648b4ba0642d127e73217d9c54b7f1401bf39b28fa02b989dca2760a2b4ef153

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

watch.html
Size

747KB
MD5

6bb2d583f8cf1515275418c789c6b9eb
SHA1

92e2f6d7a894626a26caaf96b13f6f0e54f8f925
SHA256

648b4ba0642d127e73217d9c54b7f1401bf39b28fa02b989dca2760a2b4ef153
SHA512

9f7a9a0664b80fad61124adb7b3f3f00c4b583a2190d512230a2b15150b0b9bbd952251d37ba2e03f800d43d009bcc5e0f318df268cbeb2b1077ace3a2bd9ea4
SSDEEP

12288:3UsDOalcxWzd61/pcH/uTvQ31/NW1D/ll:Wyd8pcH/LNY

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

Processes:

avg_antivirus_free_setup.exeavg_antivirus_free_setup_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exesbr.exe

pid	process
2112	avg_antivirus_free_setup.exe
3272	avg_antivirus_free_setup_x64.exe
2228	instup.exe
3588	instup.exe
3952	aswOfferTool.exe
1420	aswOfferTool.exe
2660	aswOfferTool.exe
4348	aswOfferTool.exe
3516	aswOfferTool.exe
3628	aswOfferTool.exe
4156	aswOfferTool.exe
2456	aswOfferTool.exe
1932	sbr.exe

Loads dropped DLL 13 IoCs

Processes:

avg_antivirus_free_setup.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
2112	avg_antivirus_free_setup.exe
2228	instup.exe
2228	instup.exe
2228	instup.exe
2228	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
2660	aswOfferTool.exe
3516	aswOfferTool.exe
4156	aswOfferTool.exe
2456	aswOfferTool.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

instup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\AvRepair = "\"C:\\Program Files\\AVG\\Antivirus\\setup\\instup.exe\" /instop:repair /wait"	instup.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1063

Processes:

instup.exeavg_antivirus_free_setup_x64.exeinstup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

avg_antivirus_free_setup.exeavg_antivirus_free_setup_x64.exeinstup.exeinstup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Drops file in Program Files directory 22 IoCs

Processes:

instup.exe

description	ioc	process
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_bpc-7cc.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_dll_eng_x64-89a.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_protobuf_x64-7d2.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_tools_x64-8e2.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\jrog2-8e.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_avg_crt_x64-7da.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_avg_crt_x86-7da.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\Stats.ini	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_dll_eng-81a.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_res-8e2.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\Stats.ini.tmp	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_rescuedisk_x64-89a.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_core-8e2.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_core_x64-89a.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_openssl_x64-7e3.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_streamfilter_x64-8be.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_cleanup_x64-803.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_gamingmode-8e1.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_idp_x64-8d5.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_cmp_swhealth_x64-89a.vpx	instup.exe
File opened for modification	C:\Program Files\AVG\Antivirus\setup\ais_gen_tools-8e2.vpx	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

instup.exeinstup.exeavg_antivirus_free_setup_x64.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252137125429587"	chrome.exe

Modifies registry class 64 IoCs

Processes:

instup.exeinstup.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "65"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "59"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "30"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "96"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "29"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "82"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "47"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_gen_protobuf_x64-7d2.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_gen_protobuf_x64"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_core-8e2.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "40"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_cmp_swhealth_x64"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_cmp_rescuedisk_x64"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: aswOfferTool.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "48"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "5"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-cce.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "52"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "54"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_cmp_gamingmode"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "79"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "89"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "99"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_cmp_cleanup_x64"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_cmp_cleanup_x64-803.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_dll_eng"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "63"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "83"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "15"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "49"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "11"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "21"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "85"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "98"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "59"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "50"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_cmp_bpc-7cc.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: ais_cmp_bpc"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "39"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "45"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "4"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_dll_eng-81a.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "37"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "63"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_gen_tools-8e2.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "46"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "7"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "10"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "1"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "19"	instup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

chrome.exeavg_antivirus_free_setup_x64.exechrome.exeinstup.exe

pid	process
4936	chrome.exe
4936	chrome.exe
3272	avg_antivirus_free_setup_x64.exe
3272	avg_antivirus_free_setup_x64.exe
4764	chrome.exe
4764	chrome.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exeinstup.exe

pid	process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
3588	instup.exe
3588	instup.exe
3588	instup.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exeinstup.exe

pid	process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
3588	instup.exe
3588	instup.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

avg_antivirus_free_setup.exeavg_antivirus_free_setup_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exesbr.exe

pid	process
2112	avg_antivirus_free_setup.exe
3272	avg_antivirus_free_setup_x64.exe
2228	instup.exe
2228	instup.exe
3588	instup.exe
3588	instup.exe
3952	aswOfferTool.exe
1420	aswOfferTool.exe
2660	aswOfferTool.exe
4348	aswOfferTool.exe
3628	aswOfferTool.exe
2456	aswOfferTool.exe
3588	instup.exe
1932	sbr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4936 wrote to memory of 1404	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1404	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 1656	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 632	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 632	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe
PID 4936 wrote to memory of 4212	4936	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fae59758,0x7ff8fae59768,0x7ff8fae59778
2⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:2
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5268 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2820 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4792 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4516 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5932 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4680 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4600 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2816 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=836 --field-trial-handle=1812,i,17927025628973371300,7083426252778617414,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

