Malware Analysis Report

2025-03-15 04:11

Sample ID 240825-n7gyaatbjb
Target https://desktop-goose.en.softonic.com/?ex=RAMP-2081.3
Tags
bootkit discovery motw persistence phishing privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://desktop-goose.en.softonic.com/?ex=RAMP-2081.3 was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery motw persistence phishing privilege_escalation spyware stealer

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Image File Execution Options Injection

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Writes to the Master Boot Record (MBR)

Checks for any installed AV software in registry

Drops file in Program Files directory

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies registry class

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 12:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 12:02

Reported

2024-08-25 12:03

Platform

win10v2004-20240802-en

Max time kernel

79s

Max time network

83s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://desktop-goose.en.softonic.com/?ex=RAMP-2081.3

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\127.0.25932.99\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A

Checks installed software on the system

discovery

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\es.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\pl.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ko.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\secure.7z C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\vk_swiftshader.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_ms.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\chrome_wer.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\pt-BR.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\MEIPreload\manifest.json C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_kn.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\VisualElements\logo.png C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\initial_preferences C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\acuapi.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\SECURE.PACKED.7Z C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\AVGBrowserInstaller.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\am.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\lv.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\mr.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_fa.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\notification_helper.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\libegl.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\nl.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_tr.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\en-US.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\ro.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\sv.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\bn.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\ms.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_de.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM83A2.tmp\goopdateres_sw.dll C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fi.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_te.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\127.0.25932.99\AVGBrowserInstaller.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\el.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\he.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\ja.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File opened for modification C:\Program Files\AVG\Browser\Application\initial_preferences C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_am.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sw.dll C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\af.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source6244_1448414379\Safer-bin\127.0.25932.99\Locales\ml.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "0000cbc4aa53932df6468356dc6cec24" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240825" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CA348B59-06AD-4482-AD87-966302908F0F}\AppID = "{CA348B59-06AD-4482-AD87-966302908F0F}" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ = "IApp" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\LocalServer32\ = "\"C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\AVGBrowserUpdateBroker.exe\"" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods\ = "8" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2} C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods\ = "6" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ = "IProcessLauncher2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\ServiceParameters = "/comsvc" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\VersionIndependentProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc\CurVer C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib\Version = "1.0" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ = "ICurrentState" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoCreateAsync\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\ = "goopdate CredentialDialog" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ProgID\ = "AVG.Update3WebControl.3" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods\ = "17" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ = "AVG Browser Plugin" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ = "IMiscUtils" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\npAvgBrowserUpdate3.dll" C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-1004" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine\CLSID\ = "{BEBC1D02-EC16-479A-83F6-AA4247CA7F70}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E22D0ED-B403-44D2-BABF-4DDD0DFCA692}\VersionIndependentProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib\ = "{358EC846-617A-4763-8656-50BF6E0E8AA2}" C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AvgHTML\shell\open C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 424411.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj6204.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2096 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2096 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://desktop-goose.en.softonic.com/?ex=RAMP-2081.3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,5972457192906266121,4249159464909518886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9636 /prefetch:8

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe

"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"

