General Info

File name

Baixaki_Mozilla Firefox Quantum_2446375436.exe

Full analysis
https://app.any.run/tasks/460a17b4-f0a8-4b6c-a9b7-3c5e17fb0901
Verdict
Malicious activity
Analysis date
11/8/2018, 15:08:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

adware

installcore

pup

addrop

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

5cb2040791b5193344f6bad3bf009911

SHA1

473c256024f81961e87cab2bc13d0667433f97f5

SHA256

205c39e7df8fcca22975431cba650de13dec8513648ed0ecba86440028298065

SSDEEP

49152:iFvBzuY1D/MgVJ+JHtWjtlBOoE4UfqHCcWBYiFmL:+zTMgVCH4jtrNEr8Ct2OmL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • sbr.exe (PID: 3864)
  • instup.exe (PID: 2056)
  • instup.exe (PID: 3792)
  • avast_free_antivirus_setup_online.exe (PID: 3036)
Loads dropped or rewritten executable
  • instup.exe (PID: 2056)
  • instup.exe (PID: 3792)
Changes the autorun value in the registry
  • instup.exe (PID: 2056)
Changes settings of System certificates
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
INSTALLCORE was detected
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Connects to CnC server
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Low-level read access rights to disk partition
  • instup.exe (PID: 2056)
  • instup.exe (PID: 3792)
  • avast_free_antivirus_setup_online.exe (PID: 3036)
Creates files in the program directory
  • instup.exe (PID: 2056)
  • avast_free_antivirus_setup_online.exe (PID: 3036)
  • instup.exe (PID: 3792)
Executable content was dropped or overwritten
  • instup.exe (PID: 2056)
  • instup.exe (PID: 3792)
  • cmd.exe (PID: 556)
  • avast_free_antivirus_setup_online.exe (PID: 3036)
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Starts CMD.EXE for commands execution
  • cmd.exe (PID: 1488)
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
  • cmd.exe (PID: 3764)
Application launched itself
  • cmd.exe (PID: 1488)
  • cmd.exe (PID: 3764)
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 3876)
Reads internet explorer settings
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Reads the date of Windows installation
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Reads Environment values
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Creates files in the user directory
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Connects to server without host name
  • instup.exe (PID: 3792)
Adds / modifies Windows certificates
  • Baixaki_Mozilla Firefox Quantum_2446375436.exe (PID: 4024)
Reads CPU info
  • firefox.exe (PID: 4072)
  • firefox.exe (PID: 2884)
  • firefox.exe (PID: 2468)
Dropped object may contain Bitcoin addresses
  • instup.exe (PID: 2056)
Creates files in the user directory
  • firefox.exe (PID: 2468)
Application launched itself
  • firefox.exe (PID: 2468)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (81.5%)
.exe
|   Win32 Executable Delphi generic (10.5%)
.exe
|   Win32 Executable (generic) (3.3%)
.exe
|   Win16/32 Executable Delphi generic (1.5%)
.exe
|   Generic Win/DOS Executable (1.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:05:29 13:51:48+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
86016
InitializedDataSize:
108544
UninitializedDataSize:
null
EntryPoint:
0x16478
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
2.2.2.7
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
FileDescription:
Stub Program Setup
FileVersion:
2.2.2.7
LegalCopyright:
ProductName:
Stub Program
ProductVersion:
1.4
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
29-May-2012 11:51:48
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
null
FileDescription:
Stub Program Setup
FileVersion:
2.2.2.7
LegalCopyright:
null
ProductName:
Stub Program
ProductVersion:
1.4
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
29-May-2012 11:51:48
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000143F8 0x00014400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.49628
.itext 0x00016000 0x00000BE8 0x00000C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.0058
.data 0x00017000 0x00000D9C 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.66929
.bss 0x00018000 0x0000574C 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0001E000 0x00000F9E 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.96778
.tls 0x0001F000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00020000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.190489
.rsrc 0x00021000 0x0001861C 0x00018800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.19046
Resources
1

2

3

4

5

4091

4092

4093

4094

4095

4096

11111

CHARTABLE

DVCLAL

PACKAGEINFO

MAINICON

Imports
    oleaut32.dll

    advapi32.dll

    user32.dll

    kernel32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
59
Monitored processes
20
Malicious processes
5
Suspicious processes
1

Behavior graph

+
start drop and start drop and start drop and start baixaki_mozilla firefox quantum_2446375436.exe no specs #INSTALLCORE baixaki_mozilla firefox quantum_2446375436.exe cmd.exe no specs timeout.exe no specs cmd.exe cmd.exe no specs cmd.exe no specs avast_free_antivirus_setup_online.exe instup.exe firefox.exe explorer.exe no specs explorer.exe no specs cmd.exe no specs timeout.exe no specs firefox.exe firefox.exe cmd.exe no specs pingsender.exe instup.exe sbr.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3876
CMD
"C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe"
Path
C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Stub Program Setup
Version
2.2.2.7
Modules
Image
c:\users\admin\appdata\local\temp\baixaki_mozilla firefox quantum_2446375436.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll

PID
4024
CMD
"C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl
Path
C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe
Indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Stub Program Setup
Version
2.2.2.7
Modules
Image
c:\users\admin\appdata\local\temp\baixaki_mozilla firefox quantum_2446375436.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\in050c527c\0551a3ba_stp\avast_free_antivirus_setup_online.exe
c:\program files\mozilla firefox\firefox.exe

PID
3764
CMD
/d /c TIMEOUT 1 & cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT"+"C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" "C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~2.DAT"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
3368
CMD
TIMEOUT 1
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
556
CMD
cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT"+"C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" "C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe"
Path
C:\Windows\system32\cmd.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3048
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3580
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~2.DAT"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3036
CMD
"C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe" /silent /psh:9Nt5X7SAKFaxgikjwPYsU7KEKVWnwXkWvIAtU7mDLFK5gylSuIItV7mKOw3n1HgQvPNLI9LmOwHz0S5QvIsuVbGELVeyhP5GAAAAgbIdYg==
Path
C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe
Indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
17.1.3394.0
Modules
Image
c:\users\admin\appdata\local\temp\in050c527c\0551a3ba_stp\avast_free_antivirus_setup_online.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\instup.exe

PID
3792
CMD
"C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:e5bd035c-0cb0-4655-834c-b66f7253ce50 /guid:f7632834-0dfc-4ebd-a462-191f1bb4dffd /prod:ais /sfx:lite /sfxstorage:C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788 /silent /psh:9Nt5X7SAKFaxgikjwPYsU7KEKVWnwXkWvIAtU7mDLFK5gylSuIItV7mKOw3n1HgQvPNLI9LmOwHz0S5QvIsuVbGELVeyhP5GAAAAgbIdYg==
Path
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
17.1.3394.0
Modules
Image
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\instup.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dnsapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\uat.vpx.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\new_12070932\instup.exe

PID
2468
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.baixaki.com.br/portal/redir-partners.asp
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\mozilla firefox\pingsender.exe

PID
2936
CMD
"C:\Windows\explorer.exe" /select, "C:\Users\admin\Downloads\Baixaki_Mozilla Firefox Quantum.org\"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

PID
1112
CMD
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\imageres.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\winmm.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\mssprxy.dll

