cobaltstrike | hxxps://is[.]gd/128mcy

Resubmissions

01-08-2023 07:50

230801-jpkh8sfd8s 9

01-08-2023 07:48

230801-jngqysfd61 6

01-08-2023 07:40

230801-jh1lwafd4w 10

Analysis

max time kernel
255s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/128mcy

Score

10^/10

cobaltstrike backdoor bootkit coreentity persistence spyware stealer trojan

Malware Config

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

CoreEntity .NET Packer 1 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

Processes:

resource	yara_rule
C:\Program Files\ReasonLabs\EPP\mc.dll	coreentity

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003
Downloads MZ/PE file

Executes dropped EXE 7 IoCs

Processes:

Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmpprod0.exesaBSI.exeavg_secure_browser_setup.exeg13puhcz.exeRAVEndPointProtection-installer.exesaBSI.exe

pid	process
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
5820	prod0.exe
1004	saBSI.exe
4968	avg_secure_browser_setup.exe
2372	g13puhcz.exe
5156	RAVEndPointProtection-installer.exe
6128	saBSI.exe

Loads dropped DLL 12 IoCs

Processes:

Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmpavg_secure_browser_setup.exeg13puhcz.exe

pid	process
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
2372	g13puhcz.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

96 api.ipify.org
100 api.ipify.org
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

avg_secure_browser_setup.exe

description ioc process

File opened for modification \??\PhysicalDrive0 avg_secure_browser_setup.exe

flow	ioc
96	api.ipify.org
100	api.ipify.org

description	ioc	process
File opened for modification	\??\PhysicalDrive0	avg_secure_browser_setup.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp	autoit_exe

Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exe

pid process

5788 sc.exe
2220 sc.exe
532 sc.exe
4284 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5788	sc.exe
2220	sc.exe
532	sc.exe
4284	sc.exe

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
7556	3776	WerFault.exe	ServiceHost.exe
5688	7864	WerFault.exe	ServiceHost.exe
6868	5836	WerFault.exe	ServiceHost.exe
5212	6972	WerFault.exe	ServiceHost.exe
7932	2352	WerFault.exe	ServiceHost.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

saBSI.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	saBSI.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 211 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

description	flow	ioc
HTTP User-Agent header	211	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exePrecision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmpsaBSI.exesaBSI.exeavg_secure_browser_setup.exe

pid	process
2704	msedge.exe
2704	msedge.exe
1388	msedge.exe
1388	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
6096	msedge.exe
6096	msedge.exe
5160	msedge.exe
5160	msedge.exe
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
1004	saBSI.exe
6128	saBSI.exe
6128	saBSI.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe
4968	avg_secure_browser_setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

prod0.exe

description pid process

Token: SeDebugPrivilege 5820 prod0.exe

description	pid	process
Token: SeDebugPrivilege	5820	prod0.exe

Suspicious use of FindShellTrayWindow 47 IoCs

Processes:

msedge.exePrecision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
3516	Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1388 wrote to memory of 316	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 316	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1188	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2704	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2704	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2908	1388	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/128mcy
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fd6c46f8,0x7ff9fd6c4708,0x7ff9fd6c4718
2⤵
PID:316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
2⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6548 /prefetch:8
2⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6960 /prefetch:2
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:7032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
2⤵
PID:7824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
2⤵
PID:7672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
2⤵
PID:7996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
2⤵
PID:6256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17994455705068993202,2328222311412752575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:6268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Temp1_Precision Targeting GUI - Linkvertise Downloader.zip\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Precision Targeting GUI - Linkvertise Downloader.zip\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.exe"
1⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\is-566VV.tmp\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-566VV.tmp\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp" /SL5="$302CC,10373288,1230848,C:\Users\Admin\AppData\Local\Temp\Temp1_Precision Targeting GUI - Linkvertise Downloader.zip\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3516

C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod0.exe
"C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod0.exe" -ip:"dui=f99eb88b-8818-423d-beb8-51f1b1c0c9e4&dit=20230801074213&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=a371&a=100&b=em&se=true" -vp:"dui=f99eb88b-8818-423d-beb8-51f1b1c0c9e4&dit=20230801074213&oc=ZB_RAV_Cross_Tri_NCB&p=a371&a=100&oip=26&ptl=7&dta=true" -dp:"dui=f99eb88b-8818-423d-beb8-51f1b1c0c9e4&dit=20230801074213&oc=ZB_RAV_Cross_Tri_NCB&p=a371&a=100" -i -v -d -se=true
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5820

C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe
"C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe" /silent
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2372

C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\RAVEndPointProtection-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe" /silent
5⤵
- Executes dropped EXE
PID:5156

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
6⤵
PID:2564

\??\c:\windows\system32\rundll32.exe
"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
6⤵
PID:7740

C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
7⤵
PID:7780

C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
8⤵
PID:6336

C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
6⤵
PID:6328

C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
6⤵
PID:6604

C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
6⤵
PID:5284

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
6⤵
PID:5996

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i
6⤵
PID:3760

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i
6⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\cyvcgmyh.exe
"C:\Users\Admin\AppData\Local\Temp\cyvcgmyh.exe" /silent
4⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\nsbF495.tmp\RAVVPN-installer.exe
"C:\Users\Admin\AppData\Local\Temp\nsbF495.tmp\RAVVPN-installer.exe" "C:\Users\Admin\AppData\Local\Temp\cyvcgmyh.exe" /silent
5⤵
PID:3524

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i
6⤵
PID:5752

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i
6⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1_extract\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1_extract\saBSI.exe" /affid 91088 PaidDistribution=true
3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1004

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.663 /no_self_update
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6128

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
5⤵
PID:2904

C:\Program Files\McAfee\Temp3838065702\installer.exe
"C:\Program Files\McAfee\Temp3838065702\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
6⤵
PID:5732

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
7⤵
PID:6012

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
8⤵
PID:5956

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
7⤵
PID:5844

C:\Windows\SYSTEM32\sc.exe
sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
7⤵
- Launches sc.exe
PID:5788

C:\Windows\SYSTEM32\sc.exe
sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
7⤵
- Launches sc.exe
PID:2220

C:\Windows\SYSTEM32\sc.exe
sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
7⤵
- Launches sc.exe
PID:532

C:\Windows\SYSTEM32\sc.exe
sc.exe start "McAfee WebAdvisor"
7⤵
- Launches sc.exe
PID:4284

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
7⤵
PID:2868

C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
8⤵
PID:3832

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2_extract\avg_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV5z36rhNLeKlHyXRUG5y9Shv1Ci5Qzb8DGWDdzWgFbkZhaVsAvLfwvTYw5rUUTtU4A2OZopMts5m /make-default
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:4968

C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\AVGBrowserUpdateSetup.exe
AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9227&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome --private-browsing"
4⤵
PID:220

C:\Program Files (x86)\GUM6160.tmp\AVGBrowserUpdate.exe
"C:\Program Files (x86)\GUM6160.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9227&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome --private-browsing"
5⤵
PID:4520

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
6⤵
PID:3748

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
6⤵
PID:5764

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
7⤵
PID:892

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
7⤵
PID:224

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
7⤵
PID:1984

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTU4Mi4zIiBzaGVsbF92ZXJzaW9uPSIxLjguMTU4Mi4zIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0ZFQkEyRjhFLUYzNkEtNEEyMC04OUUzLUFGQzlFODc4NEQzOX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntDMjM0OUZGQi05NjZDLTRGQjEtOTFGMC1CNTE1NDJFNDk0MTB9IiB1c2VyaWRfZGF0ZT0iMjAyMzA4MDEiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDgwMSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins4NkJGNzY0RC1BODExLTQ0RDEtOEYxOS00NzZFOUE4ODJBNzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNTgyLjMiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIyNyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTQxNyIvPjwvYXBwPjwvcmVxdWVzdD4
6⤵
PID:5440

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9227&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dmsedge --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{FEBA2F8E-F36A-4A20-89E3-AFC9E8784D39}" /silent
6⤵
PID:1988

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
AVGBrowser.exe --heartbeat --install --create-profile
4⤵
PID:2544

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=114.0.21608.200 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ea36ea00,0x7ff9ea36ea10,0x7ff9ea36ea20
5⤵
PID:6600

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2040 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:2
5⤵
PID:6152

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2384 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:6904

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2088 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:7452

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:8048

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3524 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:1
5⤵
PID:3068

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3548 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:1
5⤵
PID:1576

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3700 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:1
5⤵
PID:980

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4232 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:5508

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:3904

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\AVG Secure Browser.lnk"
5⤵
PID:6480

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=2052,i,7530763196246050965,542144549025142328,262144 /prefetch:8
5⤵
PID:5996

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
AVGBrowser.exe --silent-launch
4⤵
PID:5800

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=114.0.21608.200 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ebc7ea00,0x7ff9ebc7ea10,0x7ff9ebc7ea20
5⤵
PID:5492

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2052 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:2
5⤵
PID:5468

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2504 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:1992

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2176 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:4808

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:5280

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:6636

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:4832

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3896 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:4864

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:7876

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:8092

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:532

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:1252

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:2088

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:8116

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:6528

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:1824

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:3884

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:2084

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5500 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:440

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:6996

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:8016

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5884 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:7412

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6104 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:1
5⤵
PID:7076

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:8
5⤵
PID:3628

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6508 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:1
5⤵
PID:7376

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6668 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:1
5⤵
PID:6720

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6856 --field-trial-handle=2056,i,4922232053940362533,6526696399106478671,262144 /prefetch:1
5⤵
PID:7036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://s3.eu-central-1.amazonaws.com/adlocis.linkvertise.links/pastes/145268061.txt?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6L5L3NKTBHJ3YVHU/20230801/eu-central-1/s3/aws4_request&X-Amz-Date=20230801T074139Z&X-Amz-SignedHeaders=host&X-Amz-Expires=432000&X-Amz-Signature=7d056e66bb4dd2ff1c04fc07ee6c6295c4082894ae0074d16b4a317a0b11fea2
3⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9fd6c46f8,0x7ff9fd6c4708,0x7ff9fd6c4718
4⤵
PID:4760

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
PID:5812

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
PID:3904

C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\AVGBrowserInstaller.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=2 --default-search=yahoo.com --adblock-mode-default=2 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --private-browsing --system-level
2⤵
PID:7792

C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=2 --default-search=yahoo.com --adblock-mode-default=2 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=msedge --import-cookies --auto-launch-chrome --private-browsing --system-level
3⤵
PID:5964

C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=114.0.21608.200 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff7b9b87fa0,0x7ff7b9b87fb0,0x7ff7b9b87fc0
4⤵
PID:7400

C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\AVG\Browser\Temp\source5964_993323740\Safer-bin\master_preferences" --create-shortcuts=0 --install-level=1
4⤵
PID:7880

C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe
"C:\Program Files (x86)\AVG\Browser\Update\Install\{F56706CD-2F58-49E6-AE2F-7625D5A2034E}\CR_9E662.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=114.0.21608.200 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff7b9b87fa0,0x7ff7b9b87fb0,0x7ff7b9b87fc0
5⤵
PID:7912

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 taskbarpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
5⤵
PID:8112

C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
5⤵
PID:5564

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe"
2⤵
PID:4832

C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe"
2⤵
PID:6140

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:3776

C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
2⤵
PID:6188

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3776 -s 3088
2⤵
- Program crash
PID:7556

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 3776 -ip 3776
1⤵
PID:7492

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:7864

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7864 -s 2316
2⤵
- Program crash
PID:5688

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 7864 -ip 7864
1⤵
PID:2368

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:5836

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5836 -s 2148
2⤵
- Program crash
PID:6868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 5836 -ip 5836
1⤵
PID:996

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:6972

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6972 -s 2244
2⤵
- Program crash
PID:5212

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 6972 -ip 6972
1⤵
PID:6320

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:6492

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
1⤵
PID:5708

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
1⤵
PID:6484

\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
2⤵
PID:4816

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:2352

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2352 -s 2044
2⤵
- Program crash
PID:7932

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 484 -p 2352 -ip 2352
1⤵
PID:1632

C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe
"C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe"
1⤵
PID:5320

C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe
"C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe"
1⤵
PID:3228

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"
1⤵
PID:4368

C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe
"C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe"
1⤵
PID:1984