C:\Users\Admin\Downloads\avg_antivirus_free_setup.exe
"C:\Users\Admin\Downloads\avg_antivirus_free_setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Windows\Temp\asw.abe33cf06375741a\avg_antivirus_free_setup_x64.exe
"C:\Windows\Temp\asw.abe33cf06375741a\avg_antivirus_free_setup_x64.exe" /cookie:mmm_bav_003_999_a7d_m:dlid_FREEGSR-HP /ga_clientid:0a6b9a21-3aa6-448d-83a8-79a196c58104 /edat_dir:C:\Windows\Temp\asw.abe33cf06375741a
2⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Windows\Temp\asw.970dea6a0ab5c6f9\instup.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.970dea6a0ab5c6f9 /edition:15 /prod:ais /guid:d4be03d7-b0b1-4a87-808e-586d7c1e0611 /ga_clientid:0a6b9a21-3aa6-448d-83a8-79a196c58104 /cookie:mmm_bav_003_999_a7d_m:dlid_FREEGSR-HP /ga_clientid:0a6b9a21-3aa6-448d-83a8-79a196c58104 /edat_dir:C:\Windows\Temp\asw.abe33cf06375741a
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\instup.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.970dea6a0ab5c6f9 /edition:15 /prod:ais /guid:d4be03d7-b0b1-4a87-808e-586d7c1e0611 /ga_clientid:0a6b9a21-3aa6-448d-83a8-79a196c58104 /cookie:mmm_bav_003_999_a7d_m:dlid_FREEGSR-HP /edat_dir:C:\Windows\Temp\asw.abe33cf06375741a /online_installer
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3588

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" -checkGToolbar -elevated
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3952

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" /check_secure_browser
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4348

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3516

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4156

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\sbr.exe
"C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\sbr.exe" 3588 "AVG Antivirus setup" "AVG Antivirus is being installed. Do not shut down your computer!"
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AVG\Antivirus\setup\Stats.ini
Filesize
2KB

MD5
c2a9ca587921c572d08afddbcef9f2c8

SHA1
b38d99cc75d6f75ddb0ede4eea12ed4fb7cc9de9

SHA256
b4a136f863f4d7d2dec6fe8a41581aa5100e1e1fde357eef08e625b3fce0466b

SHA512
d402507f197872acc5d118cb36abbd7af867200518ac8993381372728c96a66ddc9d50acae0b2783a5c1c70f27577d39747420806c84ea27eeb84eadff95c678

Download Submit
C:\Program Files\AVG\Antivirus\setup\Stats.ini.tmp
Filesize
2KB

MD5
a4cee2bfb8bfff329bd8067411b36345

SHA1
380c22215d2af143bcdfbd11a10e9b40b4d8fae0

SHA256
62b1c373011f17387b707289cb1fa369730f4222377c344fed98081e860db18a

SHA512
32bba47fa9359fbf9125d7eb12176032b9969df14b5b9a5d76965aad7910b1afde3f6417b47a5b8f189e269a402c432748f9f45dcf54acc8c6354f6ac4c38b1a

Download Submit
C:\Program Files\AVG\Antivirus\setup\ais_cmp_swhealth_x64-89a.vpx
Filesize
69KB

MD5
f8fe4c6b66c80bc22f1d7cfd9c3d0116

SHA1
23419a781465e6e72f4a359c2f8009c858d63c48

SHA256
ada8feb16c31cfd813aff54a5a95d07ed6d44c5ea297efc36720c2d52d482438

SHA512
e488a7eba922b2e420a4dc63aa35dcbac9b4bbb766a829c432660f1ccfec6d9c50e1868edb7285264377807d4762592453f290e74f8dea4c301e24e212573f2a

Download Submit
C:\Program Files\AVG\Antivirus\setup\ais_dll_eng-81a.vpx
Filesize
16KB

MD5
792e0ba55424f3e3a0cf2640be407d64

SHA1
f1c3a31f642162872425391c4e0fea87f85b0d2e

SHA256
4132dcbd59a5d10ac52b3de3695eeb973cecfd6b039bef2a8861143c76f74c8b

SHA512
cb95dd9a48e4a9d73e9cc3046578a73bb65d403325329a2cc8e58c2480f25f87ff1397e71008d2ce1896a11e0d5aab75273d95437be5b5671246584c61032f33

Download Submit
C:\Program Files\AVG\Antivirus\setup\ais_gen_streamfilter_x64-8be.vpx
Filesize
207KB

MD5
d1c8c6ec0b0d8d3d0b93d461947d50d0

SHA1
b4bcee82bd856bf9b800fd9f6912bde5c4252489

SHA256
38bf39f73aa4896aa296813d349191b32d7f15ceca8e36545faff9f740499856

SHA512
6907edecb92eee990c6cab568277ec37521d43b6bf2602ec848511f07dea939ef0f8180cbffea19f1972231f4bac0a7e801ca9cfec7e9459c32ae90a621f944b

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log
Filesize
2KB

MD5
ed57e730a7af3bd4738d5b852bc1f9fe

SHA1
f33f26f547cb8bc23a86a0947f8d98dccb7399cf

SHA256
006393ec861446de4e1298ccae5190de94a07835da3b7b9a7a7a9e2f1b841d62

SHA512
704f07dd9e5b4466af050ca23cd61fe0f3cec8cb3b5721f361a4d41faf6c5d88c85017085a34dd58ce72bd6f414d20cbcda90f1f089f9828eec0644a6d422bae

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log
Filesize
24KB

MD5
33a59fb9c2ec59a8abeabd68d6fc891d

SHA1
12aedad7afbf663d7ff0118898def7253ce4f94e

SHA256
1d1cade0e1e7e5c3e082c09294eb77ad498885ba4e7956747e6588d682433315

SHA512
7a7202474c441e0a93e177d6fd5c86206bb2d39cfb6f3833a92eaeb62790d6f830243709de9b051ca2589c27146ea32b3e2bf0ec3390495cfdc450fb9842233a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c55804cccd968bd8e47e47da3948b99f