PID
1488
CMD
/d /c TIMEOUT 3 & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\BAIXAK~1.EXE"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
Baixaki_Mozilla Firefox Quantum_2446375436.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
584
CMD
TIMEOUT 3
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
4072
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2468.0.1324447865\232481435" -childID 1 -isForBrowser -prefsHandle 1392 -prefsLen 8310 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2468 "\\.\pipe\gecko-crash-server-pipe.2468" 1444 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2884
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2468.6.1851630234\255428973" -childID 2 -isForBrowser -prefsHandle 2152 -prefsLen 11443 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2468 "\\.\pipe\gecko-crash-server-pipe.2468" 2180 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
1932
CMD
cmd /d /c del "C:\Users\admin\AppData\Local\Temp\BAIXAK~1.EXE"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
580
CMD
"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/f73f68d3-ab86-420b-95a0-c1d584600a8b/main/Firefox/61.0.2/release/20180807170231?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\f73f68d3-ab86-420b-95a0-c1d584600a8b
Path
C:\Program Files\Mozilla Firefox\pingsender.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mozilla Foundation
Description
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\pingsender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

PID
2056
CMD
"C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:e5bd035c-0cb0-4655-834c-b66f7253ce50 /guid:f7632834-0dfc-4ebd-a462-191f1bb4dffd /online_installer /prod:ais /psh:9Nt5X7SAKFaxgikjwPYsU7KEKVWnwXkWvIAtU7mDLFK5gylSuIItV7mKOw3n1HgQvPNLI9LmOwHz0S5QvIsuVbGELVeyhP5GAAAAgbIdYg== /sfx /sfxstorage:C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788 /silent
Path
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
18.7.4041.0
Modules
Image
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\new_12070932\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\new_12070932\instup.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\uat_2056.dll
c:\windows\system32\credssp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\new_12070932\sbr.exe
c:\windows\system32\wintrust.dll

PID
3864
CMD
"C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\sbr.exe" 2056 "Avast Antivirus setup" "Avast Antivirus is being installed. Do not shut down your computer!"
Path
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\sbr.exe
Indicators
No indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Shutdown blocker
Version
18.7.4041.0
Modules
Image
c:\users\admin\appdata\local\temp\_av_iup.tm~a02788\new_12070932\sbr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
6442
Read events
2020
Write events
4422
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
EnableFileTracing
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
EnableConsoleTracing
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
FileTracingMask
4294901760
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
ConsoleTracingMask
4294901760
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
MaxFileSize
1048576
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32
FileDirectory
%windir%\tracing
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
EnableFileTracing
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
EnableConsoleTracing
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
FileTracingMask
4294901760
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
ConsoleTracingMask
4294901760
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
MaxFileSize
1048576
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASMANCS
FileDirectory
%windir%\tracing
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
Baixaki_Mozilla Firefox Quantum_2446375436.exe
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1338292308
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Baixaki
Baixaki_Mozilla Firefox Quantum.org/
1541686147588,https://download.mozilla.org/?product=firefox-stub&os=win&lang=pt-BR
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
53
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
6
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
13
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
20
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
26
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
33
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
40
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
46
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
53
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
60
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
66
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
73
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
80
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
86
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
93
3036
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
100
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
3792
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Updating the product
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: servers.def.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
EnableFileTracing
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
EnableConsoleTracing
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
FileTracingMask
4294901760
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
ConsoleTracingMask
4294901760
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
MaxFileSize
1048576
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASAPI32
FileDirectory
%windir%\tracing
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
EnableFileTracing
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
EnableConsoleTracing
0
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
FileTracingMask
4294901760
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
ConsoleTracingMask
4294901760
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
MaxFileSize
1048576
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\instup_RASMANCS
FileDirectory
%windir%\tracing
3792
instup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3792
instup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: prod-pgm.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: uat.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: uat.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: part-prg_ais-12070932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: part-prg_ais-12070932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: part-setup_ais-12070932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: part-setup_ais-12070932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: prod-vps.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-vps.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: part-iex-c.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: part-iex-c.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: part-jrog2-18ec.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: part-jrog2-18ec.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: part-vps_win32-18110804.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: part-vps_win32-18110804.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: avbugreport_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
14
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: avdump_x64_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x64_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x64_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
28
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: avdump_x86_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
42
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: instcont_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: instcont_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
57
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: instup_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: instup_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
71
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: offertool_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
85
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Downloading file: setgui_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: setgui_ais-932.vpx
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
3792
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
2468
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2468
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3876
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3876
Baixaki_Mozilla Firefox Quantum_2446375436.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0700000000000000010000000200000006000000030000000500000004000000FFFFFFFF
1112
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Locked
1
1112
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1112
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MinPos1280x720x96(1).x
4294967295
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MinPos1280x720x96(1).y
4294967295
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MaxPos1280x720x96(1).x
4294967295
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
MaxPos1280x720x96(1).y
4294967295
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).left
22
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).top
22
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).right
822
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WinPos1280x720x96(1).bottom
582
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
WFlags
2
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
ShowCmd
3
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
HotKey
0
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
NavBar
000000000000000000000000000000008B000000870000003153505305D5CDD59C2E1B10939708002B2CF9AE6B0000005A000000007B00360044003800420042003300440033002D0039004400380037002D0034004100390031002D0041004200350036002D003400460033003000430046004600450046004500390046007D005F0057006900640074006800000013000000F00000000000000000000000
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7
NodeSlot
93
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Rev
0
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
FFlags
1092616193
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Vid
{0057D0E0-3573-11CF-AE69-08002B2E1262}
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Mode
1
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
LogicalViewMode
3
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
FFlags
1092616209
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
IconSize
48
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A000000A000000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupView
0
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByKey:PID
0
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\93\Shell\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}
GroupByDirection
1
1112
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
94000000900000003153505305D5CDD59C2E1B10939708002B2CF9AE4100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00003300000022000000004E0061007600500061006E0065005F0046006900720073007400520075006E0000000B000000000000000000000000000000
1112
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0100000007000000000000000200000006000000030000000500000004000000FFFFFFFF
1112
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
MRUListEx
0000000001000000020000000400000003000000FFFFFFFF
580
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
580
pingsender.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
580
pingsender.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
SetupLog
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\Setup.log
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
100
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
2056
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
AvRepair
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:repair /wait
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Title
Installing the product
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
0
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
2
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
5
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
7
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
9
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
12
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
14
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
16
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
17
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
19
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
22
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
24
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
26
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
28
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
30
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
33
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
35
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
37
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
40
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
42
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
43
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
45
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
47
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
50
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
52
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
55
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
57
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
59
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
62
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
64
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
66
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
69
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
71
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
74
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
76
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
78
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
81
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
83
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
85
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
88
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
90
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
92
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
93
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
95
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
98
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: jrog2-85.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: jrog2
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
2
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
1
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
3
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
4
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
6
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
8
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
10
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
11
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
13
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
15
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
18
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
20
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
21
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
23
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
25
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
27
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
29
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
31
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
32
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
34
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
36
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
38
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
39
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
41
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
44
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
46
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
48
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
49
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
51
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
53
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
54
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
56
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
58
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
60
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
61
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
63
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
65
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
67
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
68
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
70
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
72
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
73
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
75
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
77
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
79
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
80
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
82
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
84
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
87
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
89
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
91
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
94
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
96
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
97
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
99
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_cleanup-7db.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_cleanup
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
4
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_datascan-805.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_datascan
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
6
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_gamingmode-815.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_gamingmode
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
8
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_idp_x86-814.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_idp_x86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
10
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_pwdman-844.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_pwdman
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
12
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_rescuedisk-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_rescuedisk
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
14
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_secdns-868.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_secdns
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
16
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_secureline-7db.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_secureline
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
18
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_secureline_x86-7d1.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_secureline_x86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
20
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_cmp_swhealth-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_cmp_swhealth
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
22
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_core-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_core
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
24
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_dll_eng-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_dll_eng
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
26
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_crt_x86-825.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_crt_x86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
29
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_openssl-7ea.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_openssl
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
31
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_streamfilter-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_streamfilter
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
33
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_streamfilter_x86-86f.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_streamfilter_x86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
35
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_tools-86b.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_tools
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
37
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gen_tools_x86-86b.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gen_tools_x86
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
39
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_gui_res-801.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_gui_res
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
41
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: ais_res-87e.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: ais_res
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
43
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
45
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x64_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
47
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
49
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
51
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
53
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
55
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
58
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: vps_32-85.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: vps_32
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
60
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: vps_win32-85.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: vps_win32
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
62
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: part-jrog2-85.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: part-jrog2-85.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: part-prg_ais-12070932.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: part-prg_ais-12070932.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: part-setup_ais-12070932.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: part-setup_ais-12070932.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: part-vps_win32-18110699.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: part-vps_win32-18110699.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: prod-pgm.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: prod-pgm.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: prod-vps.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: prod-vps.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: servers.def.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: servers.def.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: servers.def
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: servers.def
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: config.def.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: config.def.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: config.def
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: config.def
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: uat.vpx
2056
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File extracted: uat.vpx

