General Info

File name

NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe

Full analysis
https://app.any.run/tasks/a73945dd-14d6-4d43-995a-65998c9ef1cf
Verdict
Malicious activity
Analysis date
14/01/2022, 22:23:55
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

loader

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

1f2951435ee209e761a9df276023c48f

SHA1

98d306e3248a3cf6fa61d0cd711fbc74f3b85702

SHA256

c3e83b560db63700a60c5d4d8cd562fbc1a0f8bd4b6098a27b3f1ca8338c3d09

SSDEEP

49152:qqe3f6a0zD7+H98AHaCfu6O/HCL+WuTmuKwEP:DSiBD7E9vBuT/HCK5NKXP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Drops executable file immediately after starts
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2204)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2616)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2540)
Application was dropped or rewritten from another process
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • saBSI.exe (PID: 3876)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Changes settings of System certificates
  • saBSI.exe (PID: 3876)
Loads dropped or rewritten executable
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Checks supported languages
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2204)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 3500)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2616)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • saBSI.exe (PID: 3876)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
  • installer.exe (PID: 3984)
  • installer.exe (PID: 3204)
Reads the computer name
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 3500)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • saBSI.exe (PID: 3876)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
  • installer.exe (PID: 3204)
Executable content was dropped or overwritten
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2204)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe (PID: 2616)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Reads the Windows organization settings
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Reads Windows owner or organization settings
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Drops a file that was compiled in debug mode
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Drops a file with too old compile date
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Starts Internet Explorer
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Creates files in the Windows directory
  • cookie_mmm_irs_ppi_005_888_a.exe (PID: 2068)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Creates files in the program directory
  • saBSI.exe (PID: 3876)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2956)
  • installer.exe (PID: 3984)
Adds / modifies Windows certificates
  • saBSI.exe (PID: 3876)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3976)
Reads CPU info
  • instup.exe (PID: 2956)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • instup.exe (PID: 2540)
Reads Environment values
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Creates or modifies windows services
  • instup.exe (PID: 2956)
Starts itself from another location
  • instup.exe (PID: 2956)
Removes files from Windows directory
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)
Creates a directory in Program Files
  • installer.exe (PID: 3984)
Application was dropped or rewritten from another process
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 3500)
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Loads dropped or rewritten executable
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
Reads settings of System Certificates
  • NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp (PID: 2812)
  • iexplore.exe (PID: 2716)
  • saBSI.exe (PID: 3876)
  • instup.exe (PID: 2956)
  • avast_free_antivirus_setup_online.exe (PID: 2312)
  • iexplore.exe (PID: 3976)
  • instup.exe (PID: 2540)
  • installer.exe (PID: 3204)
Checks supported languages
  • iexplore.exe (PID: 2716)
  • iexplore.exe (PID: 3976)
Application launched itself
  • iexplore.exe (PID: 2716)
Changes internet zones settings
  • iexplore.exe (PID: 2716)
Checks Windows Trust Settings
  • saBSI.exe (PID: 3876)
  • iexplore.exe (PID: 2716)
  • iexplore.exe (PID: 3976)
  • installer.exe (PID: 3204)
Reads the computer name
  • iexplore.exe (PID: 2716)
  • iexplore.exe (PID: 3976)
Reads internet explorer settings
  • iexplore.exe (PID: 3976)
Reads the hosts file
  • instup.exe (PID: 2956)
  • instup.exe (PID: 2540)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Inno Setup installer (67.7%)
.exe
|   Win32 EXE PECompact compressed (generic) (25.6%)
.exe
|   Win32 Executable (generic) (2.7%)
.exe
|   Win16/32 Executable Delphi generic (1.2%)
.exe
|   Generic Win/DOS Executable (1.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2020:11:15 10:48:30+01:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
741376
InitializedDataSize:
157184
UninitializedDataSize:
null
EntryPoint:
0xb5eec
OSVersion:
6.1
ImageVersion:
6
SubsystemVersion:
6.1
Subsystem:
Windows GUI
FileVersionNumber:
2.0.0.13
ProductVersionNumber:
2.0.0.13
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
FileDescription:
Linkvertise GmbH & Co. KG
FileVersion:
2.0.0.13
LegalCopyright:
OriginalFileName:
ProductName:
Linkvertise GmbH & Co. KG
ProductVersion:
2.0.0.13
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
15-Nov-2020 09:48:30
Detected languages
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
null
FileDescription:
Linkvertise GmbH & Co. KG
FileVersion:
2.0.0.13
LegalCopyright:
null
OriginalFileName:
null
ProductName:
Linkvertise GmbH & Co. KG
ProductVersion:
2.0.0.13
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
10
Time date stamp:
15-Nov-2020 09:48:30
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000B361C 0x000B3800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.35606
.itext 0x000B5000 0x00001688 0x00001800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.97275
.data 0x000B7000 0x000037A4 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.0444
.bss 0x000BB000 0x00006DE8 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x000C2000 0x00000F36 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.8987
.didata 0x000C3000 0x000001A4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.75636
.edata 0x000C4000 0x0000009A 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.87222
.tls 0x000C5000 0x00000018 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x000C6000 0x0000005D 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.38389
.rsrc 0x000C7000 0x000216F0 0x00021800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.61597
Resources
1

2

3

4

5

6

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

11111

DVCLAL

PACKAGEINFO

MAINICON

Imports
    kernel32.dll

    comctl32.dll

    version.dll

    user32.dll

    oleaut32.dll

    netapi32.dll

    advapi32.dll

    kernel32.dll (delay-loaded)

Exports
    dbkFCallWrapperAddr

    __dbk_fcall_wrapper

    TMethodImplementationIntercept

Screenshots

Processes

Total processes
54
Monitored processes
15
Malicious processes
7
Suspicious processes
0

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start nitroinjector v8 - linkvertise downloader_g7uyw-1.exe nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp no specs nitroinjector v8 - linkvertise downloader_g7uyw-1.exe nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp cookie_mmm_irs_ppi_005_888_a.exe sabsi.exe iexplore.exe iexplore.exe avast_free_antivirus_setup_online.exe instup.exe instup.exe installer.exe no specs installer.exe sc.exe no specs regsvr32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2204
CMD
"C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe"
Path
C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Linkvertise GmbH & Co. KG
Version
2.0.0.13
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\netapi32.dll
c:\users\admin\appdata\local\temp\nitroinjector v8 - linkvertise downloader_g7uyw-1.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\user32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\users\admin\appdata\local\temp\is-o7l86.tmp\nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll

PID
3500
CMD
"C:\Users\admin\AppData\Local\Temp\is-O7L86.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp" /SL5="$20138,1785071,899584,C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-O7L86.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
Indicators
No indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\is-o7l86.tmp\nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp
c:\windows\system32\usp10.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\srvcli.dll

PID
2616
CMD
"C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe" /SPAWNWND=$1013C /NOTIFYWND=$20138
Path
C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
Indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Linkvertise GmbH & Co. KG
Version
2.0.0.13
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\nitroinjector v8 - linkvertise downloader_g7uyw-1.exe
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\users\admin\appdata\local\temp\is-apc52.tmp\nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\netapi32.dll

PID
2812
CMD
"C:\Users\admin\AppData\Local\Temp\is-APC52.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp" /SL5="$2013E,1785071,899584,C:\Users\admin\AppData\Local\Temp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe" /SPAWNWND=$1013C /NOTIFYWND=$20138
Path
C:\Users\admin\AppData\Local\Temp\is-APC52.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
Indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-apc52.tmp\nitroinjector v8 - linkvertise downloader_g7uyw-1.tmp
c:\windows\system32\comdlg32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\webio.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\zbshieldutils.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\nsi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\credssp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\imageres.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cfgmgr32.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\botva2.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\sxs.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\propsys.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\apphelp.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\program files\windows defender\mpoav.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\windows defender\mpclient.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\mssprxy.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod1_extract\sabsi.exe
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ieframe.dll

PID
2068
CMD
"C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1khOLWOm2S70DY80tNWgYkkk6iOMlfbG2Jy57D0v911NCiKEJYCDIxO8dWYc63epQvfTG2BQeW
Path
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
Indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
2.1.1286.0
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.32b6eba218ab1a8e\avast_free_antivirus_setup_online.exe