C:\Users\Admin\AppData\Local\Temp\aj6204.exe

"C:\Users\Admin\AppData\Local\Temp\aj6204.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezZCQzE2MDg4LUI0MjctNEZGRi04REZDLThBN0YyQzk0NDNDNn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9InswMDVGNjI4Qi1FMkIxLTQwREMtQUJFMS0xQ0IxQjZBMzc0NkN9IiB1c2VyaWRfZGF0ZT0iMjAyNDA4MjUiIG1hY2hpbmVpZD0iezAwMDBDQkM0LUFBNTMtOTMyRC1GNjQ2LTgzNTZEQzZDRUMyNH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDgyNSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntEMEUyQkIwRS02OTJFLTQyMDYtOEEwQi1DNTJERDQ4NTQ5MzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIyOCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{6BC16088-B427-4FFF-8DFC-8A7F2C9443C6}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\AVGBrowserInstaller.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{8937A966-B4D5-44C9-B7A2-5D919FFD4E02}\CR_37A2E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.25932.99 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff61a73bfc0,0x7ff61a73bfcc,0x7ff61a73bfd8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 desktop-goose.en.softonic.com udp
US 151.101.129.91:443 desktop-goose.en.softonic.com tcp
US 151.101.129.91:443 desktop-goose.en.softonic.com udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 151.101.129.91:443 images.sftcdn.net tcp
US 151.101.129.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
GB 18.165.160.104:443 sdk.privacy-center.org tcp
US 151.101.129.91:443 images.sftcdn.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 150.171.28.10:443 bat.bing.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 19.21.162.3.in-addr.arpa udp
US 8.8.8.8:53 104.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 151.101.65.91:443 images.sftcdn.net udp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 3.165.149.173:443 www.datadoghq-browser-agent.com tcp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 81.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 ad-delivery.net udp
FR 142.250.178.155:443 storage.googleapis.com tcp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btmessage.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
FR 142.250.201.163:443 www.google.co.uk tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 173.149.165.3.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 27.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
US 151.101.129.91:443 di-images.sftcdn.net udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 13.224.81.72:443 api.privacy-center.org tcp
FR 216.58.214.174:443 syndicatedsearch.goog udp
US 8.8.8.8:53 571239bf3689e70d27b0e70f4b19ebb5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 142.250.179.65:443 571239bf3689e70d27b0e70f4b19ebb5.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ad.360yield.com udp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
IE 54.170.67.204:443 ap.lijit.com tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
IE 52.51.104.112:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
IE 99.81.230.240:443 ad.360yield.com tcp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
FR 142.250.179.98:443 ep1.adtrafficquality.google tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
FR 142.250.201.162:443 partner.googleadservices.com tcp
GB 13.224.81.56:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 88.221.134.137:80 apps.identrust.com tcp
FR 142.250.201.163:443 www.google.co.uk udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 74.125.71.154:443 stats.g.doubleclick.net tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ampcid.google.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 216.58.213.78:443 ampcid.google.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
GB 74.125.71.154:443 stats.g.doubleclick.net udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.95.126.138:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 72.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 219.16.162.3.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 204.67.170.54.in-addr.arpa udp
US 8.8.8.8:53 112.104.51.52.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 240.230.81.99.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 56.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
N/A 224.0.0.251:5353 udp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.126.95.52.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.198:443 gem.gbc.criteo.com tcp
FR 185.235.86.35:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 sync.richaudience.com udp
GB 92.123.142.144:443 acdn.adnxs.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 162.55.233.29:443 sync.richaudience.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 198.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 35.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 35.168.53.250:443 cs-server-s2s.yellowblue.io tcp
GB 92.123.143.216:443 player.aniview.com tcp
US 8.8.8.8:53 144.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 x.bidswitch.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 54.243.98.238:443 api-2-0.spot.im tcp
US 3.33.220.150:443 match.adsrvr.org tcp
IE 52.208.228.214:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 54.161.148.55:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.68:443 bttrack.com tcp
IE 54.171.130.238:443 jadserve.postrelease.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 104.22.51.98:443 spl.zeotap.com tcp
NL 35.214.190.117:443 csync.loopme.me tcp
FR 5.135.209.101:443 ssbsync-global.smartadserver.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
FR 142.250.179.98:443 cm.g.doubleclick.net tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
FR 142.250.179.98:443 cm.g.doubleclick.net udp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 216.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 250.53.168.35.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 171.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 214.228.208.52.in-addr.arpa udp
US 8.8.8.8:53 238.98.243.54.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 55.148.161.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 111.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 238.130.171.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 117.190.214.35.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
GB 104.103.201.8:443 secure-assets.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 88.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 8.201.103.104.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 diagnostics.id5-sync.com udp
US 8.8.8.8:53 cdn-download.avgbrowser.com udp
DE 141.95.98.64:443 diagnostics.id5-sync.com tcp
GB 92.123.142.147:443 cdn-download.avgbrowser.com tcp
GB 92.123.142.147:443 cdn-download.avgbrowser.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 29.233.55.162.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.87.8:443 stats.securebrowser.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 8.87.20.104.in-addr.arpa udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 browser-update.avg.com udp
GB 92.123.142.200:80 browser-update.avg.com tcp
US 8.8.8.8:53 145.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.142.123.92.in-addr.arpa udp
DE 141.95.98.64:443 diagnostics.id5-sync.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
IE 54.217.173.132:443 ad.360yield.com tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 132.173.217.54.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_2096_LPXVQEUMBDGNXXLI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bbd2cafb7798aaef3568a0460f4dfec
SHA1 64862fecccda9a38276cc91bf4b36703778bfc21
SHA256 9fa053363af050a4f2e5e1e2d93f0be4c3c3b580f16381c1ac8ad47dafe8a5d2
SHA512 2474f67ec90c4dcffd5aa6ba0ac4df54b48ddb6fb78868065724636d6d495f4c9e76fcedeaace1e5bc3062c7f2d223ff522d83df3b3af5f538b4a60b8d610043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 e42e859d94a285ee4a9cd6098847a58c
SHA1 683758e62aa4b6637a0aa79dcccd8e760344aa48
SHA256 4fa24c99ee4c4d82dddd1eb9834b7551cd1e9f6587dd6224c7656c4b5b3086db
SHA512 ff51aec0076e4652834bb79c256ed8dbcc9b1f30e72fa81c8c3f986ed1dca1a6ec8a7a75480336fde6ce03432847832c4ca1c64c69b516d099ee3fce58cf072c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 9a3e0d848ffb783930033aa1ed605f33
SHA1 041ad477a2f5ec69f6ab511008bd8ac1902891b9
SHA256 d937fd92edcb3423bde8501b26a5aedaa37a255b74f46054977416bae511b604
SHA512 371868a0d00630760a4eb18e6ac8464fe4db212d9b0caa24cb7600856ef3bc58f3005e535f2de4146f84f2d1d0d480d47db376d1d859efc4aa3d3d87157ba070