Files activity

Executable files
30
Suspicious files
78
Text files
59
Unknown types
25

Dropped files

PID
Process
Filename
Type
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\722AE57D_stp.exe
executable
MD5: d4e132d94d6c05d2fc974e9c21ea3c06
SHA256: c00dd0dd67e5fc9e63c8262d45849f6fa18a153f7124a5977f9e5f5d5ee55f80
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\AvDump32.exe
executable
MD5: 9b7d6eff018883dc951a4fb5a1418a93
SHA256: 9f33291224985b73c145d6154bc97bb92964f61d3fd9ac7a7f072a96447e9b3c
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\Instup.dll
executable
MD5: 9ec08c479a64ec0b78c6c2002433d8d8
SHA256: 1eb5bd584c20ad7ee2d6f68fb78231e1e24764783c170b0f0389f4106d1733b1
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\AvDump64.exe
executable
MD5: 78fb2da85f22f71551fa7572a0e0abb5
SHA256: 657b11b59605902b6f9510f920ef595cc4069dc9d9945dfefdbe854866e0e206
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instup_ais-8ee.vpx
executable
MD5: 9ec08c479a64ec0b78c6c2002433d8d8
SHA256: 1eb5bd584c20ad7ee2d6f68fb78231e1e24764783c170b0f0389f4106d1733b1
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\uat.vpx.dll
executable
MD5: e59c067256a74519958f4750a4365312
SHA256: e9ae75522830b333c44cfd80ffb51aa852813fba96e23d66294f3b6d3fc6a006
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\HTMLayout.dll
executable
MD5: ce710c8f9198f996c52c232756de2682
SHA256: 4f1a52b194e55c110a21377e796171a748120e4eafc53e31019a7c304e65dc01
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\sbr.exe
executable
MD5: 2b476bb2904890badfafc1999e47071b
SHA256: 0911eec60fb69ff7bf61464d9b296ee28ea9a16afa99ac3410d329c980ec4a90
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\setgui_ais-8ee.vpx
executable
MD5: ce710c8f9198f996c52c232756de2682
SHA256: 4f1a52b194e55c110a21377e796171a748120e4eafc53e31019a7c304e65dc01
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\avbugreport_ais-932.vpx
executable
MD5: 72e9069503df5bae661c46aa36619be8
SHA256: d0a8db123846e03c235957ef191ef82ac5e9c07d409b264856c7159e7fdcb17f
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\Instup.exe
executable
MD5: d909fabb8f2bd97aea3fc97aa070409d
SHA256: 35eda4305952d6e6a36b5953cbc173281079ff532889e9b43e93fce876fbb8aa
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\aswOfferTool.exe
executable
MD5: 8385bc245aebaa47c4d8f0a00c7fa60b
SHA256: 9fd5fea99882b8687e03f6945ba10c3a7848770835c791f74d0201d1446c65c1
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\avdump_x64_ais-932.vpx
executable
MD5: 78fb2da85f22f71551fa7572a0e0abb5
SHA256: 657b11b59605902b6f9510f920ef595cc4069dc9d9945dfefdbe854866e0e206
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\avbugreport_ais-932.vpx
executable
MD5: 72e9069503df5bae661c46aa36619be8
SHA256: d0a8db123846e03c235957ef191ef82ac5e9c07d409b264856c7159e7fdcb17f
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instcont_ais-8ee.vpx
executable
MD5: d909fabb8f2bd97aea3fc97aa070409d
SHA256: 35eda4305952d6e6a36b5953cbc173281079ff532889e9b43e93fce876fbb8aa
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\avdump_x64_ais-932.vpx
executable
MD5: 78fb2da85f22f71551fa7572a0e0abb5
SHA256: 657b11b59605902b6f9510f920ef595cc4069dc9d9945dfefdbe854866e0e206
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\avdump_x86_ais-932.vpx
executable
MD5: 9b7d6eff018883dc951a4fb5a1418a93
SHA256: 9f33291224985b73c145d6154bc97bb92964f61d3fd9ac7a7f072a96447e9b3c
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\avdump_x86_ais-932.vpx
executable
MD5: 9b7d6eff018883dc951a4fb5a1418a93
SHA256: 9f33291224985b73c145d6154bc97bb92964f61d3fd9ac7a7f072a96447e9b3c
556
cmd.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe
executable
MD5: b98802e664b946b44d31bc77b0e381cf
SHA256: ffc9a820979392b1c2d8d5a1bdc036b17e13a6b6853fa3b2e80e36ad58c4ef00
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instcont_ais-932.vpx
executable
MD5: 171a27a97ccf0ed66a5e73337e7b91c4
SHA256: 7bc776ebff7c88ab284d71bb3b2cf7fc38792ecee27ee6f2dcb38e3b978ec7cf
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\instcont_ais-932.vpx
executable
MD5: 171a27a97ccf0ed66a5e73337e7b91c4
SHA256: 7bc776ebff7c88ab284d71bb3b2cf7fc38792ecee27ee6f2dcb38e3b978ec7cf
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\offertool_ais-932.vpx
executable
MD5: 8385bc245aebaa47c4d8f0a00c7fa60b
SHA256: 9fd5fea99882b8687e03f6945ba10c3a7848770835c791f74d0201d1446c65c1
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\D8129954005121.dat
executable
MD5: 1e6a0c0b79e4d8c6bee3c38000e15a65
SHA256: 3eed20ec8b037c5dc64c000ecceec943449c403adc30e895f64f64af1f3aeb5b
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\avBugReport.exe
executable
MD5: 72e9069503df5bae661c46aa36619be8
SHA256: d0a8db123846e03c235957ef191ef82ac5e9c07d409b264856c7159e7fdcb17f
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\instup_ais-932.vpx
executable
MD5: a911abb7d0504859ab8f719049a72c00
SHA256: 5f041c2203ff10ef9dd01d62952c52c1535b1ce30ee6a09f52107cca085d22c8
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\Instup.dll
executable
MD5: a911abb7d0504859ab8f719049a72c00
SHA256: 5f041c2203ff10ef9dd01d62952c52c1535b1ce30ee6a09f52107cca085d22c8
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\setgui_ais-932.vpx
executable
MD5: ae029cd3e20d42fbe3ab76dc8232671b
SHA256: 5e33f9e87db45d514d7d4a4022b9f15b7d482bf79c29d73bdda8f1aed59301eb
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\instup.exe
executable
MD5: 171a27a97ccf0ed66a5e73337e7b91c4
SHA256: 7bc776ebff7c88ab284d71bb3b2cf7fc38792ecee27ee6f2dcb38e3b978ec7cf
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\New_12070932\HTMLayout.dll
executable
MD5: ae029cd3e20d42fbe3ab76dc8232671b
SHA256: 5e33f9e87db45d514d7d4a4022b9f15b7d482bf79c29d73bdda8f1aed59301eb
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\uat_2056.dll
executable
MD5: e59c067256a74519958f4750a4365312
SHA256: e9ae75522830b333c44cfd80ffb51aa852813fba96e23d66294f3b6d3fc6a006
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_swhealth-87e.vpx
binary
MD5: 0375ac156e9cdd2af83a9660411c9a51
SHA256: 0ea82650efecdd0b601eae9e65871b5fa7c377f6953868287131127fb8b3e916
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_swhealth-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_secureline_x86-7d1.vpx
binary
MD5: e573e9fe9afb10b24844541ec9598b43
SHA256: 255841c8331282f7c72e01e84dd847acf76dd0ee8174dfc0e83fe7bc1a5628d1
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_secureline_x86-7d1.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_secureline-7db.vpx
binary
MD5: a21eb039a0d040120208608d6b08c149
SHA256: a543c57f64c698253d1a59a4fa749818caaeb27b4d07c02131c1e5331ef8d501
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_secureline-7db.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_secdns-868.vpx
binary
MD5: eedf970e542f255d46814f93b7dcfd35
SHA256: 1ead968288ae0b8686294de7a12d7200a96a95c5820253e46788c3c409c24b17
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_secdns-868.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_secdns-868.vpx
binary
MD5: bc75e5a68bb56964a0e68d428ef23f60
SHA256: a43a4746e7ff4009029d68725cb602d0cb41b1c0aa16fde4c284fb799e199b69
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_rescuedisk-87e.vpx
binary
MD5: 6b618e3ff547e2c6ee931c15c01b2cc4
SHA256: 52cd7664ce834c58ddf5702ed641167e1242981a4694de5da2355d889773c047