PID
3876
CMD
"C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true
Path
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe
Indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
McAfee, Inc.
Description
McAfee WebAdvisor
Version
4,1,0,48
Modules
Image
c:\windows\system32\ole32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\nsi.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod1_extract\sabsi.exe
c:\windows\system32\ws2_32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\schannel.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\imagehlp.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod1_extract\installer.exe
c:\windows\system32\apphelp.dll

PID
2716
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://s3.eu-central-1.amazonaws.com/adlocis.linkvertise.links/pastes/18740826.txt?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6L5L3NKTBHJ3YVHU/20211220/eu-central-1/s3/aws4_request&X-Amz-Date=20211220T200802Z&X-Amz-SignedHeaders=host&X-Amz-Expires=432000&X-Amz-Signature=25569e30464f0097584277092ec223cf958eaccf084dc9dc611a6b36b7ef96e9
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winhttp.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\credssp.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\duser.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\ieui.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\mlang.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll

PID
3976
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2716 CREDAT:275457 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\userenv.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winnsi.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\oleacc.dll

PID
2312
CMD
"C:\Windows\Temp\asw.32b6eba218ab1a8e\avast_free_antivirus_setup_online.exe" /silent /ws /psh:2bJ1khOLWOm2S70DY80tNWgYkkk6iOMlfbG2Jy57D0v911NCiKEJYCDIxO8dWYc63epQvfTG2BQeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:87a45f0c-6358-4038-a3ec-0f2269e4023e /edat_dir:C:\Windows\Temp\asw.32b6eba218ab1a8e
Path
C:\Windows\Temp\asw.32b6eba218ab1a8e\avast_free_antivirus_setup_online.exe
Indicators
Parent process
cookie_mmm_irs_ppi_005_888_a.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus
Version
21.11.6809.0
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\advapi32.dll
c:\windows\temp\asw.32b6eba218ab1a8e\avast_free_antivirus_setup_online.exe
c:\windows\system32\schannel.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\webio.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wship6.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\cryptsp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\credssp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.25fb8c8115bdade0\instup.exe

PID
2956
CMD
"C:\Windows\Temp\asw.25fb8c8115bdade0\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.25fb8c8115bdade0 /edition:1 /prod:ais /guid:8dcdf4d5-62b5-4349-88e6-d9504e816df8 /ga_clientid:87a45f0c-6358-4038-a3ec-0f2269e4023e /silent /ws /psh:2bJ1khOLWOm2S70DY80tNWgYkkk6iOMlfbG2Jy57D0v911NCiKEJYCDIxO8dWYc63epQvfTG2BQeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:87a45f0c-6358-4038-a3ec-0f2269e4023e /edat_dir:C:\Windows\Temp\asw.32b6eba218ab1a8e
Path
C:\Windows\Temp\asw.25fb8c8115bdade0\instup.exe
Indicators
Parent process
avast_free_antivirus_setup_online.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
21.11.6809.0
Modules
Image
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\temp\asw.25fb8c8115bdade0\instup.exe
c:\windows\system32\ole32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winnsi.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msi.dll
c:\windows\system32\powrprof.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nsi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\userenv.dll
c:\windows\temp\asw.25fb8c8115bdade0\instup.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\temp\asw.25fb8c8115bdade0\uat_2956.dll
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswe7f588ffc7db6627.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswadbf8372203d4f15.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswb0742c839237aecd.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswb86e7dcb7d544833.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswf5dfcb1c3e5989de.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\asw5498f7f58610abd7.tmp
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\aswc706cf884a88de3b.tmp
c:\windows\system32\apphelp.dll
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\instup.exe

PID
2540
CMD
"C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.25fb8c8115bdade0 /edition:1 /prod:ais /guid:8dcdf4d5-62b5-4349-88e6-d9504e816df8 /ga_clientid:87a45f0c-6358-4038-a3ec-0f2269e4023e /silent /ws /psh:2bJ1khOLWOm2S70DY80tNWgYkkk6iOMlfbG2Jy57D0v911NCiKEJYCDIxO8dWYc63epQvfTG2BQeW /cookie:mmm_irs_ppi_005_888_a /edat_dir:C:\Windows\Temp\asw.32b6eba218ab1a8e /online_installer
Path
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\instup.exe
Indicators
Parent process
instup.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Antivirus Installer
Version
21.11.6809.0
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\instup.exe
c:\windows\system32\wininet.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\srvcli.dll
c:\windows\temp\asw.25fb8c8115bdade0\uat_2540.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shell32.dll
c:\windows\temp\asw.25fb8c8115bdade0\new_150b09c4\instup.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gdi32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\wship6.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gpapi.dll

PID
3984
CMD
"C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
Path
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\installer.exe
Indicators
No indicators
Parent process
saBSI.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\users\admin\appdata\local\temp\is-m5du8.tmp\prod1_extract\installer.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\program files\mcafee\temp785408427\installer.exe

PID
3204
CMD
"C:\Program Files\McAfee\Temp785408427\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
Path
C:\Program Files\McAfee\Temp785408427\installer.exe
Indicators
Parent process
installer.exe
User
admin
Integrity Level
HIGH
Version:
Company
McAfee, LLC
Description
McAfee WebAdvisor(installer)
Version
4,1,1,663
Modules
Image
c:\windows\system32\gpapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\webio.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\devobj.dll
c:\program files\mcafee\temp785408427\installer.exe
c:\windows\system32\kernelbase.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\mpr.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\lpk.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\normaliz.dll

PID
1124
CMD
sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
Path
C:\Windows\system32\sc.exe
Indicators
No indicators
Parent process
installer.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
A tool to aid in developing services for WindowsNT
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image

PID
3080
CMD
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
installer.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image