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"
1⤵
PID:7004

C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe
"C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\elevation_service.exe"
1⤵
PID:5920

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AVG\Browser\Application\114.0.21608.200\Installer\setup.exe
Filesize
4.7MB

MD5
4e169317e3e8e9579832090ba86ba937

SHA1
085d8f8378143af1b09f312cb19d2c91af4a92d1

SHA256
6361555684837e4c1d77a4889e4439408518d34665c0edea92a51515230946b9

SHA512
299827bed0e50c01630dce3a3e450b64d1ad1e627f10c5bbd35097ce800d04ea1f674b34f7e93fe6809a79b3198cea70cd92e1a0b8d9128cd3c64b6fe4a9ef28

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\npAvgBrowserUpdate3.dll
Filesize
506KB

MD5
c46c52976d49246aa050c868d7ecb412

SHA1
2257221d881d874f18f7f7e3cc966b79420672c9

SHA256
872cdd1cd854d0973be3f6e5d3f361b9d85c7ce035a380e5f313dd7eb26b43b6

SHA512
24801e16dbc32fd389583c62ab4157b25318e645fe2b911bf8b859a72a3c38c103e86ef514a7a9ce3da6dc76f1c076253930657aecb955d56b94593d24a26cb6

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\114.0.21608.200\AVGBrowserInstaller.exe
Filesize
102.0MB

MD5
b678d68317326a88932c01a76910b70a

SHA1
4732d51c44d143b22620facbcd8d3e398de5959c

SHA256
2fbdee14bde5a01e5a42134e8db617b6d589a9009eebae73945208b136da5f13

SHA512
94a36d98ee60a21594344a71047cf4ab950690bdbea7fd362e091781d57104a23b8a5757cd046dccf842fbed2172d30c359d49930266be7dbc7cd8d05c2aa6dc

Download Submit
C:\Program Files (x86)\GUM6160.tmp\@PaxHeader
Filesize
28B

MD5
144ad33b3c2d27ef0cabe9bf43d240d7

SHA1
d38d4d6279b33011668da269f9b85d30f89f85a3

SHA256
3a23c952e108cde90d86a955ac46078514827e4828a93ee69bc84b43fa05a807

SHA512
391641a671683fc904453740c0806b86adebf35eaee73142fd59f7f66e9e3e0a5a29fc70a378dced2c145c826350ba0db46e7623705a3476fdbc7b4f85f64a15

Download Submit
C:\Program Files (x86)\GUM6160.tmp\@PaxHeader
Filesize
28B

MD5
ead305855025012e33d7aa0dada60a18

SHA1
23ba01c8406321ac35f16946ea55c3efee1add0a

SHA256
f6f41a478589aec3a2346ccc43440a0ed1d8c340cc0c3c571a205bded8315703

SHA512
e9dfaf0678afbdd7bcf15cce3b4fe7cc7bd0d3bb692729527ac7ca2ad7a43fcc566ae12f27cd888da73ce9065beeb07e7f3a405a74ec8f3418de90af8011faae

Download Submit
C:\Program Files (x86)\GUM6160.tmp\@PaxHeader
Filesize
28B

MD5
10922eb267dbdcd3d62758c71fd315b7

SHA1
83438caba778fb4e6ef4f9053537d7c0b4d8fdf9

SHA256
47f1c3c59a24a8d14d87d08b7a0334c7970bf1a52c8283393436bce215d362be

SHA512
038beac0e419f75609712f75df7d17eb7e14c6142a44d41872d3145305fc9342f346ad5a23c7616f73bcc36aa828b0e39b2bac748b4c9a7756273ed640e76b02

Download Submit
C:\Program Files (x86)\GUM6160.tmp\@PaxHeader
Filesize
28B

MD5
10922eb267dbdcd3d62758c71fd315b7

SHA1
83438caba778fb4e6ef4f9053537d7c0b4d8fdf9

SHA256
47f1c3c59a24a8d14d87d08b7a0334c7970bf1a52c8283393436bce215d362be

SHA512
038beac0e419f75609712f75df7d17eb7e14c6142a44d41872d3145305fc9342f346ad5a23c7616f73bcc36aa828b0e39b2bac748b4c9a7756273ed640e76b02

Download Submit
C:\Program Files (x86)\GUM6160.tmp\@PaxHeader
Filesize
28B

MD5
855243266607acb4fc3986bff22af374

SHA1
8c64fa46b6c47265fe8137124ea1025416da0e5c

SHA256
34306a93380b84760aa4eff80c205b892706ec41d3ed1f481eed59022caf6331

SHA512
120912c0a8cd8b045247bbafe67cba8fc565e067453a298a7b2184e148842ac749f0ee885571db1e87cc4c75ca09a7083d0442eae1a9656663282e5713cea812

Download Submit
C:\Program Files (x86)\GUM6160.tmp\AVGBrowserUpdate.exe
Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
C:\Program Files (x86)\GUM6160.tmp\AVGBrowserUpdate.exe
Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
C:\Program Files (x86)\GUM6160.tmp\goopdate.dll
Filesize
1.4MB

MD5
0fb0c73e4ea6f96f77b6767c8a144c33

SHA1
cfe4a43b70b5e7fe07caac28b508830d273cf1ab

SHA256
a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f

SHA512
0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

Download Submit
C:\Program Files (x86)\GUM6160.tmp\goopdate.dll
Filesize
1.4MB

MD5
0fb0c73e4ea6f96f77b6767c8a144c33

SHA1
cfe4a43b70b5e7fe07caac28b508830d273cf1ab

SHA256
a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f

SHA512
0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

Download Submit
C:\Program Files (x86)\GUM6160.tmp\goopdateres_en.dll
Filesize
42KB

MD5
2d104154df1390915432d09a15494d1d

SHA1
c71ddbf257e3cc823436e470b16faf95256b104d

SHA256
8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c

SHA512
92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
Filesize
71KB

MD5
a7ea920d69e87e4368dd96bee21043c5

SHA1
55b77edfb64343a30c07c922db77b2dac8e07e6e

SHA256
431b6243620ed9174057d26ba97c46b3e0313d7b4fc9633a68cfdd45c0d8fa8a

SHA512
8f0064ee744ebc1dbacb504be13ef8d90d4d96fd90dfe1fce83e49b677d4d3a1df818a14e7a9948d1bd775345b91284e79d6df6e6d5d47e2331ee4fb695e1120

Download Submit
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
Filesize
570KB

MD5
0b582093d4107b08f1e6127ea10988b3

SHA1
87fb5950f7ce4e0f303925c04ee5a30f197c8d0b

SHA256
377728fdb8a2e4da502d84498cad2a14e4c66bf3667229b2af0e08e353a1aac2

SHA512
a130a9da99c9d3fe6a15c12dccb02f3afc38f3810d49b7310325048091e33273182c2302b694074c24941c476cf3f6c618576103b2e30844108954350b1f78a5

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
Filesize
323KB

MD5
4a674a9a3e6df14f70d951158924589e

SHA1
aadfb1cd2fbd62fd5fa12a8e3dbfa6ad5433423f

SHA256
33ee4594a498c35534d8b678d3679f0efe6b777fb1d476448daca4ba9c9887a2

SHA512
098b26165fea0841f29cdb5533cd7a36d4f6f2a5e63f57aebc9c1a7f5703a865d0f1a1f87709e726b0cf3dc37953b0ed204db73d6881318941055e8624dab889

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll
Filesize
1.1MB

MD5
44f00c71cf8c8cce28bf0b2385c1e8d8

SHA1
50ce7c51e5344ccc3a4595f238edbc29bc68ed81

SHA256
10226d905ab05e187b96c3042642ef1d0271ce5bbfa74b9089875fd18c2aab7c

SHA512
a9ff6c61630cbbc4a43d59519ca8d4bb9993cf6356b60b1c29456c3b618d1afad37a3f64596977036fad76f7e7d87de48f18a09e31bb9ecacb175e9762281215

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
Filesize
324KB

MD5
becd8e66c02ea19940abf9015e2088db

SHA1
e0e9b86a6a70d1b308e8f4b354bfa536e3bb637d

SHA256
0442afcd2b49b90aee2df568294630e688c1fdd17921dd97072caa344c903713

SHA512
62045e6044140d856cb114fc4316cbd2a10de69953df65a5aee43e8fdd92883f3102b15b4e824ed6e03eacb29d3a0439ff40a1776ef5836f93e6a1e04bbacebc

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.config
Filesize
5KB

MD5
4b76e89453807a6dafc1b9f8ae3ded3c

SHA1
de363faf90c7c96af47c5c2887cee4cb8bd041ce

SHA256
c58271daaaeb8eb73c37f585532be29a8588dd1f570db7fd119d8093157b6e7d

SHA512
05a857af1a46d411f837cea194e15489b2f2950c30fc34432a1f7f400950a733bf7d04625d065d74fd3f91e7f1a89d8a854ac0221e6cca8a78f1e047425d6604

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
Filesize
257B

MD5
2afb72ff4eb694325bc55e2b0b2d5592

SHA1
ba1d4f70eaa44ce0e1856b9b43487279286f76c9

SHA256
41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e

SHA512
5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
Filesize
660B

MD5
705ace5df076489bde34bd8f44c09901

SHA1
b867f35786f09405c324b6bf692e479ffecdfa9c

SHA256
f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950

SHA512
1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
Filesize
606B

MD5
43fbbd79c6a85b1dfb782c199ff1f0e7

SHA1
cad46a3de56cd064e32b79c07ced5abec6bc1543

SHA256
19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0

SHA512
79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
Filesize
2.2MB

MD5
3767f58edde1de4fbd627d8247143ec5

SHA1
98c60d089928dc9576c311cc7fd0ca3e68f52770

SHA256
f604e5072b4508fb534912703f7570745815a7c41132a8d1c05849c254d68606

SHA512
6a04219f0beb8e5d4854c94c1458c86dd701a14889ae38c25e2e9c7e1ebf8154c4aae3356bb3418269c2b75a5da72fc8aca6355869e9f7b7539236a532f6f65f

Download Submit
C:\Program Files\ReasonLabs\VPN\InstallerLib.dll
Filesize
297KB

MD5
11ee0e7a3291e294c04c9c32fe31b964

SHA1
23205f51352e061cd9e62396a2b5b422902db2a7

SHA256
83dc42d2dcc6e22718b36bd247e0631137f387bfc127f3c346740fb87494eec8

SHA512
f655f5e97c42cd67aeb4387554e6dc0bd3a72ceae5f05faba13d6b6db2561bf2854e0eff86c7a29201776e863bb9c3ccdd1d9f66923060fa057e802233509c05

Download Submit
C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll
Filesize
322KB

MD5
49b8602774497ca41549407c744f3c00

SHA1
7ebe35bd0bc816896ebf19065e80a846c8e5f0be

SHA256
8d6552f953688b749230fc99614982226fab31c42c9cfb645977dca9a6cd1dfd

SHA512
74702c8129a68ab056f760def049d3896777d07e9afe6069499ddda715ab9852088f081a0e48353dfffb27d6de5b147599a3c15dd90a16f8a83cbb1e72994266

Download Submit
C:\Program Files\ReasonLabs\VPN\rsEngine.config
Filesize
3KB

MD5
391b0541eccade16f2f287edf6409111

SHA1
023027e68e13546143892f284c7dab8e9a39907b

SHA256
2488b61d7576bf9a3c0712fe47b681986cedd5bc1559ae6e4745dd756e5819ad

SHA512
0a07472d1843738dd88a19e1f240d5643f87ef05109286f939271ad403a495807474c1b00051e182636078591241b3170f6e0c983a8ba2feb1f14d9dc4f8182a

Download Submit
C:\Program Files\ReasonLabs\VPN\rsJSON.dll
Filesize
216KB

MD5
df8d7a97dc83790390d9d7aa4e680633

SHA1
a4d9adf4bb7747c2bc5ca420a67b5dc06a2df5fa

SHA256
b6dcbff7700a5900c2e6aa46b0584c6f290faac82c373fba6fd574c157c381bc

SHA512
05b918baa972dd1889e5e67c329c6c8960854b60ccbdd623973b361452f52cefc7b0096079c6510aafea2495d59c106bf44f98d8efebf5b7827dbdf122a120ee

Download Submit
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog
Filesize
248B