SHA1
da2205fc1a7d22a4098719b497fee467ceaa7361

SHA256
7a6e24ca48208ef12bd0fbe3d4ac5c35c07a9ff49007c8553dd7b1484418eeab

SHA512
825cf26f0424ec1a76950f93092490f25505b0335a9083707c81d4e3ae22f5aa4ce0b78717e0d86c128e361d8a56d98d2604c6b69a2bf9e2974e4a890c1705a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\599ad10b-c1e9-4985-b66d-22b8b1c1b79f.tmp
Filesize
371B

MD5
9ad01b8dd4ce471d6ccf1943a6811d66

SHA1
8ebfe7ccd3a70fb336b180b0e976125c10bd1eda

SHA256
19da747176d3def1edf2bf42d50969d9057418c644da8e93d30be6b7a07b1c79

SHA512
36276b19b9da09bfa24bc85287a513a133c94f474cbd5e20360fc291fb287919581db490080834197f36ee5f0e734dd6b695fa3c2f64ca753c18b7b09bf45721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
8c3075ae8c263e68d414a94603040fc5

SHA1
0bd332f4fcf07360228063cef5d9a1a63a624a57

SHA256
56495989c281ccb2f1017b79e3b275684314334855bf76c36975939f0494132e

SHA512
8d8059a6ebfd7c5c911e2b277f197e1e957e4fca814cc41d77f2e5775006a3a127b6294acb8e0f99f2c83fac84669a4ee8e8543ae96bc9ad21aaa9ca9c892ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
4d722b201aca18b210dfa331e22cbf1b

SHA1
7f079e8bec043227cd8ad8cd43fc6072f626b433

SHA256
5385a158b6714fd83c0255ad8fa48a37c7ca014bbd54f0da8f01d8120cb12fc8

SHA512
75ae1785056afc7830839a0356219efee700d7cc2caa12302ba66a60dee0fe17c26023d736c41e0fea3f62e9451703153f7e93fbf43794bd3b3a26611f467b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
282ef2380778a7f5e62892080d01b1c2

SHA1
bcfab3ad0295f11b66d6e0103e76c1a78ba48205

SHA256
76b6812337ac25e6d71d593336c777a77f6717218a258440f1809e818343f9cb

SHA512
916abeaa2f149b9e1a847736991192c2f7cedc8eae0a44c971d929e839a63f3bec559dea20e585f1c4a1e27aecdd13e62a06c6186acdb34d2bb07c48c4bd630a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
1dc9d7fdd5b3211128b0bedc64e5eeb9

SHA1
76aea37396d64a9f0a0544f94119d7819706dc63

SHA256
0d87218e776912c90b7309b36c3c17897918424fafeb6dd7ca869e37e209092b

SHA512
69133ca2df47c990c7332e175e2b21d58873c61b82ac201259171583d9aef67ca749e8a006eec70410daca2434bebaac404cf82908701619605ac607dd16535c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
20562893c158d960872960ef08f1cfc8

SHA1
1e633ffb56442419f90827aa8c48e2ef6e4b86ca

SHA256
61ae7f5b8f1f09909b7ef981b1ed92c8bf0f43729ccf72f77cea2e1f6987a593

SHA512
36e9562f286f4bf3b612093948a5b3de4e85c4c547fe2b60dd6140bd8611cd73510c0f39e67f457b359778094398073ff1fa947a1ce21ddf4a8526e730301cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a70664dc65a4b092e95f07a3268bb0d6

SHA1
74ea7cda40e2c3ba324f7d8300ed681233c11c03

SHA256
d9de73cb2d14af69d7f256a81411aa90bcb1ab3a8577c56e4e6b2a14e1f35a59

SHA512
651ddc20a36a4e8e2df1162d3b06abc341ce7ccfe2ed1190d203c8734ac72ffbb041e44a6b387445b8d8938e333c254e1b0ba826dee38a33987d375801a59880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
44bb6001e53dd997d4edc042d1278d27

SHA1
3db9ae7f7308359d3a464ce544773323973cb427

SHA256
4cd3452b406ffa58a4667141fbb974379e906110d663e3effc5cc0c6560d1f53

SHA512
f39a2c56899536f9e71effb227f1839da7df548e75b15a2227b19cd5827d668d5574e36419845b7cf3c8a82a1724cabd131b5857e466195d915c598c4333e7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b8d74a76150c938edd13f2cd9a792934

SHA1
439bdea978b3febaf03f06d8b6e79dff71fbb43a

SHA256
d4afc218f1da4710912f07d88d3dbabb42f3cdcfc29e866146ebf407a23c885a

SHA512
d4dbb553e3f80b41eb47fac9ca9c3a168a9b579c19bcf1c375aced455bb9cab78b9b92c848e0f700e145329dc499d8fecf490f7ce2ecbab1c3916bc704383786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cd1a57145c6f4d48493f6f6913886cbf

SHA1
94e8d18bce146f6157e9940e3d3211aefc6763a8

SHA256
a9df89467307141286cfc9955e5e8619c1180c422a369682e2e13acc27ae47fd

SHA512
8ae1f41dd22eb7055c1bee3086bdc22d27b591de5f4a3b48cc9f097c2414480e77f4bc76aab0b936904d4884b8dc022c3fb48c30d43c36dfd5b918b51d6bbb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
46db316e72714a2890eea33a55d874c3