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 30e9bf46c229c46b95cdce50bbddc812
SHA1 b35570e99cfd8cb092ccaa6afe281c3994461a18
SHA256 7a78f49512c610ea80194b476f2715dded00f21ad2335c2a1fad47d22ab37699
SHA512 267b612328e9be3e4dd0bd64d3d51d32fb0afd651662177a9b7eed78cc330b23af2a7fc9de34eba7015de16f10db507d3b826f8a0833c245457ff31f4d266d46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a5282d83f976dda2f8dfa80b325e696
SHA1 11c799af0e15a8ee33f3916c98865ec784f24f4a
SHA256 50758fb0343d389b56b373c469bc9400c3f4c910c018aff93212b70ede6fbbb9
SHA512 09d34f57adc271a156b30bc8bb8ff9db07c59c8fc25d4861b73b19e1d52b7c2384813c9951698adc42431e63654d15d1f41dd49c463848988a71988399b35426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\Downloads\Unconfirmed 424411.crdownload

MD5 0dc93e1f58cbb736598ce7fa7ecefa33
SHA1 6e539aab5faf7d4ce044c2905a9c27d4393bae30
SHA256 4ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36
SHA512 73617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f47000378eae01f507bbed82534924d
SHA1 feff164a2b0500e23739d3f46f1435af118b4c89
SHA256 8d43371d0e2701948b786d7182f62b8941fbcc6989870e4a00b05b826b9ff3c9
SHA512 71f8b63e9f2a1780076480d238ce7380338ffdbb8bc01bffda12c1bfa4dd519dccf19dcc5a5e4d3e93b9414304ab52a9878c15e18ca9e48ad7668496cb2d55d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58310e.TMP

MD5 3bad92ec60afbfe0c6af396d7139cdd0
SHA1 c04350ac521f9f17eb26381968502b6e9e49403f
SHA256 7ffa772abf70dbecb2984d5122d63c38b38cde8fda621b1f99db817c01705597
SHA512 ca167ec2e132e0f281b89cde7cede230eb9f12f55352439b9df0357782b556d95a62ba2975541f928d005c668429e3feaca16ea4df1dc60fe10657b2d5e2ea23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b88a53cd6c4d590043f80cc21fbd280
SHA1 dbcaf3f34bebbb80da12886ef9fd93c551a5b563
SHA256 d9e7724c1a343e297169e44d740e3e42334a3ab02cc1c5c14a302971981fa5b7
SHA512 9cb68e32b0a6d383db6284c9846383be1079c3bca2d07c7ceb6964277f17b4d57a899b506dcad98fd494fe5c36771360298ac5e2700564aff18c01acae5644cd

C:\Users\Admin\AppData\Local\Temp\nsx582F.tmp\jsis.dll

MD5 2027121c3cdeb1a1f8a5f539d1fe2e28
SHA1 bcf79f49f8fc4c6049f33748ded21ec3471002c2
SHA256 1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
SHA512 5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c