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_rescuedisk-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_pwdman-844.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_pwdman-844.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_idp_x86-814.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_idp_x86-814.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_idp_x86-814.vpx
binary
MD5: 99a70a4fd94ec367d80031f3bd00e602
SHA256: 792daac08711518a20ae4bd1c3d1a005b0f37db7367547f2ebb2f612b99a0e27
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_gamingmode-815.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_gamingmode-815.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_gamingmode-815.vpx
binary
MD5: 53bc0eead7acfa0f267c9613461f32c6
SHA256: d589d27ecc64f32bf5848b045d4a66b0f4455b4678b8629238f6575956f589a7
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_datascan-805.vpx
binary
MD5: e0e92441722ad463275bffe6a07d1f51
SHA256: 63f454ead9b27cb017e262213169a47ec77766f0e5c8a2b82aea3dc8c79c0c1c
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_datascan-805.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_cmp_cleanup-7db.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_cmp_cleanup-7db.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\jrog2-85.vpx
binary
MD5: 64467daca0ea32e08f07518a5f6c5210
SHA256: 15613b231b943b02573650c3f87f58a41370a6923bdf3ba5c6180a233ac1320c
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\jrog2-85.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\jrog2-85.vpx
binary
MD5: 36158df938fcd7d4fc5df52352e7c8eb
SHA256: a65433af37fd6df1a38c3480820902d6d30029df38e3322fdcb4947b243ef959
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\vps_32-85.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def
text
MD5: 1748db8cb3f66eb528f42a5701766441
SHA256: 7816d50c3b51caa13fb7026dc3d9a37da31249b1a2186eeacd1dd190afe2dffb
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def.new
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\products.def
text
MD5: db57a48e20c1fa2b41e70dfad81f7c76
SHA256: 69329e41d159c78abebaeb8b1e9005a0aedc8ff1ed87f1f93eda9503b0cd0cd4
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-vps_win32-18110699.vpx
binary
MD5: 274213f63ae5e4694786b20b33d6d1f5
SHA256: 83664fd02b190fc23f5cff9c22cf8287494b3a8ff4f2a04b89f7fb86ec198306
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-jrog2-85.vpx
binary
MD5: 1ac2697d130fc3dd73c5dfeb00e78c79
SHA256: aa3bf870e9f339d6752e7b0c58d96a421a6817898f915c9407b154defaff17dd
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-vps.vpx
binary
MD5: 2ce198ab104612cd4da0d0a6bea040f0
SHA256: 5d6713c8eca7d1a72d41b4344b65b939ca5e80d9035a7c4f9ace745aa7e55999
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\vps_32-85.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-pgm.vpx
binary
MD5: 033c6d22f306a80351f8f3b4668234bf
SHA256: 2f4c6eba607e42de5346e65b39abd51191e561d042216c48449b8755cbe4e284
2056
instup.exe
Setup.log
––
MD5:  ––
SHA256:  ––
2056
instup.exe
Setup.log.old
––
MD5:  ––
SHA256:  ––
2056
instup.exe
Setup.log.tmp.1196ed42-7c23-46f0-bdb9-9605bd76a5d1
––
MD5:  ––
SHA256:  ––
3792
instup.exe
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\event_manager.log
text
MD5: 49f55c39e13623a98ff34efe60b628af
SHA256: b1a40b216e1e8f2f5bbcaff924946fb09fb387a17c5211be5fc4b0eb6cff4ec6
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\offertool_ais-932.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\vps_win32-85.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_res-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_res-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gui_res-801.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gui_res-801.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_tools_x86-86b.vpx
binary
MD5: 06a63eed33636c6536cebfb60a97b13e
SHA256: 7967e2f3e2124552132adcf748c782e38d8ec769b85347485277082fcfd3802f
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_tools_x86-86b.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_tools-86b.vpx
binary
MD5: ac040471e1df6a39fe0996fe57fe6677
SHA256: a5716a95806195888309f7c2bde78e8e0bc0cd2663a1c7613a115fc82976282b
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\f73f68d3-ab86-420b-95a0-c1d584600a8b
text
MD5: 6c17f96458d40639a55a0e97288fef83
SHA256: 0a14a2711af950c400f375a0beee734b8ce5b572dc0a9cc43bdee368457c192f
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\f73f68d3-ab86-420b-95a0-c1d584600a8b.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-11\1541686173347.f73f68d3-ab86-420b-95a0-c1d584600a8b.main.jsonlz4
jsonlz4
MD5: 95c704bc3cc6d1bb75abad6dd61962b8
SHA256: aca56c140a63136871cf6abf7d07421e06e096be6c4885e9c52a188c242d572b
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-11\1541686173347.f73f68d3-ab86-420b-95a0-c1d584600a8b.main.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping
text
MD5: f80c337c816216631d9cff28e8628448
SHA256: db9b66a64b6a26ee1b6bedd3cd22950e4bfdebfcd40dd8b256991b5fe137d6dc
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\aborted-session-ping.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
text
MD5: 83f87af3b9cddda2af1295a492808adc
SHA256: 4acd5908d42442762a9b15ab8ab51d637f311bb2aa61dfc999ccf0d891e407bd
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: aca8256aedd60c0e0350f6c6dc12d5ab
SHA256: 3d938ac737b7e987ce881495cfa25ef7292065e5b47499ab9afea5838dbfbe3f
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
sqlite
MD5: fac613d4dcf339fa0c7540ed574e44fc
SHA256: d2532afed7fe8dd477f62afc4e664b3b1a2b251c1ab7a5ca8808821362351718
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
sqlite
MD5: bbedccf1ecf23571880e86f1263a152d
SHA256: dba07e4842de0a9f271e3704b51b92924449d56c12065ee76641769ee8153784
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-wal
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: 91866891aefcffc18c92e6052068be42
SHA256: 667d331cdbe50ae7e37e57cb455dee7b293f6026bfb368b5f8f889c3be835b93
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: 6c288252b2ad4d14e7ae7959227b8d8b
SHA256: 1b9922bee14d3afd7bf3480a50b5a0353659635d97e0c14ddf7ecce655d4c095
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
text
MD5: fd669cc2b70d82a9065117c1c7201bfa
SHA256: 1a8e49ff82e753320b7d535de67000818632b78655e326c5d42ae21d8bc6c28f
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: d7f2d5d9c9061c4476fe3d633687b144
SHA256: 05b19d4ba0554357189291b438515ee956ef324d3bed349800c21cc2f5f5da30
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
jsonlz4
MD5: 62bba1d439e042534724d5b66612f07d
SHA256: 4103a9d9a803565d9dbbfa02df4fb43a670e72f310d522e32ae993536ea4221b
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 6b77a9f779399e95d1cee931a2c8f8ff
SHA256: 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: e381f4a703d1e2f98bbd4060fbe31959
SHA256: 157141f9ba4e70b10098e61b24443e46d527b7e3a554971ab89a0c5ce6fb51f0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 409797353f49a435118e4b9623165b83
SHA256: 82f50a8fc47bbbf218c96432327ff888c681e005d985f6701e724c5c6bde6991
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
binary
MD5: 409797353f49a435118e4b9623165b83
SHA256: 82f50a8fc47bbbf218c96432327ff888c681e005d985f6701e724c5c6bde6991
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: 99601438ae1349b653fcd00278943f90
SHA256: 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\00183D14.log
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: bdaa2a3b4259ebf8dd87e5769b1bf3f4