SHA1
a07e0c121ff7ad5e644250df777d6791df80de63

SHA256
cb9453d7e91c538155c027df640b82fabf9eeef5604155de8b3f3868212fe379

SHA512
c658697289f39d1d14a148c524feda65ac3d89f2b6500c09dd238d073b5a74e52e3bd834e7f7e326f230dcf92caccb72c1a621842a78831d73e78f6b5228a972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
38c2c973fd44dcbdd010f9b092ef9706

SHA1
8089efd50d323eaa65d6dc9e6d2e78a091ff073a

SHA256
f3cd66e364958c737bd9334eed8b4e289dd0ce1a48de7e2af6b0943081914eab

SHA512
0b1197bd7cecb95f179b656100f32358bb969913550be8890ab4de565ab5c5c35a4a0965cbcd326bb16325bca2363d3c6f8691e10a5c0cf72a61823d96b7cfd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
75c54ef650f10f6dd0c8821c2a4625c5

SHA1
ff8ada2456b8f29140b679ac2f62264b4f482f36

SHA256
b124a1b0534f213619f5f19ab0a236db97c2798ce38b4918ed2fd9c80f12a7ce

SHA512
e84070f786564c8317ac2f0f046fc64d333271fa31d713f7d24d4a6785c64df0daecd88f0a4fd30119ebb3560b2fa614c963b1315852461e3f0fb122434c1b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize
24B

MD5
9acc69a39612698a60cec73cc2d7874c

SHA1
29e5d3c1490b1bc931334206954167f267232cc0

SHA256
46c2ee6c1d27e3c971a0d77c449037879104f66756549145c08200364f95a3f4

SHA512
27663c88e3dd62cc6f31ba5c025d02b23954eb30d944373dd2600d4ab5652accc74cb36ac6905e72776f9b16b0add3b27e87fb1dab1ed5209611f6ead2ed26fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt~RFe56d5b4.TMP
Filesize
88B

MD5
7cbe1cf50c02a3ff7f5c83294d98539d

SHA1
02a0647530b6d35bc658a338c2e424b3e38c68ec

SHA256
ed0e6539ce9ec1bcd3044ef802ebc5be1e1af582017f75c6603b8d1d7447d750

SHA512
8ffd6399c39ddcae14dacd662cf9d96cdb0343b7eb9e5080f6535da7661ef56c98fa3deb17e50f27c1684702b9ef1e974bdd2e89cc922f1ba6d78f63ee37d9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
0cbaa41160a0d8472711d46a63b7e6d7

SHA1
caf5e8740dd96dde07521d89e88268aaa7eac66d

SHA256
cdd96901b09e888f6e86b6fae389b51614df2c5a33577453a3b5e66f1a7ef6e6

SHA512
8b3fd8c7ae9c7f8bf3b5635f266bfe01c5e135dfa24cbcb802fe1682269734f1eba25c0da601e36464f5a99e10d7ecec7d2cd9313ef10938538dccc57ac1c5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
e5c1e5a9518c7d1e63351ecdfa54045d

SHA1
00dbf38b84e3251c6e34763aa2f13e1093497deb

SHA256
d3308c83c622118131c3fca7fae293d87bc3cb01a164bed923a321a0c539bd85

SHA512
c0be66ca3094400e4b3340080f9cbf3e69ac691b2cd09c6e8a9c4c0b957e3d3e7b67d1917f43b02777d395aa4584d369b4c4b263807c08b9fd20578ce93aea13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
edc51407d15b85a68280d2e9e8431a69

SHA1
138b8429d1792f85a89f197f7d0f878cd85c3f72

SHA256
b3167920264155e60b8daf9c3d872f207b68b25c0227dd1883ab81f13a148dbb

SHA512
5f9573bc1f87472063d409af29269f0dd69f8dc414f8acc5fc2ec9694476c30e8583b2ffc69c2f9d19ee7fb4683a7c19065d183320645d8bee6df23d90259604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
e9dd3839feed36aaddad77558dc905f2

SHA1
4ef635f93bfaad7e694ed2c4ef6644a788f4f9ab

SHA256
2fe7652bc6d7dfe12d739e3faf5f0b795d962ad5cf51e78bd0c1f852a90e210b

SHA512
5dd63cbbaeb321c99be96cbd9aef7362fc52f9cb2f85f4f93637a6b475c606344da5993a32f31100e0a5d0c98e6247fbc3219ae844344cf9257731b29cb3257f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
ffaa2a8ffd0de152aa3abd01e5702f92

SHA1
ceafde072b311ebbdd755f1ec058bb6bd18f2b36

SHA256
1eb2dc89a6887116f83a6541b84265b5d72a54c6e4a1d84afd3bb8a3d3468a22

SHA512
c28e3439bc389020aec3e1403730b0406a7e19a4c1f2eab6200215a4c3afb534894b66eaa3f67c6cb44d63f8bace26c7d0065bf6cb5014c669e2ff89f04c6c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
4e7630fd82e5d4075437a943d48ec498

SHA1
7a4b93494ec2b3412fb5158b4a6214909f4ee464

SHA256
ceeb55fc562cbd08538451ee89d3c3816a83643582113f4c4b035f53f2c316bb

SHA512
53942566669af58b09a49fd2188fa6a39b1c76e528fcb022fe8d074de5292159af0654ae7e8e21a00e8ffff2967271e4acd580fe7236cce13beb9a9cd3d1d5bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57417d.TMP
Filesize
96KB