Registry activity

Total events
41930
Read events
0
Write events
866
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
(default)
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
FC0A000067BB106E9509D801
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
6C5E72B3C6F74C335B09A762F3242E317A809E5A02BBEE1190B181B007250604
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010005000E00160018002900DF00010000001E768127E028094199FEB9D127C57AFE
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
01000000000000007D151F869509D801
2068
cookie_mmm_irs_ppi_005_888_a.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.32b6eba218ab1a8e
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
UUID
{60C18DAA-1B53-4EF7-A8FA-7B14A069BE4D}
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
InstallerFlags
1
3876
saBSI.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
040000000100000010000000E4A68AC854AC5242460AFD72481B2A44530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
5C000000010000000400000000080000090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B0601050507030819000000010000001000000014C3BD3549EE225AECE13734AD8CA0B80B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F0074002000470032000000620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F391D00000001000000100000007DC30BC974695560A2F0090A6545556C030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A40F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0040000000100000010000000E4A68AC854AC5242460AFD72481B2A442000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
InstallationStatus
PENDING
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
NEW_USER_ANY_FLOW
SYSTEM,STR,TRUE
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
NEW_USER_ABTEST
SYSTEM,STR,TRUE
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
NEW_USER_STATE
EXPIRED
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
InstallationID
UNDEFINED
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
*Affid
SYSTEM,STR,91082
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB028090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA9531400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B0B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D002000520033000000190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C02000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
3876
saBSI.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
5C000000010000000400000000080000530000000100000040000000303E301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F0B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D002000520033000000620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B1400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA953030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD0F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B06010505070308040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB0282000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935445
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935445
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{C58E3DCA-7588-11EC-BB61-12A9866C77DE}
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
357505889509D801
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
AdminActive
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
13AF1F889509D801
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00160018002C00E901
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
13AF1F889509D801
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00160018002C00E901
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00160018002C00E901
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00160018002C00E901
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00160018002F00F20201000000644EA2EF78B0D01189E400C04FC9E26E
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00160018003000040000000000
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000A45F841BD70FEDF53A8B1946E0889098A9A3A6F4C153A350208FB66BF3F8A4CCEC68BE91FF13D74DC61EC67405DAEE3E001395F55C24BCDA1DBD03F3F28E78605647E488499963C3602F5FBBB6C8815817E822357AC6D8661B78698B027D3590521AC5142C3FF0C8D6DC0EB141E072560042BFC9F3D8578A49E0EEE81065DED6FD020DF35AA630A7694752F99FC028D1FC400A5659FC9D04AF15C1D50DE6A4C54A2070A6DA6E8729D28E7344270A448EA804B60E21D175B2B937175458A082905F9297E1C3373A556FD39D1E755CC00A5CADE00DBAF6978C9F66199C0933CF1E54796F46FDA1F935A4350A9389578F9B545B5FF7590D02C0B5C237DF853EC8B5CAF5B8707E4DFCB819D3009A2A9C2E1C852DEFED7AB5BCCCCF6B83E4F363B42C5F27B45347D9FA9477CF335BD4C9132AC9459AD7C88DB0B8CF81F970B741AFB51C2DDDE502E68B47E347D23C6480C8F715C2CDF229375B53D7242F7B90789131D0281D1CE114DF1F635D40C4E65FDBA73DC4EAB86E52C086C274633CFCA87C1970390B3B8A035554F72FDB47D307013C696BCF14FC7DEFBBA69181FF15713EF06A7E8A6DB053DA324EDF676E3819B116B8D624E66E5AC84AA39B66D35F73A94FFB181DB54FA54E58C78BE97ED133EB04E52717D78887BAFFB1B2E3F8244E3A7AB22792244A97ABFB5155FC8255F790DE1B7D4D7FC6A61CACA9F6BB3356A2DD824DCCB16D39CA6749DB5B3235EE03C5B75CF8D7D86D56CEC8AD8708E0500FE802252547BD2CDE07CB76BF8CC4D7F8FA9A93B74505A6362D28DB856FDA05355762B453E2E6A773DFE6BA9FD9612977C0D897DCDA62ECE87ABC8510B9378FB3DEAC9276F6E1E1296264391DC6A0EE1E81E9E586DFEE310B4663924841CFA42BC1F73FAF269792A01E0AAC572DAA418F78D82DD550FB863E4ECF7F4EC093CE3C405BEF1CD4FC5679E14A4B6F963BFE68D84042E9C333E0233F76664000B98386AC749BDE4B810A52B8F8A7830377AD4A7AE1E8E1B0F11D595395713F1CB0D8A9FC812D169AC86FCC4B1676B50D8461D6DAB6D4DF56E0937F3E42356B95EB0245CF0213E2E1BAF5876CAF9023B801E7AA71AC0702CAF1A4377E8F47E4017C2FFA61F4C4638ADDCE23B9C0FDEF2643546837D8426A00A35B2095BC4FCA7B772868499389B9DE0294400F366D389C64D0AE154DD5363392BED9E67C403D9D2D452F41B653055444297FFCF4D91DB6284C1E257689889C5FD0047F430A5D693933EFF5B0E765684F627EECF12FC065AB69569405887F1FE52B4008AB364AE64F8D47D5CBE3FA410328DEAC60D13FEFDFB3F7D5743E3B51BBFD2C56E8252485EDCAD99C4C71E5875CF53FE4ED46BC3AE348A2A61163DC66091E6AC247200B95D0A544680A39446DB2C2417605CB55B01BD2F53B9D838157AE6A9943C5771F7A3DD0286C93D6388D3FBF841131512C82292F92F47AE74CA6B48658A3AB2B800717D325CBE5BFE14F06D9A8E383A55F71A92417416D415C971573491A496A4E77CC85DBDAB5406098F3574EB10E611093BFAE2546E64FD105CD790BB7AF1CA9B70C43EA6F4313D3E66460145771B35D6D7F335D13E568CB6240B23DC48901B1984F30F294BFB65BC1EB1F9BBF703B686615C45DCF65B569EBF018815DFBE18604317493FF4721199971FA83F2A4944F5CCC79C7115CFFCD46813576F293C548CD96686D16651D2B54A1896C252E3A345EDC5F3949473B16170AEEBBDA52A31766A90D2008299CB22BA0EFF696868235FA099154894B0F6414BE02F21CB8F313459E974B81D08ACE1E2539C23A571174811766B9BDE49BD6BFDE67BA55E9C35C4C4FAD9091FC13A00AC64A6EA66374109B088C06AF21C38EE100D2B2FDE0C91260A2918E6477064630B1149B5C86A828532D78DDA97413ABFD9F2F7C6DB1C95522C2CCE57A89DBE185A2EEE91AB873DE1E05A7DC5711214DF30474B7A0DADE451B29FD35B1E37F921534D2F8BF2FF350ABF191A45CDA6194E878DF0283A9BF023A770F1EBB133B775278BA68628541A014B325D691E0AB9F69CA36FF3DACB8ACB6191240958AF1B1B1E560DAEBF2DAECE4BC9F103273FD909C208F4C3131BD63EFC7053BF933B5609E9647ECFC9B0B56AE5048F44BBB5A86A623C68B14DFAE47A9C55AAFE7996CA5D7D33E3F3FE8D6FC8175F42087EB6EA1CD6B195BA853DF78DE02583C6C9F389E5DEF2C7375F0360034B4CC355300B5000A48C35B85D6FC16DCFC898266C4F76CB173FB28D5F4BD8002A72BD4E30AE4C587D5FF2D721C9B41D97CB1201AFD8C2FEB9F8BFE66EA229E4B5E9D9BFB12EF0FC1602270B218B619491CA2B8D41809084D329495CA14B178C48B462CD3833CFE6019A2C3BCE276BF1C9FCFE915B5E91574873F8EC6B11E30C987FD25672B62B2DE19E1C833A45951B21DD75333CBBD771E0322878DB0B2E4EE1EEE27F3C60A4AD6B9531E799F66F0C7F9B796D6BE334FB9D20021CD811BB6C23302D38E24CFE80B338C64003D6EBC46A916525E0A09BBF7F2F1FCF9EB92C43F2EA7C704D047AB7C97C73C72364CD5E14F1427CD7191DC22908FB8B0F8BE30DE3D07A5FC505CB36B115D4548BE5F5BF22322B544CBC9D2CDB28BF587F060191F68EC0BF1F89F1F337CA61EACCB416E28AA4C9C735559BEF73A74547165F59EC16B6D9B4343AC118748F5691267562E2DBE337C489CEBBEB62C4373B1477FE1686D1DF3C5C3F3A87DAF44C5481136BBE0689CF482F1B8F3274E5FF3010000000E000000385835324E41646D516B412533640200000000000000
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C9CDBB25AD1C0E4DA48ACBCF267D8D50000000000200000000001066000000010000200000007A346B4C02365A90D70A8F82DD200746125F14A4783FAA190E6905C2F630B2A8000000000E80000000020000200000000BCFE6FA7E573C0FCD41159DF5D20584215A8E08D1C389545A924D87325E768750000000D085B1FD571D9C725D4CAE29B542DE8EB487114CFC721AC8A12E4CDEBF34C4F946DAF1CBA308EC8AD214D82D064022A31F45FF1F18DA711D013935868B50B0290E2D0FCB28E35B2E71F84A06DC16A81C400000007EFE4B65F6CD2331426C80C66E6CD2D07659612770953C73B0ED54550DCE5F0A233DC23AC1D2CEEBC3944C09F0F8A43ED2768D47049AA3B83C4E97B348C81B3C
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C9CDBB25AD1C0E4DA48ACBCF267D8D5000000000020000000000106600000001000020000000F8B9C9000E0957FE33AC8CD4811EACE8697AAF02C5B6A9D71AE43E5770B64DA4000000000E80000000020000200000007CDEEE82EACE0E4FCF42FF63561E5A9B6076BA2C3DFF22034796FFFA5388D03B100000001361586093BFEFC7040764B64D30845C400000005CEBEB166D4B57FE16453A5EEF69DCE503B9C12717877B1169ABB1CAB919DC4FCE5F87BE81CA50D8F7CE8E8496B14E8B7655D68C746A39A95DC8FAA734ADFE46
2716
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00160018003300A402
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00160018003300A402
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00160018003300A402
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00160018003300A402
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C9CDBB25AD1C0E4DA48ACBCF267D8D50000000000200000000001066000000010000200000000F050A3300AAEC4F49E9F876F1E8608F0AE38EE8F6781599E53E311924AD7D44000000000E800000000200002000000030598C0960C28AB0AFA02C616AF30F7419DAD3DA75BB87847E43A96DE2458708500000008D2FAD320844F1D7C30555B2D0D464E53DB4EACDB96034D081056FA1098E01FE40B594B251DAA97FF0D6DF2D10A95F1FCED49407B97218D7AF1E5D9270668E456BBA41BC74DF20E623EEAF58A72F71F44000000009C3E11CB688016447AF707C2A2EE19FF263D6713A2828728D8D681A0672CFC0D434AFF7095863A6435F2A3B77B1F0EF60921767A96B5DA08FA9C63A3849A758
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C0800005CBF4FC4AFD01F20B2A842854801501FE16C311B29D81D161862F633DB5F11E2A4934AE9D773B0DE3E5F16D733F97045FD17920DAEF7B1E711A3513EFCBCEDCF811C135D91F776AE8772F24701DE2928110732511248C2BC26518CAEE6D23B49587BDCBB48FDBD9F12033403B04CE5244A5CE725686ADBDC148CFD943141677112CE37BA2A23DA3FB830195435E40C9245367CE3B3FC1D1715744FF730A9BECA9836E9F8120AA230281B8ACFCA44B935BBB495AE18A043A6E329E2315EAA6A3353D4761BAF5242D7D5E2AB57540E163EA9F82F7F3EF5C11EBDCBD11813E40D6660C6FB36F59B0C1343A7DDEA49E055D31E21DB6FFE9A1675A67ACBF53BF73916A42D3B8FDD85E90AC588C0459C5BCB32494FE2670C3107109F56584DB582EC928C297DA363B1A70344A7C152662025629FA1E90A255966E9CB7F8F77BA2761FD4FDB098652BD825060237E6CC7CD416AD3390D01DDB14CC0C315280BAA8504117C61F091294A9448F51B52692F04CF254B36D18B1EDB705F8138B312E93C46798BDCC15DA2F8205321B1A882E7638FA201B80065457603EA9708FD16A4EC49B8356D750FF5676502DC03F2FFAC8B850C49DF9AFAAB21CE43C2A5CDF67D35169D4C3281F3DF37BB3D26335CB9511D1A2FD0CA99EE537E547ECA2FCA9065B7FF48944C6B6E7309447CDE5F2B6996B74981F99B9AEB922BAD60B0C6553A2312D1CAF2DBA433407BA40E19A97ECA52FBE6C60C71B4CCC2CAE7F4AA8A5C080AE6593D510014D8252E307B832FE489FA87543B496C5F0D28FAB82DB69B75E86FD36F851FD9F5AA59C2FDE62713E9079AFC205484AB6A91885AF7998B1938886279B193D5876AE0C2D7588FE8739FE638FB030DCF50E8B8FF8C4F229A24A31096779B3E992ACB12A20DD3572E717F6EA822AEC7F47A2EC23E2F7BE188DC0AAAA26FFDA621E3F00D9004EB61AA2BE9B7521382B72D49CD8299E2E002756236D9D800D32BEBD009E76B5D77B740C353B3F46CBEE464DD7E68FC47A9B542D4E9A4CCCA97F6BC1263717AB62606875728F4C3CE10B6BD5583CC4FFDB3317D53E48DC56DAB0E75CA1CF107B0C26B0B090B5527DACB13F2D3F19EDEA34FC75FFF105A26895BFE5616E031E7EB914BC3F7F3658C2E3A115876CD5184DB690182F8DAAC35BE900BD81750DA85073B3FA94341AC466C72301E5E04255A44E6DB4D5E6A6C26ACB5FE99ED081E94A4DA0A6F0C18B6FA322E2CC7AAFEB8E67DB2004151ACFC4CF383765FB907B95B63DAACE47108F97222995AE67CF6EEF1289A1F07F1CF4850337ED2D099923B47E2D2757B942C821CDAD598FCF311236DE4894D105EA397C00B62A489AE9FA60DC2A53294930577A1FB86C86D2F9EAF965077777AB8443AF51D2ABBB4194858EFA347695A90E066032664E3375060BF0C0E18E47C1F41FEA4086BB83BF8FA48CC25DBA0DBA93669D2F96A9381755A7240BDF4CA65B38779886C8F33D76C2D97B6E866BD5D002E115D167A65DAC0D354B8FC73EF4494F324EFE95777D1952565BA8C5A6995B3552C101BD5861350A621316D065912E2733DC