SHA256: 8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 956da9703243b882baee1b320e9fb606
SHA256: 45a7cfeb7304cedc0fff05247d16ea745384603e46ca63ffcb2f2603d27f26eb
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: c834f081a427580ca4661f1646d92b93
SHA256: e3672be937c311b3e6a2a825f4aa0b3d7bb67f93a336874ef00a185866be1b13
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FE7AA4D4093147A795178036E3609C22B52C4B9C
compressed
MD5: 480d0b7f9fd04728474478de2947d154
SHA256: 072446fedb82a16844ce08cc6a5092faa11878c080241ee37d2f9a3194d99ee2
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
binary
MD5: cd6e12988fe9f72fe4a2a529c9eb2a6d
SHA256: 835da593f7efc223e291af8eb16b99c3a1bad5a9e89f22e696ada202fb2029d4
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 09fbbf39cf99ab9c36514819b05bdbfe
SHA256: 6c2f4152ec6fe51c16b83cc39388f3f8179f592f24afcd9584760ef09a0fb496
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: b2a6475baaaefda29e3f21b2e51ec23e
SHA256: 2a03b353e4e8412bcf98976ae589b6af24f12ea5802252394e6345200dd0f5b2
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 16c5aee35e9d1fd0e735cfbef142be20
SHA256: 00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 578f74adf6e96eef17ba8ab4d5738408
SHA256: e9780c16075e62e66cf47594262edb17da9b3c6a1dad555a5fd1c91969c81621
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: bb9d8f55e9156fa6ffefa41d2102d400
SHA256: fb97e6aaffb325fa27434d746372d9ecf549e59c2b0476b3da39b42435ab6d6a
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: be469e82d40529c40a46fe86c3e69d03
SHA256: fb21601b552cd7d9cbb8940912d2fcab1d19707b1d5b9ab0fd0199f89a64fafd
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
sqlite
MD5: 790d8265e2fef25b6dea173f7f2a338a
SHA256: 782bc7b5d90f306c3175e8a4d11dc2043fa3d4b1e1d86fa16f83b190e98c639a
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ad03bc546b37ef44db3cfa1e00c2ea47
SHA256: 2fca11241229fd4c5948f4c25657a9bcdcdff44237d0d0450b01ed6496c769eb
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55F3A8141B0F01292545EBF09A1E053D6C64205B
binary
MD5: 6ead5bce546a88898d1416146da84588
SHA256: ce59f9ec8306e5ac5fe87b8c37a269f59f58eb945b0f90a5925f5b9f39ae0ae9
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: cd82f4495eafe523b9b6b938c828611b
SHA256: 576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\84DC4056E1BFC8DCFF5367760FC04B53173B23AA
binary
MD5: ceeb5f13c01cc44c70455624a49796e4
SHA256: e8b77ebba2cdafa700ec7b16ba427299fba45c4105e3a3e19f6da64c060ab622
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\10464
binary
MD5: 2b47f318fdcfabf9b88818d1f266b6ca
SHA256: 552e9205f11d8bed37e6d3c068cd7393893cacae4f21d922e895fb26b3191a54
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A22A32759A3966E8D2B0323FD7A29302D10FAE5A
der
MD5: cd4ce9ee272f18153dd6521109786c37
SHA256: bfa0155b49e7b7db3ce2270f8ef19096016723f21fe09a35ab6cf46ef701b29e
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3903bfb9538fd72d01a8fec289745673
SHA256: a2748d5ab8cad8e5822a644e4e8475a6bd3cd2fb9d181a91b16c13e917084efa
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_tools-86b.vpx
––
MD5:  ––
SHA256:  ––
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_tools-86b.vpx
binary
MD5: b92cbdbf1b99b3686b1c7f4c18f209ac
SHA256: 49396d953970f3c2ee1231c2622b9a479410c30ecd99823a22a06eb198e2225d
2468
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_streamfilter_x86-86f.vpx
binary
MD5: d25964be8b8b100b39d817ec38ac0b93
SHA256: 5f2de7134b7d61023af497e11d0fb55f74b4e185cd72cf3abdfc348379006115
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\0018ADA0.log
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\0018AD90.log
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_streamfilter_x86-86f.vpx
––
MD5:  ––
SHA256:  ––
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-vps_win32-18110804.vpx
binary
MD5: 89acddc70646fe052f2f1474be4025b0
SHA256: 508c0d217465cdb89888d749c75c785cabdd72cd66a9e1ccde08ab4257e2fb3f
2468
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 707c12070c52e55c2a996ac15e219b95
SHA256: 6c5410c655c8efc48d123abe708c8940a4218072c0daf85e03ab45da6d2ce6b9
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-jrog2-18ec.vpx
binary
MD5: c7cc877d1a8aeab6fc52b5f850adccd8
SHA256: db6468475ac8f2b7c4142bbb0b596178bc62401ddd6094a638ba71ff83034fb6
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-iex-c.vpx
binary
MD5: b7ba558880c14502cc887f7c69b2388c
SHA256: b40deb5cd32d41f53de4a7d621933f35d1c50760b022e4d8d3f9514bd21f5cd6
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-vps.vpx
binary
MD5: d48f3bb2175d9f2b9e3c91a637519cdb
SHA256: d070fbdb6a9fd521ca7e82ab010e996712a251ce86923e1c46ca36139293aa8f
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-setup_ais-12070932.vpx
binary
MD5: 71591dcad450669a43c83aea22fe8fe5
SHA256: dbbf3d6ccf7c5c281518f4a246da45624e452838407bdfeebd7519347fef00c7
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-prg_ais-12070932.vpx
binary
MD5: 112ef03c0f63809cd8685c25e26a8e30
SHA256: d4c4e36f57626a55e4b837beb5c8e28f292b2a030bae8bcb573508cf49ddc782
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_streamfilter-87e.vpx
binary
MD5: d9a87b5bf1747a15320b6fc918f159f1
SHA256: 45489ef30820f570c0b3f3b01c79b89c6e3dfe72ce71e7e424bda6fa07fb6a10
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\uat.vpx
binary
MD5: fd27ec861faa08c712fbc2436383a6ab
SHA256: 8ce2034bb5a07a2059e89f3a8db06614b05b2839782b64cf89b095ed7d91d16c
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-pgm.vpx
binary
MD5: 033c6d22f306a80351f8f3b4668234bf
SHA256: 2f4c6eba607e42de5346e65b39abd51191e561d042216c48449b8755cbe4e284
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\servers.def.vpx
binary
MD5: 8747befdc39b69b34f6704b2260aa536
SHA256: c559bf44585b072dc1544a6b3d65814e87f74c8711306e8789c0cb4db3ad5c8f
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\servers.def.lkg
text
MD5: 51f1159ea24556f329468c04a0638481
SHA256: 45abe17087cbf6e78e1c386db30def953da87e4a0184891c185c0788b505d169
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\servers.def
text
MD5: 51f1159ea24556f329468c04a0638481
SHA256: 45abe17087cbf6e78e1c386db30def953da87e4a0184891c185c0788b505d169
3792
instup.exe
event_manager.log
––
MD5:  ––
SHA256:  ––
3792
instup.exe
C:\ProgramData\AVAST Software\Avast\avast5.ini
text
MD5: 29e5411814bc53ae4f414664ff162971
SHA256: 2f5b9b8b754df21ad82e465adb16767a8a05a8cd38678673937cb268536584e4
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def
text
MD5: 090033de23a232307d2a011e630d4220
SHA256: fc4e88f063aa35c3f889f621cf9cf002e74df4c1a77285f846888eb729b4adfd
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def.new
––
MD5:  ––
SHA256:  ––
3792
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\Stats.ini
text
MD5: c274c9d0e51558d8b2a9fb0d37257a85
SHA256: c9d26522f58123da489067f2c79579db4656e6e216ab20e0b21efd097b5f3dfc
3792
instup.exe
Instup.log
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_streamfilter-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_openssl-7ea.vpx
binary
MD5: 9e02957e0310df7d38d43390aa59cb83
SHA256: 7e733b5735401f9697f3ce82fa1baf20eb8c30a10e0cca6f764dce3f947e5de0
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_openssl-7ea.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_gen_crt_x86-825.vpx
––
MD5:  ––
SHA256:  ––
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\uat.vpx
binary
MD5: 74703aefec6f560b8ae47e90b8553f40
SHA256: ba9842e5b1ffdbd61f5cf159d6d10080ad49636f1ed3a05e7a6e5a1e73ad731d
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_gen_crt_x86-825.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_dll_eng-87e.vpx
binary
MD5: ea4a0525ddaefe653c7e4dfbf5b9bd70
SHA256: fb57f2c52d49227e2a78f012119b1ef3db633948679836444c3c1396e62d3aa5
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-setup_ais-110108ee.vpx
binary
MD5: 6a69efdb08dc226753ece7e1b0df6d56
SHA256: 4a2d0cf5955545b91d7740aa0d5cb2f27621179c2e6965ed08d4de4ed1a9eae4
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-vps.vpx
binary
MD5: a8f5f8beb1487eb9ccbf23f4e51dba28
SHA256: d4fd2507084008417c736bdec2712b2aa73c7050b22633146799bccc3c5af0ed
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-prg_ais-110108ee.vpx
binary
MD5: 1d0059eb15a376cf2d8cdbb734eca754
SHA256: f5ce33cfb66d4c4fb5df6501d0848f9b78b07c4848317f301d104e75cfd41545
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\servers.def
text
MD5: 195cdcaaed78d2b59abc94f8c0d441f5
SHA256: 6db1cbefdc21b46405e404c868b4e76383ab1b34b81ae29bae8cf06fd81587cf
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-vps_win32-17020603.vpx
binary
MD5: ee043417b21061d4bc2af6d949eebc18
SHA256: ae75e57bcb8b7ab442ad433181180a2f58014fa49225b488c97779dc8624d4b8
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\prod-pgm.vpx
binary
MD5: 06f8aa0b63c5feefeacfe5c3274b0cb7
SHA256: bf7a20be7581c4f14a6f2f0d05374231945d331f2a421a58a7d8db8ccf35f579
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\servers.def.vpx
binary
MD5: 60a1d68a3eb8557ba79867b62568e94e
SHA256: c609f87f0ba0e36054dd13c96ba5d846f1bd916d6a7789e0e2c0fb9319eb8c1d
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-jrog2-1376.vpx
binary
MD5: 42230ed31600aa11bab553f41a2b7c22
SHA256: 36a271c52616a35929ffdc3b0c19bd9c707ce3b761734fd33dade167f8e13e68
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\part-iex-8.vpx
binary
MD5: 59bb35c4351defb19fca4bd845b9683e
SHA256: a80d3bfff0f695574072d69b55a1bc5cd687ebedc0225bda96616a162f931137
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def
text
MD5: 516ed13e25ec209f5027c50869832f54
SHA256: 28e228020518066b70e5408381f1ff8ed6493da0249e0182b29a8624374738c4
3036
avast_free_antivirus_setup_online.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\config.def.vpx
binary
MD5: c4efa2f7a6904916f9fa1da3ec27e2c2
SHA256: 3071210bcc8688d4c896aed3aa4650580aceb50c16d7f6f5293da49cfae8cb7a
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_dll_eng-87e.vpx
––
MD5:  ––
SHA256:  ––
2056
instup.exe
C:\Program Files\AVAST Software\Avast\setup\ais_core-87e.vpx
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\D8129954005122.dat
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\00186944.log
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp.dat.part
binary
MD5: d3fd2146f9bdd6e86f553d1b98d7ca58
SHA256: d198f5b8e383fbe607fa1f5bb21e98865692de4bb2df4eb1b5a7b9b4006b3e6a
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp.dat
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\722AE57D_stp.dat.part
binary
MD5: ebd412dcbd018eb7ee451df6cce76347
SHA256: 18e1063853c86798bd1e267438c37aac2b5ab8cd8fb65adeef3ac17fc26eb519
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\ais_core-87e.vpx
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\722AE57D_stp.dat.tmp
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\in050C527C\722AE57D_stp.dat
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\EN[1].png
image
MD5: 46bd51d12590a67a66cc21ba18059a20
SHA256: 731cfc592c539f564a7d6c24bc196ce59ef7f47dfab1cd0cfec25d2e0313d4ee
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\21163053310104[1].jpg
image
MD5: f71fe82ae9db43ca724142729b0c0a39
SHA256: 456e5e1f74fc5e0cbc9956d2515d4068e362cd6a41ed66b31427f0358a00e738
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\bootstrap_59574.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\00183E0E.log
––
MD5:  ––
SHA256:  ––
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Quick_Specs.png
image
MD5: 07cd59b954e8495ad6cd6a7c11d2de86
SHA256: 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\locale\PT.locale
html
MD5: 50c0889aa3252ccac90e235278dc1801
SHA256: 0d8e7e974c5a0a860e1718d535a7c1a99696f181fa89e6fb0e1a73455492640e
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Resume_Button.png
image
MD5: 9d31583bcfad58a6b9ddeaf44549a5e6
SHA256: e466a2db2f755d9eb68619439af37ff4e45559b7a3f476e226ab2a11aeadae1a
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\ProgressBar.png
image
MD5: f5d2570779e9311622cbe1f9c167c1dd
SHA256: 66143e0d85226dab11ee8c9ac6ed5130adc6847cb7f16293ec4824ed67274563
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\locale\EN.locale
html
MD5: 93a216a9f0b65f34bcde2aac264bfa67
SHA256: b01d8910251ead23f5ba0cec0278aeb68621e9e83f2d89c305a5b16b3c17fe95
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\sponsored.png
image
MD5: e3758d529f93fee4807f5ea95fbc1a6c
SHA256: 8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Progress.png
image
MD5: 7ee004072453e86b539a0ddcc0f5b562
SHA256: 53ad17da8efac339a6fb55b08246994b4a813b7ebeadd819b435b9f342068e1f
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\BG.png
image
MD5: bcf307e585efb78d500673eb7aee20a6
SHA256: 313810f02e8e3e8f4468d3980dff2ac5ba8b6f9d0328ad1ae1c14bbfe3ab5af5
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Icon_Generic.png
image
MD5: a35aeb077ffa7ffb4382c639743d29cc
SHA256: dccfb478e6097086d886b5a01d120bf511b381982b0975e0c65eab3846e4234d
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Loader.gif
image
MD5: afc685139a108e33bd945d5a3ff64122
SHA256: 4d70f45a9c69d8ce2e630214c1b2871454d631ccf9d88976470170d0e106acbc
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Pause_Button.png
image
MD5: 84b37cb510f50c8fea812eb308d3f03f
SHA256: 7bf800336671204de36b7d1f6ceffdff830040f51d21bc44f220f68d72cf492b
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Button.png
image
MD5: 1897b959717c64e1be8c925096ef2b96
SHA256: b7a8cfad4b8156b481fcd4fcff205fcd6cd53aea5bf02c48c2111d9acffddc47
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Close.png
image
MD5: 40b152058a7fbc98401ae5fa9e884de7
SHA256: 9102a20b58a05b0eccb7bcf4f775038cfcf023f05d0081b8845e491336d3cc9c
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Button_Hover.png
image
MD5: 795c6dc6cfe3049b93bdbb36daae209e
SHA256: 18f462f4d6491d3b4318bc569206f44f9e35bf1b86b06998e4472d693d4fe62a
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\button.css
text
MD5: 37e1ff96e084ec201f0d95feef4d5e94
SHA256: 8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\browse.css
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\main.css
text
MD5: abba6d0faeee885edfbb5bb5381a6a98
SHA256: 98af7066c05c15871aeacd93df7f0118e3bfe998f738c480a96854434f040500
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\checkbox.css
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\progress-bar.css
text
MD5: 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA256: 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\css\ie6_main.css
text
MD5: c628398ec07fe762971fc9ed90902340
SHA256: 46e335eca724c6cb93334b15a793710fa2c0a544b7d887a2f63ff65185d07821
4024
Baixaki_Mozilla Firefox Quantum_2446375436.exe
C:\Users\admin\AppData\Local\Temp\inH158850051182\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
2056
instup.exe
C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\vps_win32-85.vpx
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
64
TCP/UDP connections
79
DNS requests
123
Threats
14

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.31.104.117:80 http://www2.lisutodotorot.com/ IE
binary
––
––
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 54.154.81.16:80 http://api.lisutodotorot.com/?ralupid=0 IE
binary
text
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.31.104.117:80 http://www2.lisutodotorot.com/ IE
binary
––
––
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.210.42.57:80 http://www.lisutodotorot.com/Baixaki/ IE
binary
binary
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe GET 200 146.185.27.45:80 http://img.lisutodotorot.com/img/Tavasat/15Feb17/v2/EN.png GB
image
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe HEAD 200 85.159.237.103:80 http://ww42.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis NL
––
––
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe GET –– 192.96.201.161:80 http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis US
––
––
suspicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.31.104.117:80 http://www2.lisutodotorot.com/ IE
binary
––
––
malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe GET 206 192.96.201.161:80 http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis US
binary
suspicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe GET –– 192.96.201.161:80 http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis US
––
––
suspicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.31.104.117:80 http://www2.lisutodotorot.com/ IE
binary
––
––
malicious
3036 avast_free_antivirus_setup_online.exe POST 204 77.234.45.53:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
3036 avast_free_antivirus_setup_online.exe GET 200 172.217.168.46:80 http://www.google-analytics.com/collect?aiid=mmm_irs_ppi_002_451_m&an=Free&av=17.1.3394&cd=stub-extended&cd3=Online&cid=f7632834-0dfc-4ebd-a462-191f1bb4dffd&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 US
image
whitelisted
3792 instup.exe POST 200 5.62.40.21:80 http://5.62.40.21/ DE
text
text
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://z9743321.iavs9x.u.avast.com/iavs9x/servers.def.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.50:80 http://z9820048.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.50:80 http://k6375621.iavs9x.u.avast.com/iavs9x/uat.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://d3116203.iavs9x.u.avast.com/iavs9x/part-prg_ais-12070932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://l5978727.iavs9x.u.avast.com/iavs9x/part-setup_ais-12070932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.105:80 http://y9663457.vpsnitro.u.avast.com/vpsnitro/prod-vps.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.105:80 http://h0637628.vpsnitro.u.avast.com/vpsnitro/part-iex-c.vpx unknown
binary
whitelisted
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe POST 200 52.31.104.117:80 http://www2.lisutodotorot.com/ IE
binary
––
––
malicious
3792 instup.exe GET 200 2.16.186.105:80 http://t3036159.vpsnitro.u.avast.com/vpsnitro/part-jrog2-18ec.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.57:80 http://p3713387.vpsnitro.u.avast.com/vpsnitro/part-vps_win32-18110804.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://t5730298.iavs9x.u.avast.com/iavs9x/avbugreport_ais-932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.50:80 http://t5730298.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://t5730298.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.50:80 http://t5730298.iavs9x.u.avast.com/iavs9x/instcont_ais-932.vpx unknown
binary
whitelisted
2468 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://t5730298.iavs9x.u.avast.com/iavs9x/instup_ais-932.vpx unknown
binary
whitelisted
2468 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2468 firefox.exe GET 301 151.80.204.61:80 http://www.baixaki.com.br/portal/redir-partners.asp FR
html
unknown
3792 instup.exe GET 200 2.16.186.50:80 http://t5730298.iavs9x.u.avast.com/iavs9x/offertool_ais-932.vpx unknown
binary
whitelisted
3792 instup.exe GET 200 2.16.186.104:80 http://t5730298.iavs9x.u.avast.com/iavs9x/setgui_ais-932.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/part-jrog2-85.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/prod-vps.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/part-vps_win32-18110699.vpx unknown
binary
whitelisted
2056 instup.exe POST 200 5.62.40.21:80 http://shepherd.ff.avast.com/ DE
text
text
whitelisted
2056 instup.exe POST 204 77.234.45.53:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2056 instup.exe POST 204 77.234.45.53:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/jrog2-85.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_cleanup-7db.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_datascan-805.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_gamingmode-815.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_idp_x86-814.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_pwdman-844.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_rescuedisk-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_secdns-868.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_secureline-7db.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_secureline_x86-7d1.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_cmp_swhealth-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_core-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_dll_eng-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_crt_x86-825.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_openssl-7ea.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_streamfilter-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_streamfilter_x86-86f.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_tools-86b.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gen_tools_x86-86b.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_gui_res-801.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.24:80 http://x9592796.iavs9x.u.avast.com/iavs9x/ais_res-87e.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/vps_32-85.vpx unknown
binary
whitelisted
2056 instup.exe GET 200 92.123.64.88:80 http://k3796670.vpsnitrotiny.u.avast.com/vpsnitrotiny/vps_win32-85.vpx unknown
binary
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 52.31.104.117:80 Amazon.com, Inc. IE whitelisted
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 54.154.81.16:80 Amazon.com, Inc. IE whitelisted
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 52.210.42.57:80 Amazon.com, Inc. IE malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 151.80.204.61:443 OVH SAS FR unknown
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 146.185.27.45:80 UK-2 Limited GB malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 85.159.237.103:80 NForce Entertainment B.V. NL malicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 52.55.64.207:443 Amazon.com, Inc. US unknown
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 192.96.201.161:80 Leaseweb USA, Inc. US suspicious
4024 Baixaki_Mozilla Firefox Quantum_2446375436.exe 52.222.175.200:443 Amazon.com, Inc. US unknown
3036 avast_free_antivirus_setup_online.exe 77.234.45.53:80 AVAST Software s.r.o. DE unknown
3036 avast_free_antivirus_setup_online.exe 172.217.168.46:80 Google Inc. US whitelisted
3792 instup.exe 5.62.40.21:80 AVAST Software s.r.o. DE unknown
3792 instup.exe 5.62.38.32:443 AVAST Software s.r.o. NL unknown
3792 instup.exe 77.234.43.230:443 AVAST Software s.r.o. GB unknown
3792 instup.exe 2.16.186.104:80 Akamai International B.V. –– whitelisted
3792 instup.exe 5.45.62.120:443 AVAST Software s.r.o. NL malicious
3792 instup.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
3792 instup.exe 2.16.186.105:80 Akamai International B.V. –– whitelisted
3792 instup.exe 2.16.186.57:80 Akamai International B.V. –– whitelisted
2468 firefox.exe 52.39.244.38:443 Amazon.com, Inc. US unknown
2468 firefox.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
2468 firefox.exe 151.80.204.61:80 OVH SAS FR unknown
2468 firefox.exe 52.41.78.152:443 Amazon.com, Inc. US unknown
2468 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2468 firefox.exe 151.80.204.61:443 OVH SAS FR unknown
2468 firefox.exe 172.217.168.74:443 Google Inc. US whitelisted
2468 firefox.exe 104.16.12.243:443 Cloudflare Inc US shared
580 pingsender.exe 34.214.252.85:443 Amazon.com, Inc. US unknown
2056 instup.exe 8.8.8.8:53 Google Inc. US whitelisted
2056 instup.exe 92.123.64.24:80 Akamai International B.V. –– whitelisted
2056 instup.exe 92.123.64.88:80 Akamai International B.V. –– whitelisted
2056 instup.exe 5.62.40.21:80 AVAST Software s.r.o. DE unknown
2056 instup.exe 5.45.62.82:443 AVAST Software s.r.o. NL unknown
2056 instup.exe 77.234.43.230:443 AVAST Software s.r.o. GB unknown
2056 instup.exe 77.234.45.53:80 AVAST Software s.r.o. DE unknown