MD5
0a00f4b6d225bffe580a47dcfc4bc0a5

SHA1
a324e3c2625d286535c9ed08b705d40a3adc0e28

SHA256
e597dff47858eacb983926aa2be6308e8334f89a169369edebdfbe6900f67f33

SHA512
a1de17a997761b311a3ca359c469179da916ec027cbbbcc23406d01cae10694680f55806e42dcb03af212ea719b14a2ca4ccd4aa4610257786877923ad6eb811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\avg_antivirus_free_setup.exe
Filesize
228KB

MD5
509d8a33ad22b6cc01a918f7a10ea3ec

SHA1
eb51b151683c7478ba696c013eb741492018fa0b

SHA256
79f7559812387f1334d38873370f66e30688c2fa7a34ea2fc4452cfa5939fddd

SHA512
fdf7a82751dbe10a50408d164096c864feb674a8e06105aafc6b8b409326229760fc81eb76d13be56a3df0bbd6dedd51d5cdcef0b8338cc5c834803706dd7f85

Download Submit
C:\Users\Admin\Downloads\avg_antivirus_free_setup.exe
Filesize
228KB

MD5
509d8a33ad22b6cc01a918f7a10ea3ec

SHA1
eb51b151683c7478ba696c013eb741492018fa0b

SHA256
79f7559812387f1334d38873370f66e30688c2fa7a34ea2fc4452cfa5939fddd

SHA512
fdf7a82751dbe10a50408d164096c864feb674a8e06105aafc6b8b409326229760fc81eb76d13be56a3df0bbd6dedd51d5cdcef0b8338cc5c834803706dd7f85

Download Submit
C:\Users\Admin\Downloads\avg_antivirus_free_setup.exe
Filesize
228KB

MD5
509d8a33ad22b6cc01a918f7a10ea3ec

SHA1
eb51b151683c7478ba696c013eb741492018fa0b

SHA256
79f7559812387f1334d38873370f66e30688c2fa7a34ea2fc4452cfa5939fddd

SHA512
fdf7a82751dbe10a50408d164096c864feb674a8e06105aafc6b8b409326229760fc81eb76d13be56a3df0bbd6dedd51d5cdcef0b8338cc5c834803706dd7f85

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\HTMLayout.dll
Filesize
4.0MB

MD5
3ef9baf2b10b90c3ee4259096822b4b0

SHA1
0fe734a8caeca1f3d1c2e18efe3f3e79a2fb733d

SHA256
9aaa9eb7423cb39f35042769cb54197eee1f416d633af6c15c56a2dc64092f7e

SHA512
501e86b26ff142d5e40d52eeb6d17899f286e5fe0c17893898e1df620f0a18cf7c15803468a3e2dc5f15875b3d87048d9492c95f1090cd106d08c3bcf8d4a4a0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\HTMLayout.dll
Filesize
4.0MB

MD5
3ef9baf2b10b90c3ee4259096822b4b0

SHA1
0fe734a8caeca1f3d1c2e18efe3f3e79a2fb733d

SHA256
9aaa9eb7423cb39f35042769cb54197eee1f416d633af6c15c56a2dc64092f7e

SHA512
501e86b26ff142d5e40d52eeb6d17899f286e5fe0c17893898e1df620f0a18cf7c15803468a3e2dc5f15875b3d87048d9492c95f1090cd106d08c3bcf8d4a4a0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\HTMLayout.dll
Filesize
4.0MB

MD5
3ef9baf2b10b90c3ee4259096822b4b0

SHA1
0fe734a8caeca1f3d1c2e18efe3f3e79a2fb733d

SHA256
9aaa9eb7423cb39f35042769cb54197eee1f416d633af6c15c56a2dc64092f7e

SHA512
501e86b26ff142d5e40d52eeb6d17899f286e5fe0c17893898e1df620f0a18cf7c15803468a3e2dc5f15875b3d87048d9492c95f1090cd106d08c3bcf8d4a4a0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\HTMLayout.dll
Filesize
4.0MB

MD5
3ef9baf2b10b90c3ee4259096822b4b0

SHA1
0fe734a8caeca1f3d1c2e18efe3f3e79a2fb733d

SHA256
9aaa9eb7423cb39f35042769cb54197eee1f416d633af6c15c56a2dc64092f7e

SHA512
501e86b26ff142d5e40d52eeb6d17899f286e5fe0c17893898e1df620f0a18cf7c15803468a3e2dc5f15875b3d87048d9492c95f1090cd106d08c3bcf8d4a4a0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\Instup.dll
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\Instup.dll
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\Instup.exe
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\Instup.dll
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\instup.dll
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\instup.exe
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\New_17030cce\instup.exe
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\asw489812896deafca4.tmp
Filesize
19KB

MD5
b99348b3de5ef7dba7e8a5314a978420

SHA1
bcdbeffc5680369f406aeae473d7fc06af432828

SHA256
6dbe98a2117f2d33d80aed2131c7b1e4e14d9ad2d3ecbebabfe32f77435bc419

SHA512
d41ac0ebee8f123f80c7bbbf537bfe1240f51c0d4648773ed72fb3ca40ddce8f377ef0161b4290233fd1f34804bca4ee316609d7be55be1a8dfcf1bb9fadc6cc

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\aswf9290815613ad9e0.ini
Filesize
573B

MD5
3e0fcc77389c6a241fbc106b59fda238

SHA1
c56754b7e5eeff7fce0e05f26d4cb749d8eb6804

SHA256
ee95c4e3a7a16d256f406e2101a343eaecd1552290129b102102ebcd1ccd2975

SHA512
8723b8a2a689dd127e20f3237949bd7082cf7051638064fe7593c9efa433cc33a09671adde29ef245dc7cf434e670d90851409cf7d41caab7a94e011f84f8fd2