31FC8BF669432041AB2E8920BE45B528BA9AA130A45D9D76BAF50164FBD0A8528AE9E164C87B3715CF87CF176B19146296144F574BF5D1EF961760955452CC7223680B8EA8FCC221EFFF8A5393C8C29CAE10D50A5DDC6F71825CFD0E39A2B305E57C20B33CD7B22A267DADF95A3C07770CB0284F3C19FC9479A3CB6F8DC527856B1E423725FA57BB5D0929B530852DA3CBD71B90B8AAAAEDA5F0DB3F12B2FDA4FE4F6DBE46635FAA9DA4E6DA48958C8DC5824FE6558531B3716C482C8A75ADD858F607BD9026D315226DE554E48BCF65D3DADF8484A41D2635E74C2D67031EDE7541CEC0354D9DC48528CB42864A899D80A0521D782E12AD0D61126C7A6E5C1B6D26C83157A268B04FF633EB1FC7F742461C2940B1F75A33A20C8BDD169C998F9A90E53CE95919BFCCD570530329EB7F3E08D6F7D4136C546DB9040E9D9473DF479B31767C68489F55C6A99E624FAB7AF2869C05A08005D96A6307687164EE129E223A71E2B7989AF4C0E2D1BF4B36614DA8C00E093DDFA462341A69841BEC40D840BFDE0E571743D3EF7D581C04DA9C994B129B6042BC892F0251AB57718B02EFFA3CEB11458055ED0ACCF5BAA0C740FF8BD4E137AABADDBAF0AB2ABDB603B50F3AAB05DD9E9672CA3B2DDDBD028C0FBA496CC4015C1C62EFF0F858F8C2EE5600006D0015244100D57B4B023543747CC39EA099CF4C8249D7F6F969FAA83FF62C6C736C9A0C0EACA8C5F64B654CB16305886C0CC396AE6A6D1E7929B55AB64D7E408A29DE3F2D898E2610732F2C3EFA99F22E4A603C8982C9411A992AD7800BCFC96EB2C3C8C79CAF97037B74C287713B031092772D6EFA367106A6BD34628D5ADA7FCF1C92E4D6C725CCB05845337F82962677EA6F4C6F6EC55BA6DE597C5D1972656AFAB631922EB1C8E9DB8606E9AAB8A65B1BEAC7755C25CD47704584EEA5AB62668033DAB4905C808390A69B02CD7A3BDE9DCE77EAD88EC5C495051895396C4F207EF63E3C260895BCF981E58C94B2E23681F766D8BE0848418E9482B08EB49C8C9906310CC9C3F2CE784BFC65CA930885EA7C1337269363B5AEF993D24F9E50795062A9BAB59169C6DED3174F58F19E9979362AD87C256705B8245585F60B1B84F72F10769382356CAF278D06F9FB6ABA5056C8CED8DF6664EC2ABA650C0B072F4F27C3B58D798A67BB547F23577A88CED1C558B5D69B41721CF9BC38EB8A1D0CCA7501D5FD797A8A654CF1AA5B8EA2020F8EEF1FCF5A3A52DC92B62CBEAC07A7DB25383F5D8727C5DF18A025F037BDF36B91C6914D374DC7DD010C2BAF561B93531C06BC47A639689AAA8FDC8F69CC38B7EFA2167A262C56E04B2FD8679EE9D9145208CF15D23175FA1C4E86E33C07CC969D744AE01234B1985CB1CFC16AAB98B0EC62C9E21AF36A3F4AFEA5758772713998BBB1F921DE957738701F66C746355AD2E55426790BD2BC57A07BC063F9F452EAC4478F419711CEE9D201F1B748C0F40034972CD2E92B532F47B2FDE235F72488AD3B0C6F0DB0716AD06010000000E000000385835324E41646D516B412533640200000000000000
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C9CDBB25AD1C0E4DA48ACBCF267D8D5000000000020000000000106600000001000020000000CB8F0951F9F9683988C8214F769FA6C1A9BF02981885F66DE0FD2910151C8AE7000000000E8000000002000020000000629A47470FB4D2920CE8154FFC4B8C39D38DAAAA1A5EE5B45E0B3FAC947157E4100000004AE7C704993D7D6B56CF416A20601A8A40000000618CF1205745FC98A4A680444A001B48D327B9E61F9BA39DF6ABB083471852E1B440C659C3DDC7176838FCB32C8845D3CF112FB4BC35C28E890232754897CA26
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2716
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3976
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3976
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2312
avast_free_antivirus_setup_online.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
SfxInstProgress
0
2312
avast_free_antivirus_setup_online.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr
EnableCounterForIoctl
1
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast
SetupLog
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
2956
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
0
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
DNS resolving
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
0
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: servers.def.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
100
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: prod-pgm.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Checking install conditions
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
2
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
4
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
1
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
3
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
16
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
5
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
9
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
10
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
14
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
15
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
19
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
6
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
8
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
7
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
13
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
12
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
11
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
20
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
17
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
18
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
25
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
26
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
23
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
21
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
22
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
28
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
27
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
24
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
38
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
40
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
43
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
32
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
30
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
44
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
45
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
34
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
41
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
36
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
29
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
31
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
35
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
37
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
42
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
39
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
33
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
52
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
50
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
55
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
61
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
56
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
60
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
54
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
59
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
47
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
57
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
48
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
58
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
49
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
51
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
53
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
46
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
69
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
65
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
70
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
64
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
72
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
62
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
66
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
67
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
74
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
68
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
73
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
75
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
77
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
63
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
71
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
76
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
78
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
84
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
88
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
85
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
82
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
89
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
80
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
83
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
86
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
92
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
90
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
87
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
81
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
79
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
91
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
93
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
99
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
94
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
97
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
96
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
98
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avbugreport_ais-9c4.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Syncer
95
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avbugreport_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
14
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: avdump_x86_ais-9c4.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: avdump_x86_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
28
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
42
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instcont_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
57
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: instup_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: offertool_ais-9c4.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
71
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: offertool_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvBugReport.exe
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: setgui_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
100
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
File downloaded: sbr_x86_ais-9c4.vpx
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Updating package: sbr_x86_ais
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: AvDump.exe
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_UpdateSetup_Main
85
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.exe
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: instup.dll
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: HTMLayout.dll
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Replacing files
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: sbr.exe
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Description
Extracting file: aswOfferTool.exe
2956
instup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.32b6eba218ab1a8e
2540
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
100
2540
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Main
0
2540
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Avast
SetupLog
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
2540
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
76
2540
instup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
InstupProgress_Installation_Syncer
62
2540
instup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3204
installer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3204
installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
chrome_search_compliance_disabled
SYSTEM,BOOL,TRUE
3204
installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
*InstallDate
SYSTEM,I8,1642199104
3204
installer.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\Temp\asw.32b6eba218ab1a8e
3204
installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor\Settings
is_loud_install
SYSTEM,BOOL,FALSE

Files activity

Executable files
26
Suspicious files
30
Text files
27
Unknown types
5

Dropped files

PID
Process
Filename
Type
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswOfferTool.exe
executable
MD5: 2b3c63b257c769dfce869d99076c8c14
SHA256: 02ddeceee89b08302f999a79689cf610b98ac8ebb73a3e4112dc0f9a09e80400
2540
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\uat_2540.dll
executable
MD5: a6532115f082992511a15361dcc2c0d5
SHA256: 8b788a15a7428001e7cd9abbb30e8c502f6bb5a4d8559ccffa42544b607fc3b5
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\AvBugReport.exe
executable
MD5: 2f55ba15d8be11966b142a36a34b327d
SHA256: 6cde1f9c879a8db81dce170e54e5b5f26fefe671a9d559b86176b6fd91d0b232
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\sbr.exe
executable
MD5: e1e9a947281b3415632ba53a3164bc9f
SHA256: 2b0334fb4a48ef5bc073e5300d997aa1615ed01da3b9ae91bed5a31e41c0499d
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\HTMLayout.dll
executable
MD5: a34e446577eb635c4965b8587acd5793
SHA256: c2d3d1e0dc258bc2cc618e2f5a20db7b16b7cf39bfecbefc0e4f0668bf1e4363
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\instup.exe
executable
MD5: 34cc27af2dbc3bbc2ba08acdaa33f9ce
SHA256: b717caa2a0ca6ea235a475350517620e59a5f166383e35fb1614164b4e0969e7
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\instup.dll
executable
MD5: 0ca66f34471e28b62e3c8dcb06ff02b4
SHA256: 3f516c2afdf56b238e511bff059bf366bdb7edfef7734a1aee23c39a703c7bec
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswc706cf884a88de3b.tmp
executable
MD5: e1e9a947281b3415632ba53a3164bc9f
SHA256: 2b0334fb4a48ef5bc073e5300d997aa1615ed01da3b9ae91bed5a31e41c0499d
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswf5dfcb1c3e5989de.tmp
executable
MD5: 2b3c63b257c769dfce869d99076c8c14
SHA256: 02ddeceee89b08302f999a79689cf610b98ac8ebb73a3e4112dc0f9a09e80400
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswb0742c839237aecd.tmp
executable
MD5: 34cc27af2dbc3bbc2ba08acdaa33f9ce
SHA256: b717caa2a0ca6ea235a475350517620e59a5f166383e35fb1614164b4e0969e7
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswadbf8372203d4f15.tmp
executable
MD5: 5e3a9a4e07d1b5af865e3b9e43b7c728
SHA256: f6b285c24ba62ad8f39f77cbd68e17ac54553abe9416fb86f56552c70b72c279
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\asw5498f7f58610abd7.tmp
executable
MD5: a34e446577eb635c4965b8587acd5793
SHA256: c2d3d1e0dc258bc2cc618e2f5a20db7b16b7cf39bfecbefc0e4f0668bf1e4363
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswe7f588ffc7db6627.tmp
executable
MD5: 2f55ba15d8be11966b142a36a34b327d
SHA256: 6cde1f9c879a8db81dce170e54e5b5f26fefe671a9d559b86176b6fd91d0b232
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\AvDump.exe
executable
MD5: 5e3a9a4e07d1b5af865e3b9e43b7c728
SHA256: f6b285c24ba62ad8f39f77cbd68e17ac54553abe9416fb86f56552c70b72c279
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\New_150b09c4\aswb86e7dcb7d544833.tmp
executable
MD5: 0ca66f34471e28b62e3c8dcb06ff02b4
SHA256: 3f516c2afdf56b238e511bff059bf366bdb7edfef7734a1aee23c39a703c7bec
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\uat_2956.dll
executable
MD5: a6532115f082992511a15361dcc2c0d5
SHA256: 8b788a15a7428001e7cd9abbb30e8c502f6bb5a4d8559ccffa42544b607fc3b5
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\Instup.dll
executable
MD5: 0ca66f34471e28b62e3c8dcb06ff02b4
SHA256: 3f516c2afdf56b238e511bff059bf366bdb7edfef7734a1aee23c39a703c7bec
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\HTMLayout.dll
executable
MD5: a34e446577eb635c4965b8587acd5793
SHA256: c2d3d1e0dc258bc2cc618e2f5a20db7b16b7cf39bfecbefc0e4f0668bf1e4363
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\Instup.exe
executable
MD5: 34cc27af2dbc3bbc2ba08acdaa33f9ce
SHA256: b717caa2a0ca6ea235a475350517620e59a5f166383e35fb1614164b4e0969e7
2068
cookie_mmm_irs_ppi_005_888_a.exe
C:\Windows\Temp\asw.32b6eba218ab1a8e\avast_free_antivirus_setup_online.exe
executable
MD5: d0484fa9af9ed79cfa90d578b3d2c909
SHA256: 866dbe9e47490504fada248e81eec655ee92d18a01316b99da263fdcc6b91c0a
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod0_extract\cookie_mmm_irs_ppi_005_888_a.exe
executable
MD5: 31208b48acfe1c6e1d5cd1bcb63ccb4d
SHA256: 2f4085cdabd5066bea81dc18ac026f71d3bf61765d174229dff39203516e2bf3
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe
executable
MD5: 211f842d6081bba42c3e7fdd372e0986
SHA256: d5be427d9f42ecf0a37f1c7ed4cb75499f3f61e9a4e67d6b5d0a0b759436f8c5
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\zbShieldUtils.dll
executable
MD5: e1f18a22199c6f6aa5d87b24e5b39ef1
SHA256: 62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d
2204
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
C:\Users\admin\AppData\Local\Temp\is-O7L86.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
executable
MD5: 74fad5c6cd2d3af1fa257b5e9531993a
SHA256: 8dc40627fa4c09f7fd6df78e3ad03d7db3767010e15418dba24e63754dcbc59b
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\botva2.dll
executable
MD5: 67965a5957a61867d661f05ae1f4773e
SHA256: 450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
2616
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.exe
C:\Users\admin\AppData\Local\Temp\is-APC52.tmp\NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
executable
MD5: 74fad5c6cd2d3af1fa257b5e9531993a
SHA256: 8dc40627fa4c09f7fd6df78e3ad03d7db3767010e15418dba24e63754dcbc59b
3984
installer.exe
C:\Program Files\McAfee\Temp785408427\browserplugin.cab
––
MD5:  ––
SHA256:  ––
2540
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\program.def
text
MD5: 2ae68fdb37871f9d9b947aebf070e3cd
SHA256: c7e5bec2db19c033b3fc00e679acb9396f3fd7284dbf8ad3aa7b8b5e2094b0f6
2956
instup.exe
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log.tmp.133caf8c-6615-4004-a4d5-d30c91506a7b
text
MD5: 33f11f30504a83aec9ea104f121f43a2
SHA256: 9be1573d36e581d6d9c2a4533308274d6230ff816a1bba118f735b357bd95ebc
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\offertool_ais-9c4.vpx
binary
MD5: 7f95407e56b2bc93f0ad9ecfd410eae2
SHA256: fc179137837e7cabae7e92bbbcbcb12302697f6a0da024b310d24c580b37cc8b
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\sbr_x86_ais-9c4.vpx
binary
MD5: f2e2167619f026e5dd14dbd19d11ffed
SHA256: 1b950f07a11387665e175aa3fec7c9a2c6613ac7482c92b3b406833e00399a88
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\instup_ais-9c4.vpx
––
MD5:  ––
SHA256:  ––
2716
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2716
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
der
MD5: 4ce3ebbc54bf47d856f19f1bdfd546bd
SHA256: 03887a592e96c10969759d00f7e8e58a8323de635fa9946b111ce1cf3abc6d76
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\Stats.ini.tmp
text
MD5: bc939c561ab611434a1f6867482b3b99
SHA256: 9e70f2f292c622f0dd84c2517ceedc0abea4452bc4a372731cd8957822d34ad9
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\avdump_x86_ais-9c4.vpx
binary
MD5: 54e727f633a68f0408b3de97c47bb839
SHA256: f1bf102781e2e716b2726dcee83bb7ca832c8436e0a23ebf23009fa51c55085e
2716
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2716
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
binary
MD5: 4fc5fdc2e07aba07e2a4dbfa310a24d1
SHA256: 3167ec93d448f6105aa3d38cdb8b96dbeb24ac82f917241b4509cfa7eb666741
2716
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].ico
image
MD5: da597791be3b6e732f0bc8b20e38ee62
SHA256: 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\avbugreport_ais-9c4.vpx
binary
MD5: be7b2835ec1fab4f7f1443a3f5520442
SHA256: b5ffa45a583e7f05bcb22dcaec9aafbc095e0ac90bf60f70176c19565090d07c
2956
instup.exe
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
text
MD5: ecaa88f7fa0bf610a5a26cf545dcd3aa
SHA256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\servers.def.lkg
ini
MD5: 17004d5fd7f7f0749962465a83408ced
SHA256: fe821505f018f704297521f927df65ab6f64ebeae355d48db991c326c88dd2de
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\config.def
ini
MD5: dd1a4a9d2155132490b4cd081f6e2aa4
SHA256: 02adf97f897666b9c093141030cb8fd01eb8098f8daabe09c9f62f54baa0e909
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\config.ini
text
MD5: 0313169b71326209f3764fcfeac368dc
SHA256: 164a8533b97d25b5700d0e3f9a3c9d824dbe08ca44d0090b16857b79b4e5b308
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\setup.def
text
MD5: 7eb5322cd0b98f6aecb1c17e8941d8ae
SHA256: cbd47f66129a7f9cca285dedd4b10ca8a328b20ac9e44e39682480df976f68b1
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\Stats.ini
text
MD5: bc939c561ab611434a1f6867482b3b99
SHA256: 9e70f2f292c622f0dd84c2517ceedc0abea4452bc4a372731cd8957822d34ad9
2956
instup.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\config.def.new
ini
MD5: dd1a4a9d2155132490b4cd081f6e2aa4
SHA256: 02adf97f897666b9c093141030cb8fd01eb8098f8daabe09c9f62f54baa0e909
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\setgui_ais-9c4.vpx
binary
MD5: 8c2f102a4cac8a8db52e930de45c0760
SHA256: a4be5c61c86bf465fbc419f12ff7b99ddfbf1c4ce8c6b24396dcc5095d5bb4fd
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\instcont_ais-9c4.vpx
binary
MD5: a7bb6cf601122ed23477058aea6bc9f7
SHA256: 9d39498b6860ed9ec8d4eeefb3f712cc345256ff7209e5ffa430cc7a47f62bc5
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\config.def
ini
MD5: 703f9f556be82e3df73108b1cfe71004
SHA256: 6d920017636d063b16168690c8dd5e3234e0465ba9fe66f280840ee74fce2a05
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\prod-vps.vpx
binary
MD5: a49aec5cba7aca37bd49b995d6c7ea31
SHA256: 091b99cd4efa2fcd7573adfbda0005d6efc486f4565912e3c78d470b89fd8f84
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\part-setup_ais-150b09c4.vpx
binary
MD5: b8318dd2bcea0637db0622cdd5e41d4e
SHA256: 872de85120ebfd922286676fe9455ddf6bd5c1c62f4b84c92d74713c35037c60
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\servers.def.vpx
binary
MD5: 1be85feeafc6e5e699c472ef665c5b2f
SHA256: b0c07960402de6bf65700be5387850fdd05d76bd884830ceade0d9ffded553f4
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\prod-pgm.vpx
binary
MD5: e52819c2240e1a87ce7e21469fa1378a
SHA256: 6d20ff0b1f9b4e8a998d6ce6a9b55c9ef6dca96bc3213c1dae1fc36a8a5a47b2
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\servers.def
ini
MD5: 17004d5fd7f7f0749962465a83408ced
SHA256: fe821505f018f704297521f927df65ab6f64ebeae355d48db991c326c88dd2de
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_26DBE4FE04F0F1B653835DB5CA7B677C
der
MD5: 446226d636a20cdb9df385c9273442fb
SHA256: c636d91fde5f23864ca71b420fbbd50b3a53762f587530620297b52eb5020491
2312
avast_free_antivirus_setup_online.exe
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
text
MD5: ecaa88f7fa0bf610a5a26cf545dcd3aa
SHA256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\part-prg_ais-150b09c4.vpx
binary
MD5: 35b99dc11de4151f409014b5dc76c535
SHA256: c91b34b3af286993a6c5d79765bf5791631e10137d1fca8fda23ef74aa44f580
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\part-jrog2-ad1.vpx
binary
MD5: 07526bf8e89c845035b0b34e43741db3
SHA256: 0403d6b94b45bda5e355fdbf5b4bb424d2a23fea94430158bdad3f664cef5c3d
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\uata64.vpx
binary
MD5: 087d7c41c3a61832ae3f42700c39ed26
SHA256: 79dab840c5f4fa636a7286e5e171fe161a1a1581b9b43ad8572dde94bcab4b1b
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
binary
MD5: 837b062a40caf624763b024768fa7f36
SHA256: 310d983f47c62270be941859620336967d839e90d9f507d2dea0fcf7789dd617
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\config.def.vpx
binary
MD5: 06eaf89fd789d70cca2c1d979426d498
SHA256: 05c57d58d560449c4aec23f34e87976b493a0262a7250b7d8f421e6d407a0e87
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\cookie.bin
text
MD5: c1c3f32398130dfb38f9847f02f6786e
SHA256: 25ec04bce97a15d7abf948fefaeead48e95abc5f945361759d8bcc05bb20638f
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\part-vps_windows-21121500.vpx
binary
MD5: 998b29720c194c4ef099dd165165147e
SHA256: ac4d50374e158b6706b325143f68119c7df706757a7995f1ab77b139fed657c1
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_26DBE4FE04F0F1B653835DB5CA7B677C
binary
MD5: 6943661324193520b2eaa5f96780e314
SHA256: cd9ee363461b4083e76dd7c423ea38956c2f1097eede99b6d0d991839100440a
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\uat.vpx
binary
MD5: e1bac1b41d698b292c6169e66f8396b9
SHA256: 79b4236679a47265bce50558817cb47bcd4e75546f3e42c6ee095c867a427cdd
2312
avast_free_antivirus_setup_online.exe
C:\Windows\Temp\asw.25fb8c8115bdade0\uat64.vpx
binary
MD5: 007412eaa8d21e8c9b512aebf5d6dd78
SHA256: 7703ee6063800ac5ba871dfb789f259270decebfbe67a7102efb66d7f6f9024f
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
der
MD5: 029fb7dd858601813ae129d575d2b242
SHA256: 98dba01c5b1a4c1dd4abe3819dbb8a9846fecc746bee19bc15b4626d4c7b62de
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 4d7f3af6dbab5e143b6c37443a7a5b54
SHA256: 5ef791d56feb2dd13533ad24bfcfa67eaba723fdac072fe4061a6208eefc57e7
2068
cookie_mmm_irs_ppi_005_888_a.exe
C:\windows\temp\asw.32b6eba218ab1a8e\ecoo.edat
text
MD5: c1c3f32398130dfb38f9847f02f6786e
SHA256: 25ec04bce97a15d7abf948fefaeead48e95abc5f945361759d8bcc05bb20638f
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: 9b980225c891790166a8a8535bb4e178
SHA256: eefabcf46b58056a1447b6a084046fafdbe7d8f512415eff473544202fe1e047
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 1f188e2ad16feeb3c046e549fd4921b3
SHA256: 50b08f286c883cbdc63634ef0b38efcc5fa09d9629abcc09c71de29736fe57dc
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1
compressed
MD5: d53b3d3e404d193c3698f2833bfe386a
SHA256: f9057e98befe0939d1002a5a9806d79d932a25ab45cac44cf2424191000a3969
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\is-01370.tmp
compressed
MD5: c0526c31262a1c5bcc1f0de4838a65e8
SHA256: 4248b397b4adee48f749f004b8233fd41eccef3a0417cb7655070a875ea0cf74
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\finish.png
image
MD5: 7afaf9e0e99fd80fa1023a77524f5587
SHA256: 760b70612bb9bd967c2d15a5133a50ccce8c0bd46a6464d76875298dcc45dea0
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\is-CTVVK.tmp
compressed
MD5: d53b3d3e404d193c3698f2833bfe386a
SHA256: f9057e98befe0939d1002a5a9806d79d932a25ab45cac44cf2424191000a3969
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod0
compressed
MD5: c0526c31262a1c5bcc1f0de4838a65e8
SHA256: 4248b397b4adee48f749f004b8233fd41eccef3a0417cb7655070a875ea0cf74
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: 41e20df63c2361487fe8bbbb4760632f
SHA256: 8fe1e55736c8469f2f507bad012805c16f3f037cb81efc13de4f23dff8bcadf8
3876
saBSI.exe
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00000057003F001D0006.txt
text
MD5: 8d917df97b0cb620dc928548fa95dab1
SHA256: 813da82a582b138d457b075ce329d6adc49603e10546bceb070b79e1246fc93c
3976
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: 1ba78c901bf35f9710be47ae2a6b3d25
SHA256: 7e96651546ae845fcfeb2a1b3149e6b9edb3198cfb4e6a8155c60951c1874585
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod0.zip
compressed
MD5: c0526c31262a1c5bcc1f0de4838a65e8
SHA256: 4248b397b4adee48f749f004b8233fd41eccef3a0417cb7655070a875ea0cf74
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\side-logo.png
image
MD5: e2d3022fb249af38288c47246bc60228
SHA256: 9a7462e436d86f26ae9c0808b30810b8d2fd25ceef7af24ff09a1af32e63e2a9
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\WebAdvisor.png
image
MD5: db6c259cd7b58f2f7a3cca0c38834d0e
SHA256: 494169cdd9c79eb4668378f770bfa55d4b140f23a682ff424441427dfab0ced2
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1.zip
compressed
MD5: d53b3d3e404d193c3698f2833bfe386a
SHA256: f9057e98befe0939d1002a5a9806d79d932a25ab45cac44cf2424191000a3969
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\error.png
image
MD5: ea1797cf79bea7c5d9946434edaf980e
SHA256: 9e1db37c2e72427064db09f39c1908053dcccb7385312d63d2f6e80ba8820aed
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\AVAST.png
image
MD5: 096ff7dbb7f5dfb71cf40fcd37a59fd6
SHA256: 6197d9ad63a37760e88b7ee53077faf94d0deeb9d8740428d2dc76a7242d7843
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\loader.gif
image
MD5: d35d95fc6bd8be33d3ce5da2630b90bd
SHA256: dfa608be394c8f6d19aff352185917720f04072ac0412a8cab1174fec4939c08
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\is-TF0DS.tmp
image
MD5: 096ff7dbb7f5dfb71cf40fcd37a59fd6
SHA256: 6197d9ad63a37760e88b7ee53077faf94d0deeb9d8740428d2dc76a7242d7843
2812
NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp
C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\is-K6MIG.tmp
image
MD5: db6c259cd7b58f2f7a3cca0c38834d0e
SHA256: 494169cdd9c79eb4668378f770bfa55d4b140f23a682ff424441427dfab0ced2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
24
TCP/UDP connections
41
DNS requests
72
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2068 cookie_mmm_irs_ppi_005_888_a.exe POST 200 142.250.74.206:80 http://www.google-analytics.com/collect US
text
image
shared
2068 cookie_mmm_irs_ppi_005_888_a.exe POST 204 5.62.40.204:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2068 cookie_mmm_irs_ppi_005_888_a.exe GET 200 92.123.225.75:80 http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe unknown
executable
whitelisted
3976 iexplore.exe GET 200 8.248.133.254:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3f2300641e196150 US
compressed
whitelisted
3976 iexplore.exe GET 200 65.9.62.120:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
shared
3976 iexplore.exe GET 200 13.225.84.49:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted
3976 iexplore.exe GET 200 99.86.3.68:80 http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D US
der
whitelisted
3976 iexplore.exe GET 200 13.225.84.107:80 http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAVrk7%2FJi6phKL%2BMGX55M%2Fw%3D US
der
whitelisted
3976 iexplore.exe GET 200 8.248.133.254:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?46cbad126f37d589 US
compressed
whitelisted
2068 cookie_mmm_irs_ppi_005_888_a.exe POST 200 142.250.74.206:80 http://www.google-analytics.com/collect US
text
image
shared
2068 cookie_mmm_irs_ppi_005_888_a.exe POST 204 5.62.40.204:80 http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi DE
text
––
––
whitelisted
2312 avast_free_antivirus_setup_online.exe GET 200 142.250.74.206:80 http://www.google-analytics.com/collect?aiid=mmm_irs_ppi_005_888_a&an=Free&av=21.11.6809&cd=stub-extended&cd3=Online&cid=8dcdf4d5-62b5-4349-88e6-d9504e816df8&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 US
image
shared
2956 instup.exe GET 200 2.22.22.171:80 http://r0965026.iavs9x.u.avast.com/iavs9x/servers.def.vpx unknown
binary
suspicious
2956 instup.exe GET 200 2.22.22.171:80 http://r9319236.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx unknown
binary
whitelisted
2956 instup.exe GET 200 2.22.22.171:80 http://r9319236.iavs9x.u.avast.com/iavs9x/avbugreport_ais-9c4.vpx unknown
binary
whitelisted
2956 instup.exe GET 200 2.22.22.171:80 http://r9319236.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-9c4.vpx unknown
binary
whitelisted
2716 iexplore.exe GET 200 93.184.220.29:80 http://crl3.digicert.com/Omniroot2025.crl US
der
shared
2956 instup.exe GET 200 2.22.22.171:80 http://r9319236.iavs9x.u.avast.com/iavs9x/offertool_ais-9c4.vpx unknown
binary
whitelisted
2956 instup.exe GET 200 2.22.22.171:80 http://r9319236.iavs9x.u.avast.com/iavs9x/sbr_x86_ais-9c4.vpx unknown
binary
whitelisted
2540 instup.exe GET 200 2.22.22.210:80 http://p9854759.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx unknown
binary
whitelisted
2540 instup.exe GET 200 2.22.22.115:80 http://d3176133.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx unknown
binary
suspicious
2540 instup.exe GET 200 2.22.22.115:80 http://d3176133.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-93.vpx unknown
binary
suspicious
2540 instup.exe GET 200 2.22.22.115:80 http://d3176133.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-22011299.vpx unknown
binary
suspicious
–– –– GET –– 2.22.22.115:80 http://d3176133.vps18tiny.u.avcdn.net/vps18tiny/jrog2-93.vpx unknown
––
––
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2812 NitroInjector V8 - Linkvertise Downloader_G7UYW-1.tmp 18.66.107.151:443 Massachusetts Institute of Technology US unknown
2068 cookie_mmm_irs_ppi_005_888_a.exe 142.250.74.206:80 Google Inc. US whitelisted
2068 cookie_mmm_irs_ppi_005_888_a.exe 5.62.40.204:80 AVAST Software s.r.o. DE malicious
3876 saBSI.exe 104.208.16.0:443 Microsoft Corporation US unknown
3876 saBSI.exe 2.21.141.212:443 Telia Company AB –– suspicious
2068 cookie_mmm_irs_ppi_005_888_a.exe 92.123.225.75:80 Akamai International B.V. –– whitelisted
3976 iexplore.exe 52.219.47.103:443 DE unknown
3976 iexplore.exe 65.9.62.120:80 AT&T Services, Inc. US unknown
3976 iexplore.exe 13.225.84.49:80 US whitelisted
3976 iexplore.exe 99.86.3.68:80 AT&T Services, Inc. US whitelisted
3976 iexplore.exe 13.225.84.107:80 US whitelisted
3976 iexplore.exe 8.248.133.254:80 Level 3 Communications, Inc. US malicious
2716 iexplore.exe 13.107.21.200:443 Microsoft Corporation US whitelisted
2312 avast_free_antivirus_setup_online.exe 5.62.40.204:443 AVAST Software s.r.o. DE malicious
2312 avast_free_antivirus_setup_online.exe 142.250.74.206:80 Google Inc. US whitelisted
2956 instup.exe 69.94.69.113:443 OLM, LLC US suspicious
–– –– 2.22.22.171:80 Akamai International B.V. –– whitelisted
2716 iexplore.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2956 instup.exe 2.22.22.171:80 Akamai International B.V. –– whitelisted
2540 instup.exe 2.22.22.210:80 Akamai International B.V. –– unknown
2540 instup.exe 2.22.22.115:80 Akamai International B.V. –– whitelisted
2540 instup.exe 69.94.69.113:443 OLM, LLC US suspicious
–– –– 5.62.38.32:443 AVAST Software s.r.o. NL unknown
–– –– 5.62.40.210:443 AVAST Software s.r.o. DE unknown
–– –– 5.62.40.213:443 AVAST Software s.r.o. DE unknown
–– –– 5.62.40.204:443 AVAST Software s.r.o. DE malicious
–– –– 2.22.22.115:80 Akamai International B.V. –– whitelisted

DNS requests

Domain IP Reputation
d17kz3i6hbr7d3.cloudfront.net 18.66.107.151
18.66.107.75
18.66.107.143
18.66.107.23
whitelisted
iavs9x.u.avast.com 92.123.225.75
92.123.225.26
whitelisted
cu1pehnswad01.servicebus.windows.net 104.208.16.0
unknown
www.google-analytics.com 142.250.74.206
shared
sadownload.mcafee.com 2.21.141.212
whitelisted
s3.eu-central-1.amazonaws.com 52.219.47.103
shared
ctldl.windowsupdate.com 8.248.133.254
67.27.159.254
8.241.121.254
67.26.137.254
67.27.157.126
whitelisted
o.ss2.us 65.9.62.120
65.9.62.53
65.9.62.115
65.9.62.74
143.204.101.123
143.204.101.195
143.204.101.177
143.204.101.99
shared
ocsp.rootg2.amazontrust.com 13.225.84.49
13.225.84.13
13.225.84.145
13.225.84.175
whitelisted
ocsp.rootca1.amazontrust.com 99.86.3.68
99.86.3.204
99.86.3.46
99.86.3.143
whitelisted
ocsp.sca1b.amazontrust.com 13.225.84.107
13.225.84.142
13.225.84.88
13.225.84.104
whitelisted
api.bing.com 13.107.5.80
whitelisted
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
ocsp.digicert.com 93.184.220.29
shared
shepherd.ff.avast.com 69.94.69.113
77.234.42.66
whitelisted
h4305360.iavs9x.u.avast.com 2.22.22.171
2.22.22.178
suspicious
g1928587.iavs9x.u.avast.com 2.22.22.171
2.22.22.178
whitelisted
r9319236.iavs9x.u.avast.com 2.22.22.178
2.22.22.171
whitelisted
r4427608.iavs9x.u.avast.com 2.22.22.178
2.22.22.171
whitelisted
s-iavs9x.avcdn.net 2.18.173.20
whitelisted
crl3.digicert.com 93.184.220.29
shared
p9854759.iavs9x.u.avast.com 2.22.22.217
2.22.22.210
whitelisted
r0965026.iavs9x.u.avast.com 2.22.22.217
2.22.22.210
2.22.22.171
2.22.22.178
suspicious
n4291289.iavs9x.u.avast.com 2.22.22.217
2.22.22.210
whitelisted
r6726306.iavs9x.u.avast.com 2.22.22.217
2.22.22.210
whitelisted
t1024579.iavs9x.u.avast.com 2.22.22.217
2.22.22.210
whitelisted
d3176133.vps18tiny.u.avcdn.net 2.22.22.115
2.22.22.171
suspicious
j0294597.vps18tiny.u.avcdn.net 2.22.22.115
2.22.22.171
malicious
s-vps18tiny.avcdn.net 2.18.173.20
whitelisted
p9854759.vps18tiny.u.avcdn.net 2.22.22.115
2.22.22.171
suspicious
n2833777.vps18tiny.u.avcdn.net 2.22.22.115
2.22.22.171
malicious
m0658849.vps18tiny.u.avcdn.net 2.22.22.115
2.22.22.171
suspicious
alpha-iqs.ff.avast.com 5.62.40.210
77.234.45.249
77.234.45.9
whitelisted
alpha-license-dealer.ff.avast.com 5.62.38.32
69.94.69.205
5.62.38.15
whitelisted
0.pool.ntp.org 104.156.229.103
202.118.1.130
130.60.204.10
185.103.216.7
malicious
v7event.stats.avast.com 5.62.40.204
5.62.40.211
5.62.40.213
whitelisted
2.pool.ntp.org 85.214.83.151
185.11.138.90
195.201.19.162
144.76.139.8
whitelisted
3.pool.ntp.org 45.11.105.123
62.101.228.30
46.165.252.57
50.205.244.112
whitelisted
1.pool.ntp.org 195.78.244.50
195.154.220.89
130.217.74.63
47.190.36.235
malicious

Threats

PID Process Class Message
2068 cookie_mmm_irs_ppi_005_888_a.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

Process Message
–– NotComDllGetInterface: DLL not found in install location, looking in current directory
–– NotComDllGetInterface: DLL not found in install location, looking in current directory
–– NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NotComDllGetInterface: DLL not found in install location, looking in current directory
–– NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-M5DU8.tmp\prod1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NCPrivateLoadAndValidateMPTDll: Looking in current directory
–– NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
–– NotComDllGetInterface: C:\Program Files\McAfee\Temp785408427\installer.exe loading C:\Program Files\McAfee\Temp785408427\mfeaaca.dll, WinVerifyTrust failed with 80092003