C:\Users\Admin\AppData\Local\Temp\nsx582F.tmp\nsJSON.dll

MD5 f840a9ddd319ee8c3da5190257abde5b
SHA1 3e868939239a5c6ef9acae10e1af721e4f99f24b
SHA256 ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
SHA512 8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a

C:\Users\Admin\AppData\Local\Temp\nsx582F.tmp\JsisPlugins.dll

MD5 d21ae3f86fc69c1580175b7177484fa7
SHA1 2ed2c1f5c92ff6daa5ea785a44a6085a105ae822
SHA256 a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
SHA512 eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f

C:\Users\Admin\AppData\Local\Temp\nsx582F.tmp\StdUtils.dll

MD5 34939c7b38bffedbf9b9ed444d689bc9
SHA1 81d844048f7b11cafd7561b7242af56e92825697
SHA256 b127f3e04429d9f841a03bfd9344a0450594004c770d397fb32a76f6b0eabed0
SHA512 bc1b347986a5d2107ad03b65e4b9438530033975fb8cc0a63d8ef7d88c1a96f70191c727c902eb7c3e64aa5de9ce6bb04f829ceb627eda278f44ca3dd343a953

C:\Users\Admin\AppData\Local\Temp\{6A5E7CE3-3D89-482F-80B8-F6DED9E81484}\scrt.dll

MD5 f36f05628b515262db197b15c7065b40
SHA1 74a8005379f26dd0de952acab4e3fc5459cde243
SHA256 67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31
SHA512 280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f9c794e70e185ea36c76dea91a08fd15
SHA1 6efdff9ab725adf8bb8d96f18dbcaa78ebaf84f5
SHA256 a83fd3dbd623027a0f9bad26777e98dc83b996ba330ec0ed4a766a9f6bdd4246
SHA512 bf3ff78901bc35f9fb5a5b2bf533104eb0a6f4ba7953c2644ebdc2437402df3c8743a5e2e593fb15e06e7291967869ce2ecd210a1c7bf60c62e1d51cafb0d9c1

C:\Users\Admin\AppData\Local\Temp\nsx582F.tmp\thirdparty.dll

MD5 7b4bd3b8ad6e913952f8ed1ceef40cd4
SHA1 b15c0b90247a5066bd06d094fa41a73f0f931cb8
SHA256 a49d3e455d7aeca2032c30fc099bfad1b1424a2f55ec7bb0f6acbbf636214754
SHA512 d7168f9504dd6bbac7ee566c3591bfd7ad4e55bcac463cecb70540197dfe0cd969af96d113c6709d6c8ce6e91f2f5f6542a95c1a149caa78ba4bcb971e0c12a2

C:\Users\Admin\AppData\Local\Temp\aj6204.exe

MD5 c79bb78a0bad2559a7037913dd1f1f34
SHA1 a5b36348ad93fdf971201f31136d8c9b056984a7
SHA256 f63b47288af395ac9c02c980592691e2d446fe8b4d3813007433ae262af693c3
SHA512 1bd81cbe784427e54903159225e0fd94c0fab1d9498c11db177d86268f34129e6835759a9a3e3822c717349043930e13168390fcc2f9a74f9699f14497cfc888

C:\Users\Admin\AppData\Local\Temp\avg-securebrowser-web-tags

MD5 d31cc067f585fcedecfd1c0717937ea1
SHA1 de6cfbc40f02e8edbee2b3f9d094eb62470541bb
SHA256 7af6c530c6538048cb17143bd35d34635db7991f9c1682b92302510aa38da5dd
SHA512 080209af13c2402d994cb20aead7508ea4276811307c4a4d2cb6dd3d7c488e92896c72b928822bd0c298e54a5bdbee796fcb71e2a57715d971eeec1153f3943b

C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\Midex.dll

MD5 2597a829e06eb9616af49fcd8052b8bd
SHA1 871801aba3a75f95b10701f31303de705cb0bc5a
SHA256 7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
SHA512 8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2f93a586315151b5a8706c3d40960364
SHA1 bbe97d00c47805d69c95d07387bd956eef63dd5c
SHA256 41096533fa5bc489a04a105353c8782c18e04c8aff4813a11f887820e3f90600
SHA512 fee89b44537667a8f3deaad2123bbc353376eb7b62b2680ed71b2d5bdd5252a70711a5e596e79a5b11999eb58340067e52d3932d0ff3cff14c62f738ab404ac6

