50dc93e1f58cbb736598ce7fa7ecefa33
SHA16e539aab5faf7d4ce044c2905a9c27d4393bae30
SHA2564ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36
SHA51273617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff
-
Filesize
6.4MB
MD5fba93d8d029e85e0cde3759b7903cee2
SHA1525b1aa549188f4565c75ab69e51f927204ca384
SHA25666f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA5127c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
Filesize
1KB
MD5e6087b19ae3944b2af18d946ce0cc4d2
SHA1c65c25abd14d6989064d64a3a498c87599faa2c7
SHA2564c9819d467d14cd68b27944598676e36b9663f9684490d8dc403974d80a8a687
SHA512532441df84e336a3df345741ffc5f684c7a697499a4a2df17f32e18912721b10089e74abccfb5c1465f965ff585bdd1015dfa9dda696f5e6dea25ab327297de7
-
Filesize
5.0MB
MD51fd2907e2c74c9a908e2af5f948006b5
SHA1a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA5128eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171