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\aswf9290815613ad9e0.tmp
Filesize
18KB

MD5
f73a56d7d731c7f6c596525e59c7e849

SHA1
02951f5564cd5330d874237468b87ed290fdf3aa

SHA256
a9b74675920c48a220681aba8f5ee93926e8db74f68eabbcc55d42671d024ad4

SHA512
257fc2c8051b2bc586740059dfb847c965ab1b0776d9d7cd77c74b141a8053104a0dbdb1cfe476507e2f55dfdabedfed2f611b4dd4218c3f04990575bcbcc225

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\avbugreport_x64_ais-cce.vpx
Filesize
4.8MB

MD5
1686c0b40fd7b907126387a145d49ffa

SHA1
afe58d5f2788e7e989b5bf45db1c7b22e69d32ac

SHA256
81bf1e048e84eb6ac43e8b7ec1cd9438077185b7c851c73eec897f1eb800f9ce

SHA512
75c53814490b228b0f5022d4840e81204ec165e445ca0fb489a8f71d5455aaee44fe390068e8073f1ef4aa219a0bbe1c9309fefbc3340d172c6286e87403d5ff

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\avdump_x64_ais-cce.vpx
Filesize
1.1MB

MD5
9ea513477fb6bb82b52c23bd172aa44a

SHA1
0b585365c2fe62693818bb533022378abe061c31

SHA256
6b5ddd3518c9d184dc18e7c8a4c49ff38cbe906f993b53030c90c7e8464e7c48

SHA512
694976d64dce75d913052b5c33dba8e3e293568702fff2a6c4f3d6ef940c5065f48701cfa5b4f25ad58fcbca61d7a781fe40b332c3ee181c725d8ec6ab1a7488

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\config.def
Filesize
17KB

MD5
91fbb0f038a9d44467a732f20b7b6108

SHA1
65c565831f843fabb0d87dad39883b66a04c91be

SHA256
63877a061a61a0d079ec86a2797d4209541ade2a587510ab5891736d6baf27a1

SHA512
d23fc28abac58ee985b839b27fa6244f9ff905e6f1cd660bb17555ec44413836da85fb78a41103992ebe2c3d28a5754d7b186246c2f43fc552695fb7660e1d81

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\instcont_x64_ais-cce.vpx
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\instcont_x64_ais-cce.vpx
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\instup.exe
Filesize
4.4MB

MD5
59f53988e8e064ba612865eafa5e3649

SHA1
bf4e963be8984432ae5893600b157a11ab83926b

SHA256
a3e0064be9988584234a039102f486f63eb5acaf3b45d5b885cbf1103455c1c3

SHA512
53cbdf0956d09e89fcd1b4e039352b55b2e00a7bc7f272c9315c1d254aa2fcebc51ef1e6452d4ca1222403d2b8f46977e66d766d6e9697db785e85b0035ea276

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\instup_x64_ais-cce.vpx
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\instup_x64_ais-cce.vpx
Filesize
21.2MB

MD5
75cec25a6d4a6a1c7112fd637142bfe9

SHA1
a4acf10e84eba0d8bf33bdd061dad918a06aec90

SHA256
a6f240abc5576475cf0b4d4e6ac7f153debbe2f24b6d29440f0991ca416e7cd5

SHA512
bf22d98ed44ef86b564cdb0c37894f09e6f7a2e8a7e45b4be61a8424b8230ceaafbfe1e2aaf3084e0d087858bd85a7c9a024a5f8cf07cfef0d52ad9a8dabe079

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\offertool_x64_ais-cce.vpx
Filesize
1.5MB

MD5
008735d3b86fb6769fb919566e83ab72

SHA1
5d8006b0f2762647b48e669f73b75e3dd99a779e

SHA256
2fcb636ff9808e89f6e589389712f18ec5494146d0c5debe0eb53cd66417db4c

SHA512
7dd8e669e8b39ea3650a8eaa635d779f400c3d8135f9d53800dce6d391f7d4b819319ca557d31b2f32571fc136f26ac6ef1673f6bfa7455314dac4b2dcf01b0a

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\part-jrog2-8e.vpx
Filesize
211B

MD5
37a6e8bb4980e2d9b7aa4d36035e1bf3

SHA1
4495de74de112a296fea4d43b5f6bcf0d4c9962c

SHA256
37e23897fc98961e6cdaf5eafe2b77ebc2ced228b13e0142c05086cb6666b036

SHA512
f01514fc75a16ee5d877dd66a1eabd860bbd7bb21ca335669d9fdd9e8daf119fffd86e5ef0eb4099d094cab08266b855a49473e4b79c24d6445c1d67aeb0ba17

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\part-prg_ais-17030cce.vpx
Filesize
72KB

MD5
4df6df65dc185d0849079fd44943864a

SHA1
7be5d6409bd4c7a05019f9b65c13beb453213827

SHA256
db87765712024a9fce094dfd7c4adea77aed3898a7037ac18a929b6d341dee54

SHA512
e1e6ab50f3ff5f48bf6addb1f8334be5dc870b40c8adce193003faa2698f81ec2b494ffa1cba47f2c7b1c266b6a5130deaef3f9587560a75295aca5386d540e2

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\part-setup_ais-17030cce.vpx
Filesize
4KB