C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\CR.History.tmp

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\FF.places.tmp

MD5 ae71e46d9a9c60a6fb840b70cad13b91
SHA1 2a213ae784f5242cc21d9b934706be25ce760f62
SHA256 357e7a24b49900c79fc7cb36548dd6f0607a80dd7e852bf28ebd9a9e46335906
SHA512 625dca8ad62b6cc1572d3be14df6926d18129b66198be13e215dac77f2250ca5f0400cb74961cfd45a68ddda8766364ce7454d74b8315298d6f69ef0bf83bde5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 2638018908615728c8261bf8280503d1
SHA1 120e75075a0c086c485a741813950b35e6131313
SHA256 4517f35addad922d87893c246ff9718ef81b2ebc7db5d7cfb8b509ff0b12408a
SHA512 b78d55eb853b52b28e584c1e5ac6df69b1e37e07d64b4861c7bb04483f930b50cdbff191c15f9cee07d973067bb0df8b41c4d631d1d0c6036159e53f977ed1ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5ff3729d3da85305072c18b8d72e56f0
SHA1 321c3825e2d65b9ff8a5ac01855e91569b2bc020
SHA256 5bfc43000fbadf3280e0b5438026593cdb75852de3106a6c656480f2036ba8e3
SHA512 2892c01f8dbd0442f129142a6e05be9aebd0a45e72f9a750fc4612634dc9d638fd6fe55647554c5c91b259efdb2a33b73d8661e902bb464c43187cd6b0e4d07e

C:\Users\Admin\AppData\Local\Temp\nsx6493.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4B7EBDACFF7CEC3D08B5D86C9ECA8639

MD5 bb7596dcd24246319e55d4e557e1fbc5
SHA1 4923bec6e1d448360f67edd44617089eeab8797c
SHA256 eaafcb608c50dfac5859735d5dd1994812b535dd80d2979b39bdc5cd1bd8c4a5
SHA512 48aa4b07f83f4b2e4f9705d95169e6cf9bbba7ed1146fed9607ba6c06396b2028fe0a2313039b5a6dbe713b5862ddacbddd08fb1784545d3544f33552dbc52c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4B7EBDACFF7CEC3D08B5D86C9ECA8639

MD5 c88b1a4d900379374162a733e28b5593
SHA1 d33178af03a4ef7cbc4a0a5daf8211cf8daa6e3f
SHA256 455ab607bba1678d2351300fbf783e2eac1e3eaf95b3560cea752506c438ac72
SHA512 fac21870c8e618c6e81da6d494a9e20e0cb210e39a65a20ea6325e38f0a74655460f707fac0edb1a83a0e93be42b1307b804068a8804b5818cde527de86f9453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 797a8eb37512e7ede4c75ce7c4377ec5
SHA1 b53b230c59bdfe9f0c87792d6549c74201d43edc
SHA256 d16c9ea5dd145be23ff803ca228a9225960d6169435227a2b502e7dbb0a68018
SHA512 3fe05ee9169449d006ce4d3e0c6d726dff90d982cde51d7714659c857a6f82d19103b87e0b814aaaf5067b47077e2a0c58bf9948bd7dc7b80bf37f5830222e2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 1377de92404d50ed92e4fe600eeb6228
SHA1 3eff6b2f06fc0d9c955b6f5c1194ae0a0302ac42
SHA256 5b9c386dd2b7916cbdd35c2577aeaff79fa9df605d1aa8cd653e1b0b1a6727da
SHA512 3543cafeeb0f009f2a3339e7c144a365d8dbbe2abbc00598ddfc661b22f60aeb6fc2c213027e0bf324d44436b36e7df42495f34663395c214c15aa45391e266e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 05e09672f1501e375a96b88dda7b6b48
SHA1 f1dfb5fb92579d5c284a40753c559cfc42ee0e86
SHA256 c182560cb22ce28d66ca0eb1aec81b5faba7e63d18a7e628adf6188454e17d92
SHA512 a618db8bebc9f647884f7a367b588cb147e79bec6c0c107c5b6901bc6c0644956e69420f8a75e57c1d80ca45175508faf7efe365fa416f78aa8c2793f3726f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 35917219664eb6239428cb8a73bb230d
SHA1 68a1070c52cb242c9d51c2ab622f1eed6845225c
SHA256 479e13272f0e0ec55f4dafd55d73eb5f26949eecbf378cf0bf27be14df666904
SHA512 b4329c4d3016d4bf1f47952c7a613c4c8c007d3271ef0347a64da8184d3231f1c346dd048435453333cb3edc30643e1597afaf58c1cdaaaedb0c2ad2aa61360e

C:\Program Files (x86)\GUM83A2.tmp\@PaxHeader

MD5 a4b91523346a20be3854fadb9f17e3ab
SHA1 183eb8b7a7fbc79b6a767f125380591849d07839
SHA256 750499047c3c8c62b24e8dc6e1d45812e08f5beaa8405ed2bd8785fc328fddb3
SHA512 8f99dc0cd69e83787740ff7b365cc69e8a1d0990f987ba8a3433d493f5bdc5be516aab962d47fcabee358aff03acb7f1d35c2e58b2015bc12ad2335cf5916d8a

C:\Program Files (x86)\GUM83A2.tmp\@PaxHeader

MD5 e68634e87a4e9ccd30184881894f5a8c
SHA1 750d0a6c9185bb3a2d8837d54d8bf4fbaa4356c9
SHA256 57c4e71fad2d5c15a09ea440177235fcd3fb9ef017b69748b1df701b0ed18ebc
SHA512 4d983145e6830d782d08cd131918277789c2ca884b69aff35dbfa4418ec1b620962541142bd0fc40cd8a23eb73ae11f483bbef3555acf771e471e6b68f36f51e

C:\Program Files (x86)\GUM83A2.tmp\@PaxHeader

MD5 5232faa6caa4ea3cae2df3285676760f
SHA1 6c9ff2bb06086757180fc64be9467807ad2b6ed9
SHA256 4afed737e1cb304bdc2ff0741baf3ba44d3007d6628caa2eedfacde64887591e
SHA512 b71e5dd8239b79b26cacfdd779873c4d0e7981179efdcee0b26807b2b74ea11c0186b5bbc17647901d06a928d987fa402522607107f8b49f670237dd78bd99d6

C:\Program Files (x86)\GUM83A2.tmp\@PaxHeader

MD5 2354fd14dbe8037a57837cc5468d30d5
SHA1 4c7244f427d9a96ad7ad532420d3c35fd8347f0d
SHA256 1bde4ea8eb002aaccbc0d233fe071edb968782c955adc1101397bfc420c7efce
SHA512 2fdfde1e09cd6df0c38364e9d9a32850f21b004c8d6536b44d6c4f78c5f8014a5e2df41f9c58760bce625cb3fb095981df05f46ba812fe1c1a41833fd630139e

C:\Program Files (x86)\GUM83A2.tmp\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\GUM83A2.tmp\goopdate.dll

MD5 04a6438c50564146e880c5eb9d57905e
SHA1 edf5d454de99159d832cc9bd0d8dbe132d749804
SHA256 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA512 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll

MD5 c6a2bff8e96b5622bf6841a671f4e564
SHA1 fb638e9c72604cc1b160385fa803b0ea028e5d5e
SHA256 7a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992
SHA512 22a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bdc89e06c8a01b9191570472939c940b
SHA1 b43339e7911903f4f7ac9a80480567a1a8717333
SHA256 85c534bffeb2d9998a6335242d940064cad15aab6ee9a4e0e4778f627441d981
SHA512 f3bbb2d5c0d736b08ad0002c65b0bb9358e3fe447fccc7214a47532c2126ea1d683209924d2da118ef434a9e153f069f2ccbc3c41246b3616aa726a9c246026f

C:\Program Files\AVG\Browser\Application\127.0.25932.99\Installer\setup.exe

MD5 fda0e8e43939e81d92612628c7451ccc
SHA1 14a26d6fe3013a7318d7b489e298bf916ba07a3c
SHA256 a44148c71bcded00f8040e44f48250df9864d9ab35e78884fe0d2c39573035a6
SHA512 e3562a64da3daa4bd6b6406a7490337f420beec3976b8f97569b114e50c9a3e3b3b590ea31c23787243fb0ec6764576dd1d6c56856cb80240b21b32da2538b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c403bd4fc6b52881af8ad3a69637cbf4
SHA1 dde74a2a7c1426ada772dc48d70e9f282573f13e
SHA256 1cbe2b978339cafbfd96da6db41d7fa98a5baf8c40b535e1d238fd23ebb8c78b
SHA512 dbdf721a4666fd4d3b13a93dff5731a4d887a36b6ab175adee0dfa4901224286889733895a46b6221b4ae9a01c33534cc490a7eeac6a556a2d09450226f25210