MD5
5f2d345efb0c3d39c0fde00cf8c78b55

SHA1
12acf8cc19178ce63ac8628d07c4ff4046b2264c

SHA256
bf5f767443e238cf7c314eae04b4466fb7e19601780791dd649b960765432e97

SHA512
d44b5f9859f4f34123f376254c7ad3ba8e0716973d340d0826520b6f5d391e0b4d2773cc165ef82c385c3922d8e56d2599a75e5dc2b92c10dad9d970dce2a18b

Download Submit
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog
Filesize
633B

MD5
db3e60d6fe6416cd77607c8b156de86d

SHA1
47a2051fda09c6df7c393d1a13ee4804c7cf2477

SHA256
d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd

SHA512
aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

Download Submit
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallState
Filesize
7KB

MD5
362ce475f5d1e84641bad999c16727a0

SHA1
6b613c73acb58d259c6379bd820cca6f785cc812

SHA256
1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

SHA512
7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

Download Submit
C:\Program Files\ReasonLabs\VPN\ui\VPN.exe
Filesize
431KB

MD5
51768a1f40dbfe178dd62d8dfb1d0f7a

SHA1
69310d02290355d1fa9ee6de1dafc68f369651a8

SHA256
04d33a622e7d36972eb143b312138d434978f78acb6b5bbe9d631b2abe697f77

SHA512
18b2778dfbcec9f9451780ec8bf12487b5bd5ee8e73e2702ff26213dd3746c8aa9ad2dfbcfe8558ae66c4e7a3ccdcb97b604cf3507ea9ee5a4064e0516c3595c

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
Filesize
2KB

MD5
c4bf5d8f05cf917eb4914294f5539d0a

SHA1
ae9ada3695fc39f27fd27eeb067382f0fed1e931

SHA256
456d3f97d1ca7e14e11615f380eba3730288d04c0f8eb6175a499485c7b8fd51

SHA512
5b6c8ce0a9c3bcc353695128b2ee61755c02024b22d76ec30ace1ff6ca9827c10421d2691acd9dc382610b416e9087c307674b47b85a0fc83ca59ff353360e4c

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
Filesize
14KB

MD5
b89b2f2739c1cc9ff98b71099bf08ad1

SHA1
098096fd5cabc2cad91f5c538bba82e1bb744d8a

SHA256
e92548cee8a42cfb2bf27fedefa819efac29cecd9fa34ce22753695923beb85b

SHA512
95310366c57cea73d09467057e607203467852ce4ffd2d28573ce66183831d1c9c2fbeb6e2a85616d1fe202edff884d386f439fbeb6c46575855c22aeed26f8f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
1KB

MD5
031b9dbeeb0f6376513c0d7d929ac8c8

SHA1
35ca65226f3bc85be4ec148161b96d1b8427d249

SHA256
1b7f49abe705f197603efb11afab1bc6c084f4422469b66307aaec60199186d4

SHA512
9a4013a34ecb26224a718048c37631533476fed4d6536fa02796ab987038369fa9c913c8911af35f155e7f13007cced1b7028cfdb7435e56ccd386d6b4bbe4b5

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
2KB

MD5
aa43cbbd6dd58d97605b0f5f1c5b1c61

SHA1
a79005725dfc97422262a93f386e6e1c183baa91

SHA256
41674275128a5b67700d379f773c2891d980280b96ba7db34b1f242603515e4c

SHA512
233bdf1a09dad12b9d921e675cf59cb688a2d1c75ad752984eebcebcc1a828ddd2183a0e5031ac7491d1b4b430cc72d65ebf26de5a509d9577c4220c496035e2

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
4KB

MD5
a8296eea7876b883752c423edb05e109

SHA1
fa0a9fc9e7616a133b212c3fa8a6840362717ff0

SHA256
40bf3c8bc5fdaacfb83ee1450cfcc7c04af314b7a869ac6669197f76d1e652a7

SHA512
a5ee5642cec49f0c25c6b26f68c8f26e4e43b20315b010339543b292e336dd1491d99792387d84699687a0a819b0384ce1aa8ad78a204eb244c868e57a82dc9c

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
Filesize
4KB

MD5
a8296eea7876b883752c423edb05e109

SHA1
fa0a9fc9e7616a133b212c3fa8a6840362717ff0

SHA256
40bf3c8bc5fdaacfb83ee1450cfcc7c04af314b7a869ac6669197f76d1e652a7

SHA512
a5ee5642cec49f0c25c6b26f68c8f26e4e43b20315b010339543b292e336dd1491d99792387d84699687a0a819b0384ce1aa8ad78a204eb244c868e57a82dc9c

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
Filesize
3KB

MD5
eea127f59df33126a36dec1759740554

SHA1
6e6fac61ffd35beb6a89a73b1690fb048e0ed72f

SHA256
1cec2fc3fd80574f08852d13e2582ce8fd2fe233ae2efdd5066077fc3762af15

SHA512
42fe00932e12b16e950233296fff10210b4c2c48c04cf9bf62d89e94f26ad4b2ec18db8165dbb412fd35ffdeafb0e8fd2598d57effb08b95f5a485b31578ef5e

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
Filesize
3KB

MD5
eea127f59df33126a36dec1759740554

SHA1
6e6fac61ffd35beb6a89a73b1690fb048e0ed72f

SHA256
1cec2fc3fd80574f08852d13e2582ce8fd2fe233ae2efdd5066077fc3762af15

SHA512
42fe00932e12b16e950233296fff10210b4c2c48c04cf9bf62d89e94f26ad4b2ec18db8165dbb412fd35ffdeafb0e8fd2598d57effb08b95f5a485b31578ef5e

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
Filesize
5KB

MD5
527dbc95cace7c2c555da8787801f9f4

SHA1
f0429d81316eb6a3c5c608567664e60918213479

SHA256
4d25eb3c9c728a2f098575ae5af8c62ae64e7f547ea710dd7980d6c7766c748e

SHA512
3ef52913d3823f9b684b0e44ebed76721e682ee22d1925ebf5891438c22c8258911920fea79c3b8e59cc648ffc8b526975336fd4590454d05a78c70adc9db33f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
822B

MD5
0e9a598497952703f155d7b4319fd1a3

SHA1
9b17a2465ad9d579af31b2b58e597a1b666ed849

SHA256
2b065bdffd7d6b4f1c75f56ae7ea1c952456d9fc13252f5ef4313b4ea1e210a8

SHA512
e47055f8b807b0cbfdf8963cf6c9a3a09c479fbea12cb5fd28940c15c2504c70128804169705c1326149fa93080c5791bc86cd140bd2f36bdeb37edc9c27912b

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
1KB

MD5
2f7fe72a29e61a19ac4d9095e4108b68

SHA1
a1c41b88d6d3e998fe252fad03630e26b83afa8a

SHA256
2cff71a2dbfba260a0caa61fea5cad74e4e09598e18d9da11ee6eaa1f123cdbf

SHA512
472f49f5b1b7ec981778f7549dcdb379560f59e4099764a36445d0aaff074918e9256049c91c2e077acade0eeddd2d565e742e8e08499a9be3567521e37a7281

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
2KB

MD5
23aa2948b7c046e0c0d575cacc5ad929

SHA1
f64d52a8205eed17a88ab094114250bbba97b9f5

SHA256
064dadd0c98f63b41da92dc87a2ea1bef4d576b5f287a8f4dd5672ec2e068a19

SHA512
7de6a9bea01f2108e910f7c4b5a4dd566cf68d76c876661d012a38e0ac19b9d32ec62dcc5bff546e4181d3e4e0805ee6af1ee3ac9bf5057cb773825febbd4765

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
Filesize
4KB

MD5
732838e1ed55cdf60ce01477a8aea96e

SHA1
d1700751f506b36da99ccb4024b8d9a7ab8f2ac2

SHA256
0fd8a6c8bb65d50083290221f1537d61f849df1c7af68dc643e760b298311ff9

SHA512
2f75f96e14206563797e7ff278a3591dc5a3ad0d6a7cb6916f592bc40e636169bf30424fcaa50de7aaa85acf96114240361eba51f9d11ebbb119beeb73777352

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt
Filesize
302B

MD5
ba2d694ce7b752c66f2941bd4746f1ff

SHA1
6e53ffc1ebc2c782ed90247ad59cc8657cfb554a

SHA256
c693e9e82c58b5b73f005989601b682df1d975222f8b8314ea89035e8fbc56ef

SHA512
9759f4e31aa44f993e57034a93d9eb8f7601e6f9a424f90c77da5836be5a9f82fa013f07903f2ecd02600ac9537ac8cdc19489a34edf2002268533bfb266e9e8

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
Filesize
27.6MB

MD5
34b0cc5bd6e8121e1c00066d322c4a19

SHA1
4364a7e6de0f5b2da6f3dcb7ed6aab233c663911

SHA256
9b945202491208ee773718e857130399f756a9285448862858685abaad09851c

SHA512
c3d52c0d51784a8b235c95e9e4cada7d7fc9c080f2896a378221dcdb0fa65ee217ec44da90d6c94139aaa19201e51ac66ebbeee7c0ebbc74f9f098525dea687f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
Filesize
27.6MB

MD5
34b0cc5bd6e8121e1c00066d322c4a19

SHA1
4364a7e6de0f5b2da6f3dcb7ed6aab233c663911

SHA256
9b945202491208ee773718e857130399f756a9285448862858685abaad09851c

SHA512
c3d52c0d51784a8b235c95e9e4cada7d7fc9c080f2896a378221dcdb0fa65ee217ec44da90d6c94139aaa19201e51ac66ebbeee7c0ebbc74f9f098525dea687f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
Filesize
27.6MB

MD5
34b0cc5bd6e8121e1c00066d322c4a19

SHA1
4364a7e6de0f5b2da6f3dcb7ed6aab233c663911

SHA256
9b945202491208ee773718e857130399f756a9285448862858685abaad09851c

SHA512
c3d52c0d51784a8b235c95e9e4cada7d7fc9c080f2896a378221dcdb0fa65ee217ec44da90d6c94139aaa19201e51ac66ebbeee7c0ebbc74f9f098525dea687f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
Filesize
1.1MB

MD5
bb7cf61c4e671ff05649bda83b85fa3d

SHA1
db3fdeaf7132448d2a31a5899832a20973677f19

SHA256
9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534

SHA512
63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
Filesize
1.1MB

MD5
bb7cf61c4e671ff05649bda83b85fa3d

SHA1
db3fdeaf7132448d2a31a5899832a20973677f19

SHA256
9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534

SHA512
63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
Filesize
1.1MB

MD5
bb7cf61c4e671ff05649bda83b85fa3d

SHA1
db3fdeaf7132448d2a31a5899832a20973677f19

SHA256
9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534

SHA512
63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
Filesize
5.0MB

MD5
8c162ee2a744cf93ef4523eabd6d9bf0

SHA1
7ee498ce359fd196baa93fd53763d0e256d5d693

SHA256
77005f55ef89d008b6c26a9f068ab6a23510cd2175ef81cf8ba5f8731adcb693

SHA512
a16adb92c6e481b3e3fb3a2db4dabcaab8bdddd4a0b9e82308fd2ce965288f6209b8909c38106a30f41cb740ad129b086be4690d803232ab47ee989bffdc9e02

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
Filesize
2.9MB

MD5
d85160b022b5f32166985112f3aa86fb

SHA1
0663c0052754716d0bb18f57c20f9c8b027937ce

SHA256
482b66ef4e238698be1813c198bd52aee40e2ff3cba200df6da8fcaa03cbd17d

SHA512
cc2d6047013225a20fc4abcacfda5a435296c51e89e0e453845bbf9f640e8e896e8c39c4a804778d58835ff9a6b5722e8b4d346307fdb8e338f987284f54e98e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\51b2443e-3a54-4cf5-922c-1486bc62af2e.tmp
Filesize
169KB

MD5
af4279bfe0838ee460bda756579f1b65

SHA1
5801c6f2a9b1f41dec47d9cc88335a47cac1bea0

SHA256
34ac120fba1e4ba7c8de65264e9446e84b37053c01a280809950a0c47486330b

SHA512
67f3104b87371a58e7e72a42754c43dac33f12cf2afa1272d0bc0a7499d0d8d38f49d3b8303d6ce2a2b607c7755cd238d1ca38a66923fd8b3d8c6c541f8ce4d7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\_locales\en\messages.json
Filesize
118B

MD5
c01bda904507ad435bc35744985c4ef7

SHA1
2c298313661fef987782c54829d0f16dd8b129f2

SHA256
661505cb11e4b456a6eff122a081aa95e742b405de833106761a90193b2789ba

SHA512
52870e5b03ab7db71a9588e775b379bacfa34a4d6afa856d4b09902ceb86b8f92b5b610c4e6db164a13a8fa92241030bc110fc6688a612185902af6e24d1aa83

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\_metadata\verified_contents.json
Filesize
3KB

MD5
c7b3a1f1846e49de6851bc601264c87e

SHA1
9e251204f3e0bc8efc3d8e5fe3b039dd655ef174

SHA256
faf96c91765b65c8ec76c125c14fa30bf3b4eff42ec65dcf29663139aef168d8

SHA512
df4b2982cde1f34b38abcc843cceac903aeeb1624dd8a9696e5bbe69fbf5950416c85d65886b9c3b9b6ba16813b0ba026e61a8991ea08892fbc536124478c502

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\background.js
Filesize
93KB

MD5
d913419fea4c2e6df61c3551b02cc122

SHA1
af2ab852a80c2dda995faeed3bb3bbffc5f8956e

SHA256
5c2b615ccf4104637cabe644b4a5fab6684fb51d9ba7e7575003dbb6c4339212

SHA512
a954c79ecee3a505c418ac187bc0d37bb1f36b071904e4b84bb501bf77a9d4dafd5337e91b6537e42c688693cee7488ef5e9af98817dbba3ebc1bfd072e20a30

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\background.js.LICENSE.txt
Filesize
336B

MD5
275fe79abee3b697f1673c8bd9c58856

SHA1
cf2b1a01feb5dba1eadb49e8fe087675fe70a7fd

SHA256
d33efbdf4d309bfa4448199551371ff81d5f57661b781faf79d256554e038595

SHA512
f6c93cc7bb4d678fcd51ba4024371915d614621b0f526130ae0a51ac4711c8cacc8881282538674867c11b0e37c1f0cfb5a64bb047c92594e0a4d4c25b26a932

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\content.js
Filesize
590B

MD5
82279d316f0ba5a36b0efcb360a2745f

SHA1
d017a7174d4eea75f9328671d9b4d260ec70d467

SHA256
07deaeb33fcaef920d0ac408538e8983f35396e4f75c6a476207ce68a8ce3f29

SHA512
3083f3ed9343ec901985d57f72ca02f89ab4a55b92776ab9d97f913a6a1ed2b05d46bc6cc9b54ac033160469d0c5b700fdad553f3f7b9f10ccf0a7f870817ffc

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\icons\icon128.png
Filesize
2KB

MD5
8d2e9f24ccdc58f1e14c1dd7ccc87274

SHA1
0dd95be46b5ab54cc437a4193d52774554cda857

SHA256
b9d1842ea885c7431161806f39889967e9db9a7f6979c2ecd4da46ac344e6649

SHA512
ec26920e66ba87e62b2e5898a42c1376f4952063a3f0c2932d0c26d9f8a32300ddb5ba7cce26827636b8d6c7e04e901dce9d0c193fd796de744919ad82b0ca12

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\icons\icon16-active.png
Filesize
384B

MD5
7305121e28476f6b440fc21199bcc987

SHA1
d23ac11334ffe6ed2a4c068c88f48ed3056fba1d

SHA256
5887411ffe405d0036d5ae35f733dce33c58552933fa298cc78fb3466864464b

SHA512
ed7dbd8f1617b7d4c1b8b09939ce8e5b4be2271892dbe5ddf68b43b326a28d48ca6ca46c53dd81fd9f98065f2a61cff7fe22cd98ad4dc7b8c1cf0acfe4b4dee6

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\avast\icon.png
Filesize
3KB

MD5
94a73def8b7e2c9ca07b0d974acae57b

SHA1
5dc258192300325ade68e7ce5079006e7ade23f9

SHA256
a0ea771f573c37d239707dbe484aa1de5764f77581f6eabe4c856a01d84445a7

SHA512
b5c3bbf626987c3b7f80e534d889430235a7950a1d9e1df48d67b9e3d7d9824eadc6d7871d46e0ab4875edaca8c7dab7d5109b658d8ea0a98ccbef9e47b0174a

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\avast\icon.svg
Filesize
5KB

MD5
91a7c3ec0467f0e288f6afa178656bee

SHA1
e631f3800708f0ba1436200342726a3cb588f119

SHA256
88954d793a1c88f81a124b6cd9455bb7c99727ba49f99a437ae21aa1471dae92

SHA512
040cf05168ef32067205a34daa863720d698bf2aa8fc7a9243b5854de2080b51ed03164933ec67f5edd8d9a5ab7b4bad09551f100b5ddffbd164141ac8ad2a7f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\avg\icon.png
Filesize
3KB

MD5
06918658a5144d15920ce3089802bbdb

SHA1
58df1500c80c86c68f08499d636679cc13090021

SHA256
b2cfb79adc45a5587a0b187580a72fe778ac14c4c073bd624efee07de9c27785

SHA512
e5da10ec6ad6161b9757fdc37572c405283512ae14b8cb431358d72da295fdd3cb2ebcd0e5ba414dbd84bf12aec5eb229ea8111f0509f9d008cb5098f9605953

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\avg\icon.svg
Filesize
5KB

MD5
44b895cde80fde31846a76eb84925017

SHA1
0a7bab1bc7f7c05e53e78ccc0000cbd0ec763689

SHA256
98f371676bb73135c55eb5e40262bbfeadefc717d0bf175b8da627136bf07164

SHA512
009db3c97f0112966efc9f17ec3e66c74c4ce9eaaa404a5c356c3e201d2d5e7ae62225423f176cbb1c826d13abe7b589a43e40b461b7deb3a5a4a6ec0de7b5a8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\ccleaner\icon.png
Filesize
4KB

MD5
e173f076151ecaa315777a1cdc6394c5

SHA1
0c3423744ac9c011d4f40b9e416bf9bd0748c753

SHA256
ee060039ee5d705cad81a871f1678864a801f91a2e800f93985eb00a0d23a16c

SHA512
069f004e642256f07dc078164dfd02912639d803aff32337080b4e78fb71e84965a1c01ab16357bda0eab50b1382aeebc172c2fad9d11b68028d055ba9e40bfc

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\ccleaner\icon.svg
Filesize
9KB

MD5
53d3147175fffe2d71eed5db7ab21138

SHA1
4f3c397950706342b86506e33229fad0592747bc

SHA256
fd9001d35b016899e7b80302ce3f754508390a5d5775a337aeee12d0cb1a919a

SHA512
4b0160e80c258e43cd9087380876ec7815d30dff1954dcf2662ef2a4085dfe564fe7b998044832afac26c902fe5f744fd7507ddda7ddc37be956a25265de23b3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\norton\icon.png
Filesize
3KB

MD5
75e461d8925e8468b3994dc838bfb68d

SHA1
40a05fdacfcc9f153cd3df62a95c75fe148fc0fe

SHA256
fef31cd788c1845647cb739db304cb65fa21129a93500f51d8865ce52f75a0d3

SHA512
880c83b8414bd441d20d61360b7018b4f6fcb68c2affd8b1e32b1d9317e86dda8f9eba925df31b552011d5158eee2f30970756b26b2e77f3cb91ae35c8c37cc0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\img\logos\norton\icon.svg
Filesize
6KB

MD5
2ee58c8732aea4203ecb92e16e5ac68c

SHA1
f8cff9d53e57833e10ad2cb2489fb75a57ea7003

SHA256
cbd20bdea1a73d4cc506fbafb729d201d01fa08f1884f4495289672f34f398c8

SHA512
f6deeb2e330be99e4d5ac63625f7b7f2a052ef2f778c99657714245e9b2ad912dae5029e8dfcd5affc13bc4c892d4ea508db471f009d6c550030c477ee98d87d

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\manifest.json
Filesize
1KB

MD5
7b8640404d0ebccfda82e700b0de356a

SHA1
98acc8cd31ddf6218211f3d7f5ee2bd5d8b57140

SHA256
d8dc7982cfc4ea617ed326181b0eb60ae82778b12d4f2ac546fd394badf1e30d

SHA512
1ff978c0605820f93d4e7e9f089599a169ba18868f447a57114902955f8369db377bd4e67cac7a2d96ed7bba8e8a798f4c997a152a5a47ac81feeb5758424865

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\popup.html
Filesize
210B

MD5
533e314c6b3d2d31a1d89f8885c80983

SHA1
64605122a9279193b2465d88dede450471935779

SHA256
98050462e9480795ab7e63cc3f097a4bf6b8292e1fb27eaadfb0e4ca6e7adbd0

SHA512
1696447537d7f0370a7a1c296e59f709021ddf0eacba62de33c9fb794309aab1eaee3a5c9534a26c0a10d6f7ecf81a707c932346fc90c8c147e905c5bd560f77

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\popup.js
Filesize
7KB

MD5
064c23ff02beb11fa3b94e12406241d7

SHA1
0ddad5b7bad977697001f21cb54fd976e0dddb4f

SHA256
9a8bebd2f119e3b079d8b5f2edc2fe66938204acf74b655afae23be626943701

SHA512
6ff94b042242e21c0b852aab11f21d361962a249ace7e1d1074a651589b740460a6bf4f0ae859fd17024860a1e747815b672875d3ece722dbb38d1722f944cbc

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir5800_1042327886\CRX_INSTALL\webstore.js
Filesize
428B

MD5
ff713828113f6377533d41a36bff5ebd

SHA1
7157c2333be0a6df2db2dc0c25d36738acc823f4

SHA256
60657bad3b62a195d588178203e25df302ecdb8b51fcc49cc4f628aed8998dfb

SHA512
b55bd6b59b57003785db6a8f7e0f46b2ff4db619b4ea143c09f1e456ff1c5efffa46226984849cd8da98f48c06a79a4d00edccba3b7e1d4423e448f1be001113

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences
Filesize
17KB

MD5
9c88a854691e23b1afc3388d40ddb861

SHA1
8d9836ad85a368c1ace144349c486d0a3b607cde

SHA256
5d84b2a21823cd7c9ff285dd035a50778ea4ff0575eec04675f060f8b2cfc87a

SHA512
e859504249597329d3a2df644ed659448343ea7a1f7b7751ef22ac6af95869c66e84ad290fe5a06c7d32641a88909a367c094ba5f8349faf428ff7b0a94915f8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences
Filesize
15KB

MD5
a18e669ace1c37b9fda25d6b245648c4

SHA1
4a93e81dd32c5d445d35c00fc94a579efa11345d

SHA256
558bff02be961815ba6dca49765d55e5655b5dfef9c94d995d3f2d326a4abac4

SHA512
bc9cd3fd5f477923881f4321686c8c4636656bc43b13193f6adda55337c36b92cec2aae1d1d2452ace16b856d9b0ba5ee4a9a8c67008bc80a5f3d3bbb1e893cd

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences~RFe5b0982.TMP
Filesize
4KB

MD5
27a655af6b0fa614c73fbcfb9e3c4c81

SHA1
60708ef9eb07cf7ce913dbf8fa51c1eafaaec325

SHA256
7023a888c478e79ef4b50f4ae3e34f3df8dfcab5a0a67c52e5d95703b6592352

SHA512
a663dd5eb40014b3c89faf2ff3c9efe4235311dd0b93d99ac9e19de67e13fc9782a0ecc59be279f94ccd1125168276fa9ec90173fa1ea640ea3fb006533e6d5a

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences
Filesize
18KB

MD5
ca5ca44ed0f6f317efb0abe3fe30cc5f

SHA1
df02b0bd7af704fcfef6362880f8bcf259e2b041

SHA256
7ffcbaedf8fecf4d95b7df2dc9e35033762003f795c3f62168e1a5d09d1217bc

SHA512
6314c840b44a61fcd80ede942372e216e8549028c129cf7b086e9c98d96002b2391c0b767f9a4ca1ba7c1317943214d6ce52600ef224fded390b5c80ce1050b7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\dec536a4-4d90-408e-b087-613520220706.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State
Filesize
3KB

MD5
dc5a74c6db94865dde527dd8c00786a7

SHA1
2ccedf2169619d0b83af3fdb4c7a50cbbfab4054

SHA256
c2992c067f7a0ec134d5e52e7af0d4b16a560d5f916c5e3792b37538efd2bb54

SHA512
3faff5f42c2687f33208a3fe1a491365ba8e8f5e7aa551340068a24899797a4c2aa51f260f4792463a8f760a45a5ab0adaccce87b4f1fbda04bdfe7ef86523af

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State
Filesize
5KB

MD5
1b1a2a344137ae317353bcffebb45058

SHA1
fe8b4faf30a6060f64b506b0f01d9203df24de2f

SHA256
254081a01f15f9a0af50e39d0905a52fa627871c9f23ef29f69df2932ad7b822

SHA512
5337c85c53cefaa20c30d6f95bf1cf25dd1a38003c5050d92cf1c7882673506a7a8d24fb6826d9fecc79c9c0d8d842ff436446bd49688461251e129941dc73b6

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State~RFe5b0953.TMP
Filesize
1KB

MD5
9c7ae65cee2729e16ce493b5b863638e

SHA1
14682c8b21441e8699545c963d55917d185bc1c6

SHA256
6cfb3282e74ae0289b164ff99ca5d61dffcb4079aa3a68155fba65f99572a125

SHA512
0b095247021985504bf846ae420a6485a3711a10c07e55958038c9950bb1bfe6eb3cba35c927a593e6eb109f7800bb1006ad7e5d9667a9631ea40505cf9ac029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
Filesize
24KB

MD5
a42c6333a13e5376af95f46fd9c7b627

SHA1
57a98e519a44915e39a0cb6f23812adfa6611e67

SHA256
62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b

SHA512
68e511708465c75662845c55169de20572adfb359e1f4fd037c169bda44d853fdc622794912406b1908b585c3965d4a8612c007af9ca2601dacd4a14283fc894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068
Filesize
72KB

MD5
a3ddb2e2c1b2070fd933c168777f235d

SHA1
fb32d78ef07b3fd9e8780d104367a6e13e0ffa06

SHA256
f05a009e65932524b947627f0da1f349d1aaa858ca85eb2c26afc6f6fe019c54

SHA512
9ff252e6456258e3f6dd0be0b5e43691f24bcb4216ba58d0491c26cdb7fe88166e2b9bdf4585510937e87256dd661f32294fe89e5b457988379609ac83d10805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
Filesize
98KB

MD5
dffd9354b07b4b6fb78ef061376e5fd5

SHA1
6f80c3fe9c1ad984eb9bf588a4ebf005255a0643

SHA256
74d7e2196ace54d5845d6f2d3022ee1eaa635a067ad5974f68bf2554630ebca4

SHA512
f73c4cd76fdf5365c07d3d3092eb51dc35dcab011f3664ec4ed2b424d1110d06b0ad89761542e7d97b78cbbf5f9613d2d16e2b39375d5ffb4a86f247c6ab0c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7084322d8951f2585fb65bc55e9dbc09

SHA1
463e4e41b743eedc322a7c21d204f767008fa2a7

SHA256
ecc33ee1f3055a88c11aca6dad67ea16053864f33c4760be689ecc0dc2af89f1

SHA512
f24b209ac4cb928d9e3083159db37d621dc7799318f42f62e9686f23e9c0d20a8eb2f0e12c32ada7604fbc1659d38066e5439613655fc77a875f31b7e65e9bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
946fa72b9de6113b1a0ad6cefd49746c

SHA1
42b4fa053aeabf18a38ec48a0f17e39e92502e93

SHA256
e209ffda1727b0877493da412017b2c8027160aa10994c4b3930f9eaa0552bca

SHA512
c7c36dcec9f3180b3305a5e1092e308289bd1f58cecf727624d561bfad0a812fff5656492a8a043d2e3c082b4dc8e94340d776420f20989d86c62c1ecb25e452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
459f1dc4262aa4e60595a42bef373343

SHA1
319f159581afe786401ce1ebd2caf840aed19fcf

SHA256
91099770fe73baffa2d0d85cc037ac2444aaca39994b8ded07b686ad9e9242c6

SHA512
475b0e7c3587214ae0e8106af587b7041c775078e9362e9a9907899a62b25ab16dbf7ea5a6d02d502b621e7f31a758244d6a87104a25febccadb5bbde46101be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
f9f8b6a9c6c73157eaa483acb33f22a0

SHA1
ae2d21809a0865b3dbef3ff12157b87b88e19a4f

SHA256
c94e5c20857e4d7bbb6c2233dc73770f5aaae0abb5b7c253167d18c63057db8e

SHA512
27dd2c9d757ea750ea59224dbc4a794908ec4e6af9daf235fcf8b684e5642e343e444d42acb8fff7840e0436c89c29d19c87dc48c9dcd37adef60f59fec2d6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
eb9e72d62e75ac747196e854f69bfd6f

SHA1
f18a097fde6408206e8f1e7130c0407602d38665

SHA256
4865a51d9f2da0264afe08c1bbff6a701cb12d0afcf85f0bbc668c1ac9408308

SHA512
ce0c18b704751b38eab47f90711551897069b0afea54d1f240de593a3f9fa475d831e8961b4600c66e0faf09c9560921b393e4bfc5164de3b52f9c63331dd68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
5cde0915bfb8780ae9480aa69b9e0357

SHA1
e6e7d78d5ab923d406aadb370f626137f0af1ae8

SHA256
c25a854be80b11d1a297f6cefc5401d47d2159b44c435d391184390919600baf

SHA512
2df72384491c360f06f9677af767534777d1947a43f03d041126e46736d6533670b3b9dfd911406802e1189d7d9380c4840117679513346c6d97b89286acbcb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
379798edfb536f63587eb529ac1ffc98

SHA1
6be38e931d7b83444cc97a5ce0f6c1c3e7e533e4

SHA256
36de9f120aa3aa4aa26fbc3574a68dfafaef2539278ff20ff87dea679f872834

SHA512
c081916e7cee20e759e1e4578635702cea3cceebffb60955b784b42dc542498abe84e54a08725f546cb03fa6dd5c2a5c993ba65fd9ee00a002f13154a8409d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e3fd1d47713e95e659692284ec67e942

SHA1
b8cbc0999bdaa21db2d19217e377ae1b70e1e786

SHA256
647d3c693f04a441727d4d9438016d8c09ff154a3dd3994be572ead45bf52ce3

SHA512
ccf54198d5fa2c9d9e1ce7516a0d8553a811ec44cb3dd2a20c2cbf192f191778afdcd5f3aedb56d473a78d6b56f54552cb9ba5ad4bbd10c49e479db1ef176f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
abfcda1cea309f0a68c435dfe94b2d5a

SHA1
74f7e5f4ad4113e73b33b00dd50a0d5d02a92b62

SHA256
a772a55c4f0cee70cedceb3e89d9cee4a05d097334280be2456eeac080b09e61

SHA512
f497696df13d0c301b6ba8c66c2625994261e5439c60e0eaa9329bb831728e328b11395607928e6676505ec17b768ac03cd296c4ad1252194cd0d415c1faa6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
f63a1086c8daec2299dc03c861953481

SHA1
a155869cc73092cc05131cea83a13e41d5aa4dff

SHA256
600fcaeadad2f6afb52dcac252ef5500ec39adfaaf4017fea483466241e45f9b

SHA512
c358c26e81a0418351a4b03c1dfb6e06ccf9cfae7d78a5ccb68522712a8ea59544434fb8bf494c8222268310535cfd1e2bc9c73aa36f369d00d27ab01102e735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
3677fb85db50aea64b5072e13eec58b9

SHA1
b78a2dbb1133b04094e5d34988977f7249eafc91

SHA256
9d23e5e9ac698652f6ca69d1ba8ef2d9e3cc5eb65c493ea6291e18caf92dba9e

SHA512
43aac49ed7047abcefe0e27547d37444e28a65c9c17984e8960b878831c7b5760d5b663c79ac3f5c641044bb1893d045a49a5a563bcdc3fe4c854270b08dab2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
46743301451bb006ddc05bc6398eb484

SHA1
084f080291f476370cf7f99a45598a9f2c3753fa

SHA256
73c381832c4b091b586c26803341cb94c46c0e4c491079c1a2f00b4de7750785

SHA512
cabba5306da79eb56492cac9fc7032bf8750185424c7c02cb25e8fc434e1b1ea0cd39f738d7f3efd31ba0cec0db98f4a0035eaccf9db5b4a17c5307f5c8fdcd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
687b3868201e65ea2dfa6eec158325d4

SHA1
9819d6954e4d9980eda475471b89a0c3f971f49d

SHA256
0e73e4d621d8a9724273cd9f21af689009300ea5fc2d74b64ded9501932342ab

SHA512
852e8078a0f31d7bfaedf99be5f727ff219290486ab1d07d4375699770617a598fb4fc44fd4f05459121e9ad03d9197f1ed5d295b7820f436a1e90254c1b0381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
dbac3e2726b3f199864797afc7b3b5aa

SHA1
dbf05925cbd508eab39ea320eee36751478d9c1f

SHA256
e30e1da80f43c5a27fce64706247359c0220ab1a5beffc1856517b9f283bc5ab

SHA512
46c1b3abb9bfa76206e481e84dcbced71d40c64db907b7b3e095a939c65e7a88f2a053fce41cc224c9171603cee82a0a77f09560872bf319f9ab2b1e24216800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
762c288ae1a0c8b9b630e15a1ba78dc2

SHA1
98cd348fc20fbafb96f41e7705cb835892b95352

SHA256
ee654bde9613ff9eba6cebc78b2938d0551727189428498af310190f744519fa

SHA512
9612a4325c202314f4357e7ffe2e62d386089de193942bcffba6df4cbae6b2e9dc413335929862936566b0e37edc9be09bb40048eee0c6a7fe8f28e9be625f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fc3e9611215f566c6b51f172ebc02728

SHA1
b76e41f390287cfc0f8d576822c9c242fac7f10c

SHA256
e321c37452e80091ea093cb6faf9cf6f38d5d66dad732cc4fd8265457486f311

SHA512
6b7045c0b723d0dcf651c61c951f33993578918da9481fc5f040e790a6303af40f89e86aec1be21a8fb3424a29788a0e47f8f3444c97a7875463537aff8ff539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
289KB

MD5
c59dfc633cc42fe6ac0eb09b5846976b

SHA1
0bcbf11553cb86fe64238e1958c589bf472f5c69

SHA256
8e4701391825498bd2cddec5c6203c6b562ab79a6702781e5f50c6313e6a9fef

SHA512
6eb953d7ec2dafac1c80cbc2c9d11c69242a84249abe613a0b5156d944f90395f36a38cc603049295ada8576c04ef157683036736e0ed56063ee4e05033b33f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
81016c663e8ad7f05e414913837ab434

SHA1
8ba476a5e4f89631da86c73b1a897cfa16bc1ff7

SHA256
3b6820841e7ec4ba665c1d23df9283d50b01af5e0e5209e7cafb7363ac08e9ba

SHA512
bbf32c75a7d7912a950e47254e0eeb82e7222089a4ae0f9ad8c491f34f23a17253520705e84fa3cfe44d8e0dab27b2b050f44b36d1c158d36c296fe0752e963a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b0ee1.TMP
Filesize
48B

MD5
abb52988af26f1cc9b48446f823b50fd

SHA1
957262e7bfc7740e17801638011182dac916ed2f

SHA256
dc59a528cdc415426ce8a5629acbd38509f7fa2fa6c8e8f6a680f94ccdec0ba0

SHA512
a9368fcf790e54f0c0f2719b9852bde668c8c348e6eb9440279c9381d1a081a7a6183cd6ab97e53dbae2a6b21ebd1c908c096072c84e1368e78c0af8b9e04c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
257382aa8537049ed538f6f30f08d5a0

SHA1
43ad00667ebc7c563f19b853905b81ca5f399c13

SHA256
6f221ae41a6a74d2edfbde6a412ba90c6b8bcfc7ed3ba82da5da3c1a2e1ba6c3

SHA512
5622576705645ff133312c5c014e96570c1b8ebea310192fc5c2f3673978a5227b732beb07def50f215396ef16bf18dca8d15912d4f627230db15f3feffe3b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
04792ff6ef25e29a35ead5a31c14bd40

SHA1
f9a15bc32d4fc72ee284e1779c9d7e259312c75a

SHA256
cdee4494f013f3c2009eda7052ce9794fbd17ccc917d61c2d92599d0c9e86580

SHA512
635a9615acdb5e517a4434ace64d0dede26e2bc2b09ea99f2d706f542184756b2ed184ff10a2b539448db43e4771829b4f63ad76779d352428d5e040fb4e20eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
41a7c5f46b384b3564fd738cb9471e39

SHA1
80d1bfb87e0f56929d1b1e917386ccb9fabe9095

SHA256
fffd49ccf424f602bfba44003daf78787cf8cf2bec369256ba768920c00ec550

SHA512
730d65d5252b3e5b3266d2548ab95daff232a56fe8616d6a837ab8a871623e47a226093a417c5e427b7e99f1eb0dcb5a8d2539a20492abf0feb4580fbd1e140b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
61b086373da6794f1e6dd9d8ac58a351

SHA1
dd5d5a48563ee908c1ded3f73f10719823df2827

SHA256
64b0d4c161b498935aeaf18acacac41928ea501bd551a2ed69254cc21deab17a

SHA512
ca0b3368cc6286d112c735321f34ac887668032730979d86d096228f212cd70022abf465f040dee85fb96492c1b948342b03044825d116898b64456a557f379e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c89823b03c47201c7177dfea5151278e

SHA1
78a8c302ae85cbd486538cb74141b67bd2e8d0dc

SHA256
9fa08a13bf20d4d339e3e0b4dfe20282a8390267ebdac4fab274e10f42ef2d88

SHA512
6e030d910690fe921b3726027412e0bc9f7c6f3ca5d29dc270b9a03721ea08503daa08be3d2fc791365c96163ff5903054e58b966eec1337d1912a780f3254ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585e48.TMP
Filesize
1KB

MD5
19ce7e5502ffcc5a4cdaaf7ef281a1dd

SHA1
b2d79131c39b450632112cab4fea92e513bc4958

SHA256
f7972de608b581185b93cab342cc4f3004032e1f541bed7b9516d5619f043458

SHA512
e9d35a111cba5ff737e72eaac88f6ba7b150a4e50ee8978bd7909bc8263fd88539260bb08b6b4622a07d6410c44562dd94f9cc3350436a08b48113f95d91066d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e83600e92dcb9d230284d7022e5494bf

SHA1
bcdf41a3761db39167c4464583a395bc65019069

SHA256
54559fc11277796d56e819ab2b51a01eb934bcd6f2bc70a5aced96416f0f73ac

SHA512
46b8a4a9de02f15d382086f9049455bade2a8163a3475b13f981f001beb90431d01d85b346e7e02972f0d574da7ba7905708eae6c9fcf6896df976182f9e951a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5a285260d141057d7b8c3f7d29295b52

SHA1
fee438d7dc20c64096bef2b5fddeb28a4ea568ed

SHA256
1a634693df00ee1fbc0b83d5428cd8d53e755a36202d0b6a4e8ab74f8410d7fa

SHA512
75592fa7a8354b506d2e7569c605187d61eafea3c3fd853fdce55f55aa4b50ca1e9f8e689346747fcee4af785422c2d981d1c2c94b66d4b7c9a5a969cb84c66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
491bbd2eeb32acbaa70fce41c567087a

SHA1
5468be8b26c87f02b4c678b3dce04396122424da

SHA256
b61327c05f1b97e31f8e9cefa766ecb28b38dd73ef00e2556c9b489801a5203c

SHA512
26cf123ea6d140f3d1e5fc449aacda6e72217fa7f7fc0a9f65ff894ec37fb30b90b0563ecf37497772ebb6c8f4d8669fd2ed28c581b1f3da00b25c180157b2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\28623ed1-dbdb-4141-a486-9b6570596359.tmp
Filesize
841KB

MD5
c61389fca2661443d4e9dae09b66a40e

SHA1
6fd272b175126bff11eaee0cdfba06d116d61d1f

SHA256
e12ef168a0182030e4ae9b546e511765b4edd0563d777fd3bb304fe8381a1f35

SHA512
357970c1ae7401e3e70bca12ec33b63841ad1afbf617c95b259fae0283ba556cc8535d001f4268cc5722f2ef0cab587fdb97287429907dfcda848fe8322382dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\90ac688a-7a8a-4057-b106-91d995e77ca9.tmp
Filesize
1.3MB

MD5
aeab1dafe03e7894ba01726dfe291228

SHA1
bd29fdae9fa8b16e3210b19ad8194594bcf00f98

SHA256
1343216d3863a4ef1cc30c093af75b759ca63bc7fc0e0a4e6d1c353d6c6b380e

SHA512
a667eebbfe8af22c7e7e72e3ca7571b2d120b3e482c9950652224f24d8d502ad8177e74945be1ea28cfb269508a43116809bbe5469a19f472a4b8b9795e2f5e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\c3b2c7e9-ae36-4987-8066-c10315a9fe6b.tmp
Filesize
2.8MB

MD5
f75cbfbb5eaa5f46574955ed6651da78

SHA1
4ce276c03898e57667b401761fe1df5f11304a68

SHA256
643962e7cc16bb8e9edbea5f05473764199c7179d06a65bd88a0d101d1d5a9bd

SHA512
287847c5caae39fc80e90ae105a5fb0c9349f402872721c599eb9c9ccaf171437879f0ef8bdeae923bf4520befa316b60acd3e975caf8496f05dad24e1b34e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\cyvcgmyh.exe
Filesize
1.2MB

MD5
1bdb53c805326cfdade7263f1c227c66

SHA1
0118d413e0c26bc47878391aab7a22fc187255ea

SHA256
38ccd52e93f6ce1e86c2fddf70e2e55576e9e2947fd5ce599197151a788bbe87

SHA512
24e194357256b6ab785d4c019c59544abfa0147bce4a6584fd5c133050152b8502b38843fed973cb6612e4179f66ec11a1fe9d372583555223c70fae6f450479

Download Submit
C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe
Filesize
1.8MB

MD5
e5de5f5d386b52a45374e5f28465bb1a

SHA1
7aaa694ff3f73e302d7dc22b8be464df35b8d019

SHA256
7b513fdc1bb559d05ade6165f69b300b3bb263a27296f3b644cb819b648f5b87

SHA512
f63b1d643247a341515a5b449b58d9c437da863bfb82f695748b0d45b03a1c5e1566550ae8d44052db337f8aee4b9def1d261690d4371aa7e174870afa3d1d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe
Filesize
1.8MB

MD5
e5de5f5d386b52a45374e5f28465bb1a

SHA1
7aaa694ff3f73e302d7dc22b8be464df35b8d019

SHA256
7b513fdc1bb559d05ade6165f69b300b3bb263a27296f3b644cb819b648f5b87

SHA512
f63b1d643247a341515a5b449b58d9c437da863bfb82f695748b0d45b03a1c5e1566550ae8d44052db337f8aee4b9def1d261690d4371aa7e174870afa3d1d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\g13puhcz.exe
Filesize
1.8MB

MD5
e5de5f5d386b52a45374e5f28465bb1a

SHA1
7aaa694ff3f73e302d7dc22b8be464df35b8d019

SHA256
7b513fdc1bb559d05ade6165f69b300b3bb263a27296f3b644cb819b648f5b87

SHA512
f63b1d643247a341515a5b449b58d9c437da863bfb82f695748b0d45b03a1c5e1566550ae8d44052db337f8aee4b9def1d261690d4371aa7e174870afa3d1d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-566VV.tmp\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
Filesize
3.3MB

MD5
36b37e0b2ce4747ceac6f895ec3e1660

SHA1
1b961ff51b855a48626bf03326ac08c68744b3ca

SHA256
d189b03c957346c8beee98d3f2b1956381eefb67e7818b476e93494e28acd681

SHA512
ac8a2797769743106631a2aa8f36940ecad11c6c91ac8e86d1a846ffeb3005a3704ce1401290d9dca54b859a4c5ee261c8804f7b7e8d59a01047a3e1126d150f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-566VV.tmp\Precision Targeting GUI - Linkvertise Downloader_Mk-OyD1.tmp
Filesize
3.3MB

MD5
36b37e0b2ce4747ceac6f895ec3e1660

SHA1
1b961ff51b855a48626bf03326ac08c68744b3ca

SHA256
d189b03c957346c8beee98d3f2b1956381eefb67e7818b476e93494e28acd681

SHA512
ac8a2797769743106631a2aa8f36940ecad11c6c91ac8e86d1a846ffeb3005a3704ce1401290d9dca54b859a4c5ee261c8804f7b7e8d59a01047a3e1126d150f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\AVG_BRW.png
Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\AppUtils.dll
Filesize
1.8MB

MD5
43ce6d593abd5141a3139603f352ae05

SHA1
a97c75e23d275dddfde15ef5fdf3ff3253c0992c

SHA256
94e874f2702ea6be50e7d74864b66e7f763449c3db237803f3fad6adfd64ed3d

SHA512
bfc527529e5f73ba190dfc5bd043175c7e2ae963b665d6d39421c29e025020f1d593dc88b7bee33d86ef6b4f7a4c5e1a0339df4e99cab6849a275d1dda9f439f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\AppUtils.dll
Filesize
1.8MB

MD5
43ce6d593abd5141a3139603f352ae05

SHA1
a97c75e23d275dddfde15ef5fdf3ff3253c0992c

SHA256
94e874f2702ea6be50e7d74864b66e7f763449c3db237803f3fad6adfd64ed3d

SHA512
bfc527529e5f73ba190dfc5bd043175c7e2ae963b665d6d39421c29e025020f1d593dc88b7bee33d86ef6b4f7a4c5e1a0339df4e99cab6849a275d1dda9f439f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\DimensionUtils.dll
Filesize
1.9MB

MD5
ce2dc2cc12aec529511da19cf63ba802

SHA1
5b45c33a34df73920077f546176a3aa96df0f80e

SHA256
bde7cc0193ad2fbdfa9f072d9003bf1c82cd27e027b2e038343514f8cc8ee6d2

SHA512
98b5017e437b05639238b63bdf6cccdea7665f3fa0c55e87e8c7139551c213b1a63d641d588b950346ec66bb03b4800dc4e3dd4c60f80e0e76779b1ba58d2be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\DimensionUtils.dll
Filesize
1.9MB

MD5
ce2dc2cc12aec529511da19cf63ba802

SHA1
5b45c33a34df73920077f546176a3aa96df0f80e

SHA256
bde7cc0193ad2fbdfa9f072d9003bf1c82cd27e027b2e038343514f8cc8ee6d2

SHA512
98b5017e437b05639238b63bdf6cccdea7665f3fa0c55e87e8c7139551c213b1a63d641d588b950346ec66bb03b4800dc4e3dd4c60f80e0e76779b1ba58d2be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\RAV_Cross.png
Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\WebAdvisor.png
Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod0.exe
Filesize
44KB

MD5
2646e7b9b8f71bd44b76a1eb6b691189

SHA1
08ff69585ae0d87f25b5a8c6eb602ca6bc6cfad8

SHA256
3c943551f44783765919d382923798423c2268141622d7ebafe20390b3303018

SHA512
919761375b18cfef2a4a78447030635bd3e5ea5065e66b5a66a94a439a04679dbf3ba39cbf284cbbad614eac491bd5469431f4499cca7c22b64a6a961a5a32b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod0.exe
Filesize
44KB

MD5
2646e7b9b8f71bd44b76a1eb6b691189

SHA1
08ff69585ae0d87f25b5a8c6eb602ca6bc6cfad8

SHA256
3c943551f44783765919d382923798423c2268141622d7ebafe20390b3303018

SHA512
919761375b18cfef2a4a78447030635bd3e5ea5065e66b5a66a94a439a04679dbf3ba39cbf284cbbad614eac491bd5469431f4499cca7c22b64a6a961a5a32b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod0.exe
Filesize
44KB

MD5
2646e7b9b8f71bd44b76a1eb6b691189

SHA1
08ff69585ae0d87f25b5a8c6eb602ca6bc6cfad8

SHA256
3c943551f44783765919d382923798423c2268141622d7ebafe20390b3303018

SHA512
919761375b18cfef2a4a78447030635bd3e5ea5065e66b5a66a94a439a04679dbf3ba39cbf284cbbad614eac491bd5469431f4499cca7c22b64a6a961a5a32b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1.zip
Filesize
541KB

MD5
d6be5546bbce27020b742c5966838158

SHA1
7e9e355995b2a379f2e9d39b7028bc1ad27ca8ba

SHA256
49082ef6e5b8ceac180171309611eac88dac603684cde04e3725945a6722bce2

SHA512
c6c24da7f2d1ee3bc29e37bbb80ba68bb963f3d16a20eead4cb77e9c370a1cbb92a23073335dc4f1cfa21dc175419343045de6b4456165a256bf62466eeabd0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1_extract\saBSI.exe
Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1_extract\saBSI.exe
Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod1_extract\saBSI.exe
Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2.zip
Filesize
5.9MB

MD5
7b0f6e9c1e607427d0f180ac4f08eba2

SHA1
9a62388895b720575580ccf2667d633ed9bfca34

SHA256
c08fa28109da1394f039971efc2e8edf7a59413138dd8a62d26e456e323e6aba

SHA512
124f70961ff4aace95e60ddc9e3e3779492dabdc04d4b75028c3e6c308e77277a69041d97ee3a169e9d291c2e73f94ed2efd85ed4ecf8e572e6f09aad5e71b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2_extract\avg_secure_browser_setup.exe
Filesize
6.0MB

MD5
2099532cc61484aaa604e1a05d02a3a4

SHA1
45bf61807173015e39dff1813c3d8f3cc4b47bea

SHA256
ef02cfbadc8dde416cd03fd856919012896e652fecfb15a9d1b07299138b05c9

SHA512
a71508d95d84c1f5c3cff98fe13451b26249bb462badab275beb715ac9bdf9715402e422702fc7f33f510248d171336575cf82b8c640288e665025ae3b15fd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2_extract\avg_secure_browser_setup.exe
Filesize
6.0MB

MD5
2099532cc61484aaa604e1a05d02a3a4

SHA1
45bf61807173015e39dff1813c3d8f3cc4b47bea

SHA256
ef02cfbadc8dde416cd03fd856919012896e652fecfb15a9d1b07299138b05c9

SHA512
a71508d95d84c1f5c3cff98fe13451b26249bb462badab275beb715ac9bdf9715402e422702fc7f33f510248d171336575cf82b8c640288e665025ae3b15fd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\prod2_extract\avg_secure_browser_setup.exe
Filesize
6.0MB

MD5
2099532cc61484aaa604e1a05d02a3a4

SHA1
45bf61807173015e39dff1813c3d8f3cc4b47bea

SHA256
ef02cfbadc8dde416cd03fd856919012896e652fecfb15a9d1b07299138b05c9

SHA512
a71508d95d84c1f5c3cff98fe13451b26249bb462badab275beb715ac9bdf9715402e422702fc7f33f510248d171336575cf82b8c640288e665025ae3b15fd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJ9R.tmp\side-logo.png
Filesize
29KB

MD5
06b0076d9f4e2488d32855a0161e9c74

SHA1
7dbc3c098f7fb1256aeca79c256b75802b5fdd69

SHA256
929243f002eb4209a9e68af6744a3d63ece2b173c910a59d6752536dabf3870b

SHA512
7cecc1fc1c13f97dfe1ae7592918c9df16233851a8dd667ac2199b92fd24410a6ef76acfa014cd00aad2d27dfe2887f41100563cf2240f720466dbebaed0375a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3705.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3705.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\RAVEndPointProtection-installer.exe
Filesize
531KB

MD5
bf2e914733bf001b448a314f31ef73eb

SHA1
046fa02e698cf85770488451bea7f41a24a76a54

SHA256
1d11b67ac273fe87ff7bb64bd907eb0031b1b2e5314bd7d0be9abd2ab20b69a0

SHA512
1d5a04588193ba7a6a9e2732ae652a2731f3bcc87870d1cdb72ace5dcf4346af03d83742ecfb45695ae14c591289af6b56fe4ba0786b0b3edf999840780e0f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\RAVEndPointProtection-installer.exe
Filesize
531KB

MD5
bf2e914733bf001b448a314f31ef73eb

SHA1
046fa02e698cf85770488451bea7f41a24a76a54

SHA256
1d11b67ac273fe87ff7bb64bd907eb0031b1b2e5314bd7d0be9abd2ab20b69a0

SHA512
1d5a04588193ba7a6a9e2732ae652a2731f3bcc87870d1cdb72ace5dcf4346af03d83742ecfb45695ae14c591289af6b56fe4ba0786b0b3edf999840780e0f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\rsAtom.dll
Filesize
155KB

MD5
3a637d8b8f1a99b14420471e57b3ce34

SHA1
734a7876bfa0c9cbb0633707bd6fdd0691ca86da

SHA256
977934aefbdd50318cf0750cb7b49561a84c1935fcb48ba0867643cf0af64ef2

SHA512
4ec2b2ca07867a92dcc1dcfd11afdb5e6e1bd4058c3bf690c12fae2f10c7526eddf925d01e3034fdb6a0510bc484f1d2d054aefcceb2e6d0b31d5594161b5aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\rsJSON.dll
Filesize
215KB

MD5
16320bb73438e5d277450d40dd828fba

SHA1
469c1245e3fca774431231345c99c1d2246e524e

SHA256
34121f4827ee00b334395f69d79a7472ec478197635a2f6a7f0c8f92d70075da

SHA512
fec02a25ad687efebcf3de37c572a6b277045e60c57c50173e2c0c0411eb7b70ceef0df89beca1c12f1ba6e16551c77a3239141a3a32c1712be739818508621d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\rsLogger.dll
Filesize
177KB

MD5
e8cd93cc3df25d39b19a660412c27ecf

SHA1
749dae830391e6d213200b9a84f82a08cfdd4a04

SHA256
15f9af3bcd444ea719b3b251c6029e4310c72cc876cbfeccd4061ce9f29bd7ec

SHA512
d2f0b55acfa0675d0e322c08e111d9d828015eeeab7003b0c94734e00534d5bbc0f2eafe6d46574776a60d8c768419219b8eea680f7b19d1453f6d7f2525d12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\rsStubLib.dll
Filesize
241KB

MD5
4c28c10943a260098f311182fe870c68

SHA1
5cfce66a91ab121c9c08045a8d32e0c0b99941f6

SHA256
0692758d02737fef97a03c11bfee4b4d33755829eb8932f3911f2232f4b9e5d1

SHA512
7778d9c58762484095ac8edc85b17ca94d5a082b31a5f82660e6d7ca4fb01e70d579475d7d1b282c61aa73275caf73ff0767d4ecbae015ccc859cf23599e25f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\24c96cd3\00bdeaeb_77aad901\rsStubLib.dll
Filesize
241KB

MD5
4c28c10943a260098f311182fe870c68

SHA1
5cfce66a91ab121c9c08045a8d32e0c0b99941f6

SHA256
0692758d02737fef97a03c11bfee4b4d33755829eb8932f3911f2232f4b9e5d1

SHA512
7778d9c58762484095ac8edc85b17ca94d5a082b31a5f82660e6d7ca4fb01e70d579475d7d1b282c61aa73275caf73ff0767d4ecbae015ccc859cf23599e25f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\de5b4fea\a59372d9_4bc4d901\rsLogger.DLL
Filesize
178KB

MD5
779a9c208cfbad5863b16b723f663511

SHA1
f26c95e9e4919fdd65d94dffd3064ae68a59b22e

SHA256
8bfa3fe9d9f406e6b2f3edfd49283e2a24f55986bf09ea32ed88854fc1f193e6

SHA512
d56d8e2a622bef9eb097623059eadd6d80653bc0ef4354ef60122a9b22b19688c4cedbabd63b3f5f55b5d4699b4aeae8ba893725130e3a98bfe022ce84d39b69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\e0ab8254\a59372d9_4bc4d901\rsJSON.DLL
Filesize
216KB

MD5
cb4990912512e02c5dfefff94902d04f

SHA1
4c8702f1edfd3d9339c60554b95be48e476a9159

SHA256
738affc5900c28e70f19b75359e1f75067f7035cc4380b331597a27e57481906

SHA512
841363362d052e601b86b642a562579a42fbcc5742ed7b6ce0b6d4d7c0d0ff7fd94dd61d3e27ba50235203c0a6bb70b80f2badf1ea31255f13f8387e523fb7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa3706.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\f5b6b637\464564d9_4bc4d901\rsAtom.DLL
Filesize
157KB

MD5
0d81c611d4e9ca94f8179d4ae62e754a

SHA1
b8f752e9c18401a1215c47457d7940d1926345a4

SHA256
a5ff8148f56d9b080d51764c04a7bcd8302442046ce9dd8e11a4430466650035

SHA512
771e94b4b822c734948e454ff2dfb96bd59a0fa9078aef8347039657b53b2d9e1ee60ac8615aac4dfaeda3071f823823d020c48171e16dd4dd4e98dace37c3bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF495.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\03faec3a\23118a08_4cc4d901\rsAtom.DLL
Filesize
157KB

MD5
6a8559715305276683febc180e20cdc3

SHA1
1925e950450502bf4639affaba96cbf4eb7bb575

SHA256
2957a360d9692d7fb2b516f5e567c93be9fd32b0dba7b5009de9568888567817

SHA512
eba2971da49c5f5992120b15fbc5fa1b82884479d4f809677ab8aa504b33c07995d2cc53c34b8e26cab79c5768a9d660a1c975854f4b772db60d49873b01e0e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsbF495.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\e4e7a4ac\54768f08_4cc4d901\rsLogger.DLL
Filesize
178KB

MD5
b0d5abcff05912b4729eb838255bb8fb

SHA1
6fe88a4f5becc8a3b8992483ca49818b3b853d84

SHA256
5a4380d97b3b419b38b32e723f52701f3b09d7d6d2774b309684e829c1116322

SHA512
cfcd090f02b56d45d47349143a125232267976518fca1a3525af39fa72905510b1e8f06396da1e5258a89ae8568bbf4adaf2586194c54b3c16bccef06e1dc1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\AVGBrowserUpdateSetup.exe
Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\AVGBrowserUpdateSetup.exe
Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\AVGBrowserUpdateSetup.exe
Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\CR.History.tmp
Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\CR.History.tmp
Filesize
124KB

MD5
459f1dc4262aa4e60595a42bef373343

SHA1
319f159581afe786401ce1ebd2caf840aed19fcf

SHA256
91099770fe73baffa2d0d85cc037ac2444aaca39994b8ded07b686ad9e9242c6

SHA512
475b0e7c3587214ae0e8106af587b7041c775078e9362e9a9907899a62b25ab16dbf7ea5a6d02d502b621e7f31a758244d6a87104a25febccadb5bbde46101be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\JsisPlugins.dll
Filesize
2.0MB

MD5
3f4f65c3551435aa4f70b23db238e027

SHA1
10a50d1003a2da42b869527098758bbd0c5a0b93

SHA256
3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f

SHA512
15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\JsisPlugins.dll
Filesize
2.0MB

MD5
3f4f65c3551435aa4f70b23db238e027

SHA1
10a50d1003a2da42b869527098758bbd0c5a0b93

SHA256
3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f

SHA512
15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\Midex.dll
Filesize
126KB

MD5
00fd199d6b8d08446f4862c31b191ca7

SHA1
b6ff09243cb10e34ed8efbdd822add98585008d4

SHA256
1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24

SHA512
fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\Midex.dll
Filesize
126KB

MD5
00fd199d6b8d08446f4862c31b191ca7

SHA1
b6ff09243cb10e34ed8efbdd822add98585008d4

SHA256
1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24

SHA512
fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\Midex.dll
Filesize
126KB

MD5
00fd199d6b8d08446f4862c31b191ca7

SHA1
b6ff09243cb10e34ed8efbdd822add98585008d4

SHA256
1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24

SHA512
fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\StdUtils.dll
Filesize
195KB

MD5
9a44ba9a6e36099d8058fed7feb1ca5a

SHA1
457679105484f604606db9b7cfc809240620747d

SHA256
445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d

SHA512
34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\StdUtils.dll
Filesize
195KB

MD5
9a44ba9a6e36099d8058fed7feb1ca5a

SHA1
457679105484f604606db9b7cfc809240620747d

SHA256
445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d

SHA512
34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\jsis.dll
Filesize
127KB

MD5
465d5265bfe5b90f821235f0e13ba5e4

SHA1
da4d81c230b3aaa1e0dc891df8650e3a777da263

SHA256
ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d

SHA512
bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\nsJSON.dll
Filesize
36KB

MD5
18662c1acb667a9db5fb9e90aa0f5dc8

SHA1
d332202bad869e5c71f30bd816940b262cf24603

SHA256
608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66

SHA512
751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu3476.tmp\thirdparty.dll
Filesize
93KB

MD5
080eea7a54aeb7ea3d016645dec05bd6

SHA1
771e1b0fe952ace3d2af3985b0b8d06c65f4d902

SHA256
84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4

SHA512
a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5800_1682390845\CRX_INSTALL\img\icons\icon16.png
Filesize
700B

MD5
5774f763006cf6aa70cc18922524f993

SHA1
9b5e2adf1e3bba57fbc72a71240a584b3682fb42

SHA256
231afb7130b2e9ea943e42091b16dccb5e628649d8c55818b7fac632f5220260

SHA512
1014b66eeacab93fe3c60225febe6657296ebf11ca2e30e8598479f889b2dc91a83bc97b4b1558cb9a0f7347a883295e992676b5944da67d0edaf7732763f09e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5800_1682390845\ff2711e2-8f55-4a1b-965c-dd99d343a19a.tmp
Filesize
85KB

MD5
8b95d8c640c448c10060524da8336bbb

SHA1
790543f2119483be67344f01a49332d1635de1e7

SHA256
757d9bd9555c56e3e3a19e6394cd05ea2e471f2ad8a22ef7afbb1149e138651c

SHA512
4cbb330bc19c3e34d068aca161779fc0124340749fc0079571fb58a2fe2790203b13886dbfbb55f6f463b07457db716829edad19867ad928f4af8f3031e80d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk
Filesize
2KB

MD5
21512abd1f35d726cb2be1bc96951900

SHA1
49a6eb1ee9e223dad8cdb5ccd42e214d319a0073

SHA256
4dfb8f2eeead6334f781eb687e478a068782415a1aaf832f9b73c91b6bec3391

SHA512
189d451e09c363da93d21aa24526a374ee9084fd6ee5f78a943262b458a226535114c9da6141c899f37fedae797028ae385b0036d76868be78ca45536cfd9a0c

Download Submit
C:\Users\Admin\Downloads\Precision Targeting GUI - Linkvertise Downloader.zip
Filesize
11.6MB

MD5
b1e4470815759a9e0dfdaba407226783

SHA1
723a07885c5150041a3c9bf9c5874251fa94e30c

SHA256
f6e47fadcabec5859c908b43aeeae20f8dd54735ddffc332b76ec2429a3a83bf

SHA512
12b481d24031034057fa4f65c08527c51db50c15dcfd01553e35ceb20eb9dea3424ab056df1dcf90861df281f82ff08d1911f8392627c5dbf94049e81dc3f123

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_EB6311D6BD62C56F7F34EB13A854FC06
Filesize
1KB

MD5
660f67255b6104f8707add57f5d0d4e5

SHA1
b74aea52fa9241086c6ba5d8145087b5db314a05

SHA256
242402f1a452c6ee8e28154ade55856a3d2d397bdd1e26aa0b89ac43231d9f2c

SHA512
9062e93b5a481619b7ff7df0cac0787b0469f2f0865a3de5349aea163d38946a9bee4abb7f9928902b1e79afd1f6f9ec53809f0e2bf6e611866836417c1ad5f6

Download Submit
C:\Windows\System32\drivers\rsElam.sys
Filesize
19KB

MD5
8129c96d6ebdaebbe771ee034555bf8f

SHA1
9b41fb541a273086d3eef0ba4149f88022efbaff

SHA256
8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51

SHA512
ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

Download Submit
\??\pipe\LOCAL\crashpad_1388_NTAZVNMSBSLJHXYO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3516-599-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/3516-588-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/3516-645-0x00000000039B0000-0x00000000039BF000-memory.dmp

Filesize
60KB

Download
memory/3516-854-0x00000000039B0000-0x00000000039BF000-memory.dmp

Filesize
60KB

Download
memory/3516-853-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/3516-589-0x00000000039B0000-0x00000000039BF000-memory.dmp

Filesize
60KB

Download
memory/3516-542-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/3516-934-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/3516-580-0x00000000039B0000-0x00000000039BF000-memory.dmp

Filesize
60KB

Download
memory/3516-644-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/4756-536-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/4756-958-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/4756-587-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/5156-4298-0x000001581E560000-0x000001581E570000-memory.dmp

Filesize
64KB

Download
memory/5156-4245-0x000001581ECB0000-0x000001581ECDA000-memory.dmp

Filesize
168KB

Download
memory/5156-4151-0x000001581EAA0000-0x000001581EAA1000-memory.dmp

Filesize
4KB

Download
memory/5156-4259-0x000001581E560000-0x000001581E570000-memory.dmp

Filesize
64KB

Download
memory/5156-4141-0x000001581EB90000-0x000001581EBC8000-memory.dmp

Filesize
224KB

Download
memory/5156-4258-0x000001581EB90000-0x000001581EB91000-memory.dmp

Filesize
4KB

Download
memory/5156-833-0x0000015803F90000-0x0000015804016000-memory.dmp

Filesize
536KB

Download
memory/5156-921-0x0000015804400000-0x0000015804401000-memory.dmp

Filesize
4KB

Download
memory/5156-936-0x000001581E520000-0x000001581E558000-memory.dmp

Filesize
224KB

Download
memory/5156-838-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5156-910-0x0000015805D50000-0x0000015805D80000-memory.dmp

Filesize
192KB

Download
memory/5156-1141-0x000001581EBE0000-0x000001581EC38000-memory.dmp

Filesize
352KB

Download
memory/5156-937-0x00000158043C0000-0x00000158043C1000-memory.dmp

Filesize
4KB

Download
memory/5156-4172-0x000001581EA80000-0x000001581EA81000-memory.dmp

Filesize
4KB

Download
memory/5156-1111-0x000001581E670000-0x000001581E69A000-memory.dmp

Filesize
168KB

Download
memory/5156-4139-0x0000015805D80000-0x0000015805D81000-memory.dmp

Filesize
4KB

Download
memory/5156-1120-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5156-1122-0x00000158043E0000-0x00000158043E1000-memory.dmp

Filesize
4KB

Download
memory/5156-4158-0x000001581EB80000-0x000001581EBB0000-memory.dmp

Filesize
192KB

Download
memory/5156-856-0x00000158045D0000-0x0000015804610000-memory.dmp

Filesize
256KB

Download
memory/5564-4269-0x00007FFA095B0000-0x00007FFA095C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1529-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1724-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1452-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1456-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1457-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1458-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1469-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-1499-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1532-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-1550-0x00007FF6DB820000-0x00007FF6DB830000-memory.dmp

Filesize
64KB

Download
memory/5732-1552-0x00007FF6DB820000-0x00007FF6DB830000-memory.dmp

Filesize
64KB

Download
memory/5732-1560-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1598-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1606-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1633-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1648-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1669-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1738-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1727-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1753-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1758-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1762-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1765-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1769-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1776-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1782-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1756-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1749-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1716-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1671-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1618-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1604-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-1580-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1579-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-1533-0x00007FF6DB820000-0x00007FF6DB830000-memory.dmp

Filesize
64KB

Download
memory/5732-2309-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-2307-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-2306-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-2305-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-2304-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5732-2143-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1894-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1884-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1845-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1813-0x00007FF73FDF0000-0x00007FF73FE00000-memory.dmp

Filesize
64KB

Download
memory/5732-1791-0x00007FF735BC0000-0x00007FF735BD0000-memory.dmp

Filesize
64KB

Download
memory/5732-1455-0x00007FF73E9B0000-0x00007FF73E9C0000-memory.dmp

Filesize
64KB

Download
memory/5732-1517-0x00007FF6DB820000-0x00007FF6DB830000-memory.dmp

Filesize
64KB

Download
memory/5732-1527-0x00007FF7282F0000-0x00007FF728300000-memory.dmp

Filesize
64KB

Download
memory/5820-920-0x0000024F93890000-0x0000024F938A0000-memory.dmp

Filesize
64KB

Download
memory/5820-660-0x0000024F93460000-0x0000024F93468000-memory.dmp

Filesize
32KB

Download
memory/5820-669-0x0000024FADE30000-0x0000024FAE358000-memory.dmp

Filesize
5.2MB

Download
memory/5820-911-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5820-685-0x0000024F93890000-0x0000024F938A0000-memory.dmp

Filesize
64KB

Download
memory/5820-670-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5996-4309-0x000002A88D570000-0x000002A88D571000-memory.dmp

Filesize
4KB

Download
memory/5996-4318-0x000002A88D1A0000-0x000002A88D1CE000-memory.dmp

Filesize
184KB

Download
memory/5996-4354-0x000002A88ED90000-0x000002A88EDA2000-memory.dmp

Filesize
72KB

Download
memory/5996-4358-0x000002A8A7670000-0x000002A8A76AC000-memory.dmp

Filesize
240KB

Download
memory/5996-4419-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5996-4308-0x000002A88EE10000-0x000002A88EE20000-memory.dmp

Filesize
64KB

Download
memory/5996-4307-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/5996-4306-0x000002A88D1A0000-0x000002A88D1CE000-memory.dmp

Filesize
184KB

Download
memory/6316-4595-0x000002114B460000-0x000002114B461000-memory.dmp

Filesize
4KB

Download
memory/6316-4567-0x000002114B010000-0x000002114B062000-memory.dmp

Filesize
328KB

Download
memory/6316-4615-0x000002114CD20000-0x000002114CD52000-memory.dmp

Filesize
200KB

Download
memory/6316-4660-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/6316-4651-0x0000021165670000-0x0000021165671000-memory.dmp

Filesize
4KB

Download
memory/6316-4605-0x000002114B010000-0x000002114B062000-memory.dmp

Filesize
328KB

Download
memory/6316-4646-0x00000211662B0000-0x00000211664E0000-memory.dmp

Filesize
2.2MB

Download
memory/6316-4568-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/6316-4593-0x000002114B490000-0x000002114B4B6000-memory.dmp

Filesize
152KB

Download
memory/6316-4590-0x000002114B450000-0x000002114B451000-memory.dmp

Filesize
4KB

Download
memory/6316-4584-0x000002114CC80000-0x000002114CCD4000-memory.dmp

Filesize
336KB

Download
memory/6316-4582-0x000002114B410000-0x000002114B411000-memory.dmp

Filesize
4KB

Download
memory/6316-4579-0x000002114CD70000-0x000002114CD80000-memory.dmp

Filesize
64KB

Download
memory/6316-4616-0x0000021165C90000-0x00000211662A8000-memory.dmp

Filesize
6.1MB

Download
memory/6492-4502-0x000001FC28B80000-0x000001FC28B90000-memory.dmp

Filesize
64KB

Download
memory/6492-4594-0x000001FC28B80000-0x000001FC28B90000-memory.dmp

Filesize
64KB

Download
memory/6492-4566-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/6492-4503-0x000001FC0FD10000-0x000001FC0FD11000-memory.dmp

Filesize
4KB

Download
memory/6492-4506-0x000001FC29150000-0x000001FC292CC000-memory.dmp

Filesize
1.5MB

Download
memory/6492-4528-0x000001FC10250000-0x000001FC10272000-memory.dmp

Filesize
136KB

Download
memory/6492-4461-0x00007FF9E8F80000-0x00007FF9E9A41000-memory.dmp

Filesize
10.8MB

Download
memory/6492-4527-0x000001FC101D0000-0x000001FC101EA000-memory.dmp

Filesize
104KB

Download
memory/6492-4487-0x000001FC28DE0000-0x000001FC29146000-memory.dmp

Filesize
3.4MB

Download
memory/8112-4153-0x00007FFA09650000-0x00007FFA09919000-memory.dmp

Filesize
2.8MB

Download
memory/8112-4266-0x00007FFA09650000-0x00007FFA09919000-memory.dmp

Filesize
2.8MB

Download
memory/8112-4155-0x00007FFA095B0000-0x00007FFA095C0000-memory.dmp

Filesize
64KB

Download