DNS requests

Domain IP Reputation
www2.lisutodotorot.com 52.31.104.117
52.214.73.247
malicious
api.lisutodotorot.com 54.154.81.16
52.209.116.64
34.251.155.7
malicious
www.lisutodotorot.com 52.210.42.57
54.72.148.179
34.252.206.30
malicious
img.ibxk.com.br 151.80.204.61
unknown
img.lisutodotorot.com 146.185.27.45
malicious
ww42.lisutodotorot.com 85.159.237.103
malicious
download.mozilla.org 52.55.64.207
107.23.201.210
54.88.60.196
35.171.199.38
23.22.247.74
34.195.34.19
whitelisted
cloud.lisutodotorot.com 192.96.201.161
suspicious
download-installer.cdn.mozilla.net 52.222.175.200
whitelisted
v7event.stats.avast.com 77.234.45.53
5.45.59.12
whitelisted
www.google-analytics.com 172.217.168.46
whitelisted
shepherd.ff.avast.com No response whitelisted
alpha-license-dealer.ff.avast.com 5.62.38.32
5.45.62.88
5.45.62.61
whitelisted
alpha-iqs.ff.avast.com 77.234.43.230
77.234.45.250
77.234.43.231
whitelisted
z9743321.iavs9x.u.avast.com No response whitelisted
auth.ff.avast.com No response whitelisted
z9820048.iavs9x.u.avast.com 2.16.186.50
2.16.186.104
whitelisted
k6375621.iavs9x.u.avast.com 2.16.186.50
2.16.186.104
whitelisted
d3116203.iavs9x.u.avast.com 2.16.186.104
2.16.186.50
whitelisted
l5978727.iavs9x.u.avast.com 2.16.186.104
2.16.186.50
whitelisted
y9663457.vpsnitro.u.avast.com 2.16.186.105
2.16.186.57
whitelisted
h0637628.vpsnitro.u.avast.com 2.16.186.105
2.16.186.57
whitelisted
t3036159.vpsnitro.u.avast.com No response whitelisted
p3713387.vpsnitro.u.avast.com 2.16.186.57
2.16.186.105
whitelisted
t5730298.iavs9x.u.avast.com 2.16.186.104
2.16.186.50
whitelisted
www.baixaki.com.br 151.80.204.61
unknown
search.services.mozilla.com 52.39.244.38
34.213.14.244
34.208.206.25
whitelisted
detectportal.firefox.com 2.16.186.50
2.16.186.112
whitelisted
a1089.dscd.akamai.net No response whitelisted
search.r53-2.services.mozilla.com 34.208.206.25
34.213.14.244
52.39.244.38
whitelisted
706813v.h2.azioncdn.net 151.80.204.61
unknown
ocsp.digicert.com 93.184.220.29
whitelisted
tiles.r53-2.services.mozilla.com 34.216.156.21
52.41.60.30
52.34.107.172
52.10.130.148
52.37.207.140
52.40.109.206
52.39.131.77
52.41.78.152
whitelisted
tiles.services.mozilla.com 52.41.78.152
52.39.131.77
52.40.109.206
52.37.207.140
52.10.130.148
52.34.107.172
52.41.60.30
34.216.156.21
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
ajax.googleapis.com 172.217.168.74
172.217.168.42
172.217.168.10
216.58.215.234
whitelisted
obj.ibxk.com.br 151.80.204.61
unknown
www.minhaserie.com.br 151.80.204.61
unknown
fonts.googleapis.com 172.217.168.74
whitelisted
tag.navdmp.com 104.16.12.243
104.16.15.243
104.16.11.243
104.16.13.243
104.16.14.243
whitelisted
www.1-1ads.com 212.124.115.196
212.124.124.178
whitelisted
googleapis.l.google.com No response whitelisted
static.savings-united.com 172.64.108.30
172.64.109.30
unknown
cdnjs.cloudflare.com 104.19.197.151
104.19.199.151
104.19.195.151
104.19.198.151
104.19.196.151
whitelisted
n135adserv.com 212.124.124.178
212.124.115.196
whitelisted
sb.scorecardresearch.com 23.38.19.203
whitelisted
googleadapis.l.google.com No response whitelisted
e1879.e7.akamaiedge.net 23.38.19.203
whitelisted
586813v.ha.azioncdn.net 151.80.204.61
unknown
156813v.h2.azioncdn.net 151.80.204.61
unknown
146813v.h2.azioncdn.net No response unknown
incoming.telemetry.mozilla.org 34.214.252.85
34.212.55.103
52.34.248.21
52.26.72.3
34.217.184.213
52.34.167.99
35.167.70.180
52.36.71.24
whitelisted
g0431773.iavs9x.u.avast.com 92.123.64.59
92.123.64.24
whitelisted
s-iavs9x.avcdn.net 23.40.96.152
malicious
l2591751.iavs9x.u.avast.com No response whitelisted
y6053546.iavs9x.u.avast.com 92.123.64.59
92.123.64.24
whitelisted
x9592796.iavs9x.u.avast.com No response whitelisted
z1686792.iavs9x.u.avast.com 92.123.64.24
92.123.64.59
whitelisted