MD5
3add5b98ca709524708d0097d7a8fa6e

SHA1
f99201a58fa6b4cda26c695931e82280e73bd7a5

SHA256
e371f30f6d1ebdf68ac2042279b8038fe61813840aceda3c64b517b16c0b6de8

SHA512
9a12b3f4411131757b703d527f6bc6d4ff61ce21ecd9515d141601757f708363b3cf2d3944d3a5cde1086d1a3728e8bdb4e00acf09c2ea9beea4e2fbc6832f71

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\part-vps_windows-23040405.vpx
Filesize
7KB

MD5
3b406b7f83a99a57f15a33d4d6480afb

SHA1
421af0d2d499bc04eb087ca900652692cbe1a9da

SHA256
fc84d3662eafae59550b9fbd78496d565bd6cf756360bbc95f970cb1117c3632

SHA512
9fd84399c2e7eda1b6f9bbd348bfa87fec67c44c9a8a17e814612e57613cd0864745b578ec83657f00ad7844536746fd53a63589e4d90860fabd15f0121d6196

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\prod-pgm.vpx
Filesize
571B

MD5
35a43c75f3f0923b9299a525927ffe34

SHA1
a9cc56053391b4aaf3dd40514adb77e1adf7878b

SHA256
c4f9f9fd409ba1ba63bf4ac129f045cb76ff6b0776d398df2d6ad7bc170509e2

SHA512
4691382e2da1288d95dd5a84b737d977a88d81d79d51c712e70cbe790b7e6c683bb7743caf9fbf628701fdb3d5726cda54eb1ffa5716353252cca1bf884470ae

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\prod-vps.vpx
Filesize
342B

MD5
8753a3f70b6179424dda5e7d80d6dbfd

SHA1
c9ee632f0bb5a99fb6c33191e9cf5e0b3740226d

SHA256
26f02ca69000d14c11d307e90f841934478082d2edb1b141049d919265152c05

SHA512
1d1741b4c43e799017aba5d86db1b168e05429a6f1b76d8e7dc7418120ccbdbf823597f9cea99caa6578e32bf675bda48bc3623e920923e5b94617375ad889aa

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\prod-vps.vpx
Filesize
340B

MD5
325811a142ccb99a1e001f391b7f0f42

SHA1
6d04dc690503fa0cca29f4945a00cff2dc625a43

SHA256
b9e7d19942404b847415fec400ef05d9c250476111ffa1d108acf984d9ac7298

SHA512
e98ffe49f132dff52bb5ce9cf504b7a9fda9b9ef8ca71cba2fe3656e7224470bb25b17f0ef4ee1b502407f14453f17828fee3b57e708f86ed785a959ace224f8

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\sbr_x64_ais-cce.vpx
Filesize
19KB

MD5
165aa699205262157d86c42b0e8042b3

SHA1
3052089a646689b083919539b9a5ddc06005a6dd

SHA256
637551e9aeefa6793ce6096328a2ace60734dc25dbc7a768eeace422fd18de4a

SHA512
6b55da99978f28074d6db51fb45e9ce1672b51273993573d24b332047e7b7034089b9a15e019549125cb70b5e125dbaf6188ada15c563ebd959bf60d31d2a597

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\servers.def
Filesize
27KB

MD5
eb822c058ff526b4692d129f3b1ee591

SHA1
5318e3f20051538d414633f23b32bc38ebadcea1

SHA256
e48a11f7f85abf74adb80e4b56b67a00794fa92beff35149e7c817dea89289bd

SHA512
60675448cc3223a41249c9958e69b6c2fb73d23156007de57f75348870dfb390fcc92144299687dabadcb2e051fcc1231b7fbe738b8782d4cd19e8efc7ded3aa

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\servers.def
Filesize
27KB

MD5
eb822c058ff526b4692d129f3b1ee591

SHA1
5318e3f20051538d414633f23b32bc38ebadcea1

SHA256
e48a11f7f85abf74adb80e4b56b67a00794fa92beff35149e7c817dea89289bd

SHA512
60675448cc3223a41249c9958e69b6c2fb73d23156007de57f75348870dfb390fcc92144299687dabadcb2e051fcc1231b7fbe738b8782d4cd19e8efc7ded3aa

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\servers.def.lkg
Filesize
27KB

MD5
eb822c058ff526b4692d129f3b1ee591

SHA1
5318e3f20051538d414633f23b32bc38ebadcea1

SHA256
e48a11f7f85abf74adb80e4b56b67a00794fa92beff35149e7c817dea89289bd

SHA512
60675448cc3223a41249c9958e69b6c2fb73d23156007de57f75348870dfb390fcc92144299687dabadcb2e051fcc1231b7fbe738b8782d4cd19e8efc7ded3aa

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\servers.def.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\servers.def.vpx
Filesize
1KB

MD5
659ac530d945b5924bdc36604e36d00b

SHA1
4e9e525ade03a10320384eea4808427b8cab48ee

SHA256
61bedf82d93848a4b2d2778db0cde553769a7b62e5a6e03c6820a9b66c436507

SHA512
76aed204e2bb9c133b06e2e357cda534930952192ea75002b8581e776ee93ee0de987cf2db1651d1ad746d1480643af551ec3c6279593a2ea6d4a2edfde06f1a

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\setgui_x64_ais-cce.vpx
Filesize
4.0MB

MD5
3ef9baf2b10b90c3ee4259096822b4b0

SHA1
0fe734a8caeca1f3d1c2e18efe3f3e79a2fb733d

SHA256
9aaa9eb7423cb39f35042769cb54197eee1f416d633af6c15c56a2dc64092f7e

SHA512
501e86b26ff142d5e40d52eeb6d17899f286e5fe0c17893898e1df620f0a18cf7c15803468a3e2dc5f15875b3d87048d9492c95f1090cd106d08c3bcf8d4a4a0

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\uat64.dll
Filesize
29KB

MD5
107cbfacf7185b27af4735cb28fc5a8b

SHA1
23a5a20c54978b86326762d354ae7916095a7f40

SHA256
391102df1ff4b469ea19e4d8557b1e7af3fafa39f109a661ba87d2a73d5148ae

SHA512
4a1b5a8533c57db8fe43f97b7ede0f5e4b1129af661d5c0b631fb7a75bdd9faacb1afe13b9415c34df9703d936087c5a0bdbed4a607f082102d7ce64367768b9

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\uat64.dll
Filesize
29KB

MD5
107cbfacf7185b27af4735cb28fc5a8b

SHA1
23a5a20c54978b86326762d354ae7916095a7f40

SHA256
391102df1ff4b469ea19e4d8557b1e7af3fafa39f109a661ba87d2a73d5148ae

SHA512
4a1b5a8533c57db8fe43f97b7ede0f5e4b1129af661d5c0b631fb7a75bdd9faacb1afe13b9415c34df9703d936087c5a0bdbed4a607f082102d7ce64367768b9

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\uat64.dll
Filesize
29KB

MD5
107cbfacf7185b27af4735cb28fc5a8b

SHA1
23a5a20c54978b86326762d354ae7916095a7f40

SHA256
391102df1ff4b469ea19e4d8557b1e7af3fafa39f109a661ba87d2a73d5148ae

SHA512
4a1b5a8533c57db8fe43f97b7ede0f5e4b1129af661d5c0b631fb7a75bdd9faacb1afe13b9415c34df9703d936087c5a0bdbed4a607f082102d7ce64367768b9

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\uat64.dll
Filesize
29KB

MD5
107cbfacf7185b27af4735cb28fc5a8b

SHA1
23a5a20c54978b86326762d354ae7916095a7f40

SHA256
391102df1ff4b469ea19e4d8557b1e7af3fafa39f109a661ba87d2a73d5148ae

SHA512
4a1b5a8533c57db8fe43f97b7ede0f5e4b1129af661d5c0b631fb7a75bdd9faacb1afe13b9415c34df9703d936087c5a0bdbed4a607f082102d7ce64367768b9

Download Submit
C:\Windows\Temp\asw.970dea6a0ab5c6f9\uat64.vpx
Filesize
16KB

MD5
9e56bf9c3f8c59f38a5e40bae63e8492

SHA1
da3d46c1579c10d3a585a929aaadfe9f8b755cbb

SHA256
0b5256ba085b4a567433a406e389de2033f5ffe1690ba1364f3e24ed9162bb41

SHA512
2c89a6f3750fa4818f8ca4777c63fc5887fac0a3d96aee3441eed1804ee09b5585b534a9e3b90d539b2db2e1081264bb00f17dc1852709f165e9cb43146c7b35

Download Submit
C:\Windows\Temp\asw.abe33cf06375741a\avg_antivirus_free_setup_x64.exe
Filesize
10.0MB

MD5
6644e2db4617389007485a9e9e5f5745

SHA1
d43b19c5283f8b57e4c8cdf9d381ef32a2e00ae1

SHA256
f897af7af68157fc46b8ceb194ea97e45a93a6b632a52cb470514eb33bf17c84

SHA512
331d1e9ab29a9b77c116106c5608112e52eefe691bac8d7be257f6549b1e85ff31fc695553b2ade8d3fba29f391d42a49e092e6398c3edd12c8d955c29d05d7f

Download Submit
C:\Windows\Temp\asw.abe33cf06375741a\avg_antivirus_free_setup_x64.exe
Filesize
10.0MB

MD5
6644e2db4617389007485a9e9e5f5745

SHA1
d43b19c5283f8b57e4c8cdf9d381ef32a2e00ae1

SHA256
f897af7af68157fc46b8ceb194ea97e45a93a6b632a52cb470514eb33bf17c84

SHA512
331d1e9ab29a9b77c116106c5608112e52eefe691bac8d7be257f6549b1e85ff31fc695553b2ade8d3fba29f391d42a49e092e6398c3edd12c8d955c29d05d7f

Download Submit
C:\Windows\Temp\asw.abe33cf06375741a\avg_antivirus_free_setup_x64.exe
Filesize
10.0MB

MD5
6644e2db4617389007485a9e9e5f5745

SHA1
d43b19c5283f8b57e4c8cdf9d381ef32a2e00ae1

SHA256
f897af7af68157fc46b8ceb194ea97e45a93a6b632a52cb470514eb33bf17c84

SHA512
331d1e9ab29a9b77c116106c5608112e52eefe691bac8d7be257f6549b1e85ff31fc695553b2ade8d3fba29f391d42a49e092e6398c3edd12c8d955c29d05d7f

Download Submit
C:\Windows\Temp\asw.abe33cf06375741a\ecoo.edat
Filesize
37B

MD5
c77d9e3dc9ad83da88814ad485b1c9c3

SHA1
c0b0f645f7c737e551b6580344d4fa72f05444f4

SHA256
970cecba5ce95915b45cb93dcb251c71fe723458f46440b2ef38417b3f2849a8

SHA512
8bd27f3e88f460e0925a18f9c22c4bb0bf5b9a1c6ac56864b145ceb8d36ce770652455adbeeb6150282febf41c3e666ceef648155606eaed2bfc066a802ae60f

Download Submit
\??\pipe\crashpad_4936_QBTDYOVCPVREFDZG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit