sakula | ae53fdca2fd489fbfd1f2548ef0522d8099e66a6bd97f57a288b5e10f69af2ee

Analysis

max time kernel
153s
max time network
161s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
22-10-2023 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BHome.exe
Size

18.8MB
MD5

57602de14c4fe21a8a41b248eb1aacca
SHA1

745e046d2bfc1339ef2394252f8cf9b4bf635138
SHA256

ae53fdca2fd489fbfd1f2548ef0522d8099e66a6bd97f57a288b5e10f69af2ee
SHA512

0502000c18d2ba9d944e1a40c2e6e3167f3682b5d1ab28f784e827af9f045a180c29f1669c0647118323dd2c1a6084051bfc5f9bb536dec74262be00b4c3a168
SSDEEP

393216:XpwUHXphPX/Nag1pMzxrFGZlYTR2tZK7E0kWQl8IbkyY:ZwGhPXlvyzlFsjtZf0kdlBAV

Score

10^/10

sakula adware bootkit discovery persistence rat spyware stealer trojan

Malware Config

Signatures

Sakula
Sakula is a remote access trojan with various capabilities.
trojan rat sakula

Sakula payload 6 IoCs

Processes:

resource	yara_rule
C:\Program Files (x86)\BkavHome\BkavScanDll6.dll	family_sakula
\Program Files (x86)\BkavHome\BkavScanDll6.dll	family_sakula
\Program Files (x86)\BkavHome\BkavScanDll6.dll	family_sakula
behavioral1/memory/4284-267-0x0000000004960000-0x0000000004E6C000-memory.dmp	family_sakula
behavioral1/memory/4284-511-0x0000000004840000-0x0000000004D4C000-memory.dmp	family_sakula
behavioral1/memory/4284-740-0x0000000004790000-0x0000000004C9C000-memory.dmp	family_sakula

Sets service image path in registry 2 TTPs 19 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

BkavHomeSetup.exdBkavService.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib3\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib3.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib0\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib0.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib5\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib5.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib0\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib0.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib1\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib1.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib6\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib6.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib1\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib1.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib2\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib2.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib3\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib3.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib2\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib2.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib4\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib4.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib5\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib5.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BkavAuto\ImagePath = "\\SystemRoot\\System32\\Drivers\\BkavAuto.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib4\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib4.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BkavCoreLib\ImagePath = "\\SystemRoot\\System32\\Drivers\\BkavCoreLib.sys"	BkavHomeSetup.exd
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\HomeVNService\ImagePath = "c:\\program files (x86)\\bkav corporation\\homevn\\homevnservice.exe"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib.sys"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SysLib6\ImagePath = "\\SystemRoot\\System32\\Drivers\\SysLib6.sys"	BkavService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

BkavHomeSetup.exd

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BkavHome = "\"C:\\Program Files (x86)\\BkavHome\\BkavHome.exe\" /Taskbar"	BkavHomeSetup.exd

Drops Chrome extension 1 IoCs

Processes:

BkavService.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcnancbdijenfaameanloddnkbjhfaal\1.37_0\manifest.json	BkavService.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2876549C-1023-4AA0-82FF-8ED7112D5269}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2876549C-1023-4AA0-82FF-8ED7112D5269}\ = "Bkav Site Advisor"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2876549C-1023-4AA0-82FF-8ED7112D5269}\NoExplorer = "1"	regsvr32.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

BkavHomeSetup.exd

description ioc process

File opened for modification \??\PhysicalDrive0 BkavHomeSetup.exd
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened for modification	\??\PhysicalDrive0	BkavHomeSetup.exd

Drops file in Program Files directory 64 IoCs

Processes:

BkavService.exeBkavHome.exeBkavHomeSetup.exdBkavHome.exe

description	ioc	process
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxTopRight.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\btnBack.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\key.ico	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BoxTopLeft.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\CacheScan.db	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\key.ico	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxCenterRight.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\AppLog\BkavHome.log	BkavHome.exe
File created	C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\browser.xul	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\npBkavSiteAdvisorPlugin.dll	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BoxCenterLeft.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunDown.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomCenter.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BkavIcon48.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome.manifest	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\Temp\bkavcompfiles.dat	BkavHomeSetup.exd
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSafeRunStyle.css	BkavService.exe
File created	C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShell.dll	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFF.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\SmallIconFF.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\keydis.ico	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\button.js	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\AppLog\Install.log	BkavHomeSetup.exd
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunDown.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomCenter.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\ArrowBkavSafeRunDown.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BkavIcon64.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\ArrowBkavSafeRunUp.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\AppLog\BkavHome.log	BkavHome.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFFx.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxTopLeft.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\plugin.js	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\btnBack.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\keydis.ico	BkavService.exe
File created	C:\Program Files (x86)\Bkav Corporation\HomeVN\Home.vn.exe	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunUp.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSafeRunStyle.css	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\key.ico	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomRight.png	BkavService.exe
File created	C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShell64.dll	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\npBkavSiteAdvisorPlugin.dll	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\chrome.manifest	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFFx.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\sqlite3.dll	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunUp.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFF.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon64.png	BkavService.exe
File created	C:\Program Files (x86)\Bkav Corporation\HomeVN\Uninstaller.exe	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\BkavHomeVn.log	BkavHomeSetup.exd
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\ArrowBkavSafeRunUp.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\plugin.js	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BkavIcon64.png	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\install.rdf	BkavService.exe
File opened for modification	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\install.rdf	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\BkavHomeEn.log	BkavHomeSetup.exd
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon48.png	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\keydis.ico	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\bkavsiteadvisor.js	BkavService.exe
File created	C:\Program Files (x86)\BkavHome\SiteAdvisor\Firefox\chrome\content\images\BkavIcon.png	BkavService.exe

Drops file in Windows directory 4 IoCs

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Executes dropped EXE 14 IoCs

Processes:

BkavHomeSetup.exdBkavService.exeBkavHomeUpdateService.exeHomeVnSetup.exeHome.vn.exeBkavHome.exeBkavHome.exeBkavSiteAdvisor.exeBkavHome.exeBkavHome.exeBkavSiteAdvisor.exeBkavHome.exeBkavHome.exeBkavSiteAdvisor.exe

pid	process
868	BkavHomeSetup.exd
4284	BkavService.exe
5072	BkavHomeUpdateService.exe
344	HomeVnSetup.exe
4852	Home.vn.exe
3760	BkavHome.exe
2588	BkavHome.exe
3016	BkavSiteAdvisor.exe
164	BkavHome.exe
920	BkavHome.exe
4812	BkavSiteAdvisor.exe
3116	BkavHome.exe
5108	BkavHome.exe
1620	BkavSiteAdvisor.exe

Loads dropped DLL 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeBkavHome.exeBkavService.exeregsvr32.exeBkavHome.exeBkavHome.exe

pid	process
2644	regsvr32.exe
2472	regsvr32.exe
2976	regsvr32.exe
4124	regsvr32.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
4284	BkavService.exe
4124	regsvr32.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
3760	BkavHome.exe
5084	regsvr32.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
164	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe

Registers COM server for autorun 1 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\InprocServer32\ = "C:\\Program Files (x86)\\BkavHome\\BkavContextMenuHandler.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0937B0F7-CCD8-42F7-A9CB-5DA9D36F38E8}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0937B0F7-CCD8-42F7-A9CB-5DA9D36F38E8}\InprocServer32\ = "C:\\Program Files (x86)\\Bkav Corporation\\HomeVN\\BkavUhShellEx64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0937B0F7-CCD8-42F7-A9CB-5DA9D36F38E8}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

Processes:

BkavHome.exeBkavService.exeBkavHome.exeBkavHome.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	BkavHome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\HotIcon = "C:\\Program Files (x86)\\BkavHome\\SiteAdvisor\\key.ico"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\Tooltip = "Bkav VirtualKeyboard"	BkavService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	BkavHome.exe
Key created	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	BkavHome.exe
Key created	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	BkavHome.exe
Key created	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	BkavHome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	BkavHome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\ButtonText = "Bkav VirtualKeyboard"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\ClsidExtension = "{2876549C-1023-4AA0-82FF-8ED7112D5269}"	BkavService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\Icon = "C:\\Program Files (x86)\\BkavHome\\SiteAdvisor\\key.ico"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\Default Visible = "Yes"	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2876549C-1023-4AA0-82FF-8ED7112D5269}\CLSID = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"	BkavService.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeBkavService.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavSiteAdvisor.BkavSiteAdvisorEngine\ = "BkavSiteAdvisorEngine Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269}\InprocServer32\ = "C:\\Program Files (x86)\\BkavHome\\SiteAdvisor\\BkavIESiteAdvisor.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtocol\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\TypeLib\ = "{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0937B0F7-CCD8-42F7-A9CB-5DA9D36F38E8}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavSiteAdvisor.BkavSiteAdvisorEngine.1\CLSID\ = "{2876549C-1023-4AA0-82FF-8ED7112D5269}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269}\Implemented Categories	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0\ = "BkavSiteAdvisor 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\ = "IBkavSiteAdvisorEngine"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BkavHome\ = "{67EDE076-3F8F-45AD-9E80-21B0C531E972}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A97B29C0-426F-4535-9F29-CDC8ABE5DADD}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\BkavHome"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0937B0F7-CCD8-42F7-A9CB-5DA9D36F38E8}\TypeLib\ = "{AA10F6AD-426A-41CC-B673-24E228C0F3DD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269}\ProgID\ = "BkavSiteAdvisor.BkavSiteAdvisorEngine.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bksa\CLSID = "{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\TypeLib\ = "{A97B29C0-426F-4535-9F29-CDC8ABE5DADD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C461C70-300C-4BB0-AAE4-5AD033CA0B1C}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtocol\ = "BksaPluggableProtocol Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtocol\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\BkavHome\\SiteAdvisor"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\InprocServer32\ = "C:\\Program Files (x86)\\BkavHome\\BkavContextMenuHandler.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\VersionIndependentProgID\ = "BkavIESiteAdvisor.BksaPluggableProtocol"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6DE3EA4-5A90-4730-87AA-8671F1A8017D}\1.0\0\win32\ = "C:\\Program Files (x86)\\BkavHome\\SiteAdvisor\\BkavIESiteAdvisor.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0301742-B7E5-4B49-8BC2-692E40A8053D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A97B29C0-426F-4535-9F29-CDC8ABE5DADD}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{325BBF8D-FF95-4CA8-BC27-2409A2CD1D82}\ = "BkavSiteAdvisor"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavSiteAdvisor.BkavSiteAdvisorEngine\CLSID\ = "{2876549C-1023-4AA0-82FF-8ED7112D5269}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtoc.1\CLSID\ = "{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavSiteAdvisor.BkavSiteAdvisorEngine\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtoc.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtocol\CLSID\ = "{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{67EDE076-3F8F-45AD-9E80-21B0C531E972}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A97B29C0-426F-4535-9F29-CDC8ABE5DADD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bksa	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BkavHome	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AA10F6AD-426A-41CC-B673-24E228C0F3DD}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Bkav Corporation\\HomeVN"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BkavIESiteAdvisor.BksaPluggableProtoc.1\ = "BksaPluggableProtocol Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBCA127-FD48-4FF5-B523-0E0DB4B8C295}	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

BkavHome.exeBkavService.exetaskmgr.exeBkavHome.exetaskmgr.exeBkavHome.exe

pid	process
3760	BkavHome.exe
3760	BkavHome.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
164	BkavHome.exe
164	BkavHome.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
3116	BkavHome.exe
3116	BkavHome.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe
4284	BkavService.exe

Suspicious behavior: LoadsDriver 4 IoCs

Processes:

fltmc.exefltmc.exefltmc.exe

pid process

612
4044 fltmc.exe
1860 fltmc.exe
4292 fltmc.exe

pid	process
612
4044	fltmc.exe
1860	fltmc.exe
4292	fltmc.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

Processes:

BkavService.exefltmc.exetaskmgr.exefltmc.exetaskmgr.exefltmc.exe

description	pid	process
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeImpersonatePrivilege	4284	BkavService.exe
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeLoadDriverPrivilege	4044	fltmc.exe
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeDebugPrivilege	5028	taskmgr.exe
Token: SeSystemProfilePrivilege	5028	taskmgr.exe
Token: SeCreateGlobalPrivilege	5028	taskmgr.exe
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeLoadDriverPrivilege	1860	fltmc.exe
Token: 33	5028	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5028	taskmgr.exe
Token: SeDebugPrivilege	4736	taskmgr.exe
Token: SeSystemProfilePrivilege	4736	taskmgr.exe
Token: SeCreateGlobalPrivilege	4736	taskmgr.exe
Token: 33	4736	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4736	taskmgr.exe
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeDebugPrivilege	4284	BkavService.exe
Token: SeBackupPrivilege	4284	BkavService.exe
Token: SeLoadDriverPrivilege	4292	fltmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

BHome.exeBkavHome.exetaskmgr.exeBkavHome.exetaskmgr.exe

pid	process
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
3760	BkavHome.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
164	BkavHome.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

BHome.exeBkavHome.exetaskmgr.exeBkavHome.exetaskmgr.exe

pid	process
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
3760	BkavHome.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
164	BkavHome.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
5028	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe
4736	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

BHome.exeBkavHomeSetup.exdHomeVnSetup.exeBkavHome.exeBkavHome.exeBkavHome.exeBkavHome.exeBkavHome.exe

pid	process
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
2628	BHome.exe
868	BkavHomeSetup.exd
868	BkavHomeSetup.exd
868	BkavHomeSetup.exd
344	HomeVnSetup.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
2588	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
3760	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
920	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
164	BkavHome.exe
3116	BkavHome.exe
3116	BkavHome.exe

Suspicious use of WriteProcessMemory 58 IoCs

Processes:

BHome.exeBkavHomeSetup.exdregsvr32.exeHomeVnSetup.exeregsvr32.exeBkavService.exeBkavHome.exeBkavHome.exeBkavHome.exeBkavHome.exeBkavHome.exeBkavHome.exe

description	pid	process	target process
PID 2628 wrote to memory of 868	2628	BHome.exe	BkavHomeSetup.exd
PID 2628 wrote to memory of 868	2628	BHome.exe	BkavHomeSetup.exd
PID 2628 wrote to memory of 868	2628	BHome.exe	BkavHomeSetup.exd
PID 868 wrote to memory of 2644	868	BkavHomeSetup.exd	regsvr32.exe
PID 868 wrote to memory of 2644	868	BkavHomeSetup.exd	regsvr32.exe
PID 868 wrote to memory of 2644	868	BkavHomeSetup.exd	regsvr32.exe
PID 868 wrote to memory of 344	868	BkavHomeSetup.exd	HomeVnSetup.exe
PID 868 wrote to memory of 344	868	BkavHomeSetup.exd	HomeVnSetup.exe
PID 868 wrote to memory of 344	868	BkavHomeSetup.exd	HomeVnSetup.exe
PID 2644 wrote to memory of 2472	2644	regsvr32.exe	regsvr32.exe
PID 2644 wrote to memory of 2472	2644	regsvr32.exe	regsvr32.exe
PID 344 wrote to memory of 4852	344	HomeVnSetup.exe	Home.vn.exe
PID 344 wrote to memory of 4852	344	HomeVnSetup.exe	Home.vn.exe
PID 344 wrote to memory of 4852	344	HomeVnSetup.exe	Home.vn.exe
PID 344 wrote to memory of 2976	344	HomeVnSetup.exe	regsvr32.exe
PID 344 wrote to memory of 2976	344	HomeVnSetup.exe	regsvr32.exe
PID 344 wrote to memory of 2976	344	HomeVnSetup.exe	regsvr32.exe
PID 868 wrote to memory of 3760	868	BkavHomeSetup.exd	BkavHome.exe
PID 868 wrote to memory of 3760	868	BkavHomeSetup.exd	BkavHome.exe
PID 868 wrote to memory of 3760	868	BkavHomeSetup.exd	BkavHome.exe
PID 2976 wrote to memory of 4124	2976	regsvr32.exe	regsvr32.exe
PID 2976 wrote to memory of 4124	2976	regsvr32.exe	regsvr32.exe
PID 4284 wrote to memory of 2588	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 2588	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 2588	4284	BkavService.exe	BkavHome.exe
PID 2588 wrote to memory of 4044	2588	BkavHome.exe	fltmc.exe
PID 2588 wrote to memory of 4044	2588	BkavHome.exe	fltmc.exe
PID 3760 wrote to memory of 3016	3760	BkavHome.exe	BkavSiteAdvisor.exe
PID 3760 wrote to memory of 3016	3760	BkavHome.exe	BkavSiteAdvisor.exe
PID 3760 wrote to memory of 3016	3760	BkavHome.exe	BkavSiteAdvisor.exe
PID 4284 wrote to memory of 1048	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 1048	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 1048	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 5084	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 5084	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 5084	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 920	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 920	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 920	4284	BkavService.exe	BkavHome.exe
PID 920 wrote to memory of 1860	920	BkavHome.exe	fltmc.exe
PID 920 wrote to memory of 1860	920	BkavHome.exe	fltmc.exe
PID 164 wrote to memory of 4812	164	BkavHome.exe	BkavSiteAdvisor.exe
PID 164 wrote to memory of 4812	164	BkavHome.exe	BkavSiteAdvisor.exe
PID 164 wrote to memory of 4812	164	BkavHome.exe	BkavSiteAdvisor.exe
PID 4284 wrote to memory of 1828	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 1828	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 1828	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 5108	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 5108	4284	BkavService.exe	BkavHome.exe
PID 4284 wrote to memory of 5108	4284	BkavService.exe	BkavHome.exe
PID 5108 wrote to memory of 4292	5108	BkavHome.exe	fltmc.exe
PID 5108 wrote to memory of 4292	5108	BkavHome.exe	fltmc.exe
PID 3116 wrote to memory of 1620	3116	BkavHome.exe	BkavSiteAdvisor.exe
PID 3116 wrote to memory of 1620	3116	BkavHome.exe	BkavSiteAdvisor.exe
PID 3116 wrote to memory of 1620	3116	BkavHome.exe	BkavSiteAdvisor.exe
PID 4284 wrote to memory of 2396	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 2396	4284	BkavService.exe	regsvr32.exe
PID 4284 wrote to memory of 2396	4284	BkavService.exe	regsvr32.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

Processes:

BkavService.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	BkavService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2876549C-1023-4AA0-82FF-8ED7112D5269} = "1"	BkavService.exe

C:\Users\Admin\AppData\Local\Temp\BHome.exe
"C:\Users\Admin\AppData\Local\Temp\BHome.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\BkavHome2014\BkavHomeSetup.exd
"C:\Users\Admin\AppData\Local\Temp\BkavHome2014\BkavHomeSetup.exd"
2⤵
- Sets service image path in registry
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:868

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\BkavHome\BkavContextMenuHandler.dll"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2644

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\BkavHome\BkavContextMenuHandler.dll"
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2472

C:\Program Files (x86)\BkavHome\Temp\HomeVnSetup.exe
"C:\Program Files (x86)\BkavHome\Temp\HomeVnSetup.exe" /Deactivate /Silent app=BkavHome2018
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:344

C:\Program Files (x86)\Bkav Corporation\HomeVN\Home.vn.exe
"C:\Program Files (x86)\Bkav Corporation\HomeVN\Home.vn.exe" /InstAdmin
4⤵
- Executes dropped EXE
PID:4852

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll"
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll"
5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4124

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe" /Restart
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3760

C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe
"C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe"
4⤵
- Executes dropped EXE
PID:3016

C:\Windows\SysWOW64\BkavService.exe
C:\Windows\SysWOW64\BkavService.exe
1⤵
- Sets service image path in registry
- Drops Chrome extension
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:4284

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe" /InstallSDF
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Windows\system32\fltmc.exe
fltmc load BkavSdFlt
3⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4044

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s"C:\Program Files (x86)\BkavHome\SiteAdvisor\npBkavSiteAdvisorPlugin.dll"
2⤵
PID:1048

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll"
2⤵
- Installs/modifies Browser Helper Object
- Loads dropped DLL
- Modifies registry class
PID:5084

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe" /InstallSDF
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\system32\fltmc.exe
fltmc load BkavSdFlt
3⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1860

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s"C:\Program Files (x86)\BkavHome\SiteAdvisor\npBkavSiteAdvisorPlugin.dll"
2⤵
PID:1828

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe" /InstallSDF
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5108

C:\Windows\system32\fltmc.exe
fltmc load BkavSdFlt
3⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4292

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s"C:\Program Files (x86)\BkavHome\SiteAdvisor\npBkavSiteAdvisorPlugin.dll"
2⤵
PID:2396

C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
"C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe"
1⤵
- Executes dropped EXE
PID:5072

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:164

C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe
"C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe"
2⤵
- Executes dropped EXE
PID:4812

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d003106a014b4e3897a696b6acd07c39 /t 3240 /p 3760
1⤵
PID:2592

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:1048

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5028

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4736

C:\Program Files (x86)\BkavHome\BkavHome.exe
"C:\Program Files (x86)\BkavHome\BkavHome.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3116

C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe
"C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSiteAdvisor.exe"
2⤵
- Executes dropped EXE
PID:1620

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\5bb8bea30c77492781306ddaae7195a0 /t 2816 /p 3116
1⤵
PID:424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShell64.dll
Filesize
130KB

MD5
849de2625456c01b1c5e9423bff9c4bf

SHA1
5db6bd701791e0bc839ae9ee3f4070f6f3a98880

SHA256
63cfd425ecf7efba03137185f015b3b797b5dd72531cf9378a9b97c1cd753c41

SHA512
f482d85ff84e5ad6cd395845d12eac43d339003c0ee7df11a9e870cbdfa140a45eb5e3f78ed1dec04166a4147dcc54b5010744f2f5bcb343284b85f54799589d

Download Submit
C:\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll
Filesize
127KB

MD5
3f51a0fadb687ddbaeb5d774ea7c78e5

SHA1
eb3a101aee3a6409fd6ad41ed394c976872328f2

SHA256
fb55b1c99d983a50c8bac4ad513153b9e798124b0c5381138b3edba1d35a40bf

SHA512
24a48a5432052d23d9a6278a5d77e6d1cae70a39aee61e2828528cb0e9a54d3aed2d3b16c0242b2993a909558439a786a17a4120af6cef97011d0b882fc6d920

Download Submit
C:\Program Files (x86)\Bkav Corporation\HomeVN\Home.vn.exe
Filesize
1.0MB

MD5
7027b1e7217b0da5aa4121710d41db75

SHA1
33257c7f020e7fd3121b810b892aa956f27b395d

SHA256
0f71e5ab20d38fb31c3ba0fa4bb6c1c4381df1c36f23de2c3c58348b8ea1a3c5

SHA512
31d97ad7d8104e8d7f606d4150ed76a89408ea746826a5ae2add44ad0be2395a270d20be1d90bb62ac2779470d14b05800a251e2c5bd9528256b78f22306ce72

Download Submit
C:\Program Files (x86)\Bkav Corporation\HomeVN\Home.vn.exe
Filesize
1.0MB

MD5
7027b1e7217b0da5aa4121710d41db75

SHA1
33257c7f020e7fd3121b810b892aa956f27b395d

SHA256
0f71e5ab20d38fb31c3ba0fa4bb6c1c4381df1c36f23de2c3c58348b8ea1a3c5

SHA512
31d97ad7d8104e8d7f606d4150ed76a89408ea746826a5ae2add44ad0be2395a270d20be1d90bb62ac2779470d14b05800a251e2c5bd9528256b78f22306ce72

Download Submit
C:\Program Files (x86)\BkavHome\AppLog\Install.log
Filesize
395B

MD5
4c85025cf1755f0e7de5509c46668181

SHA1
8c9a164da82b19d1681848f69d61553d7fbe474d

SHA256
32e55a77d5f34dddedefbd19eea02cc6299cc47f084aac1528f56b3a18a053e4

SHA512
8463f5d6bd36b578b029359cf6f87b9a37e50ae3970d97274eee2e692b0508b5ec04b49a2e5457032088432410182674f4c2b250662cc5d9ce476d9287bc124c

Download Submit
C:\Program Files (x86)\BkavHome\BkavContextMenuHandler.dll
Filesize
118KB

MD5
19f79d562875497545654fee142a58e7

SHA1
0f3ec94d55bb6c7562e8b26b53393b45bf56324d

SHA256
e29955605bd14ea4d0a2bb35965ad6d9cec41f1b5d80e3824e332ae8205c2066

SHA512
b8abdf11229bf1281536bc89b2a7f51ac95878bfa886952b2ac15722585fbb22d291a9cca44efdc3f2a04e65e830804061598f916520e9f93858fb5a79764f89

Download Submit
C:\Program Files (x86)\BkavHome\BkavHome.exe
Filesize
2.0MB

MD5
9f75919dae6bbd08f31007bf2c839786

SHA1
8dfc34d9906fb9bb4fdf7d2c6b1e5030ac578753

SHA256
be94edd8df2040326bedeba618c3b1a7cfc38ff67dc9aac42e6ff10d9318cfd5

SHA512
6d44e98ec73aa366a1286fa5637e95443363355cbf56a5d4995223074628ea74bd7a599bcde352f930c83de8e8a723168e7baed88809871be8a3504130bacd3d

Download Submit
C:\Program Files (x86)\BkavHome\BkavHome.exe
Filesize
2.0MB

MD5
9f75919dae6bbd08f31007bf2c839786

SHA1
8dfc34d9906fb9bb4fdf7d2c6b1e5030ac578753

SHA256
be94edd8df2040326bedeba618c3b1a7cfc38ff67dc9aac42e6ff10d9318cfd5

SHA512
6d44e98ec73aa366a1286fa5637e95443363355cbf56a5d4995223074628ea74bd7a599bcde352f930c83de8e8a723168e7baed88809871be8a3504130bacd3d

Download Submit
C:\Program Files (x86)\BkavHome\BkavHome.exe
Filesize
2.0MB

MD5
9f75919dae6bbd08f31007bf2c839786

SHA1
8dfc34d9906fb9bb4fdf7d2c6b1e5030ac578753

SHA256
be94edd8df2040326bedeba618c3b1a7cfc38ff67dc9aac42e6ff10d9318cfd5

SHA512
6d44e98ec73aa366a1286fa5637e95443363355cbf56a5d4995223074628ea74bd7a599bcde352f930c83de8e8a723168e7baed88809871be8a3504130bacd3d

Download Submit
C:\Program Files (x86)\BkavHome\BkavHome.exe
Filesize
2.0MB

MD5
9f75919dae6bbd08f31007bf2c839786

SHA1
8dfc34d9906fb9bb4fdf7d2c6b1e5030ac578753

SHA256
be94edd8df2040326bedeba618c3b1a7cfc38ff67dc9aac42e6ff10d9318cfd5

SHA512
6d44e98ec73aa366a1286fa5637e95443363355cbf56a5d4995223074628ea74bd7a599bcde352f930c83de8e8a723168e7baed88809871be8a3504130bacd3d

Download Submit
C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
Filesize
106KB

MD5
79f4aea3769222d561624a2c0bed1040

SHA1
2575cd84300029b04dddd0fc5ef9efce8d1bcf1e

SHA256
41248775ff340d5ce20ba97da279e47571b80c51c7445277fea3e8280f11754d

SHA512
d3065641ec56acc6fce287f173dc32d616e62127fccb92e1a764032cc88d19c480ff86f8678a878360dc39c28b0411649d5123447771f030b7175077ef9e2c15

Download Submit
C:\Program Files (x86)\BkavHome\BkavHomeUpdateService.exe
Filesize
106KB

MD5
79f4aea3769222d561624a2c0bed1040

SHA1
2575cd84300029b04dddd0fc5ef9efce8d1bcf1e

SHA256
41248775ff340d5ce20ba97da279e47571b80c51c7445277fea3e8280f11754d

SHA512
d3065641ec56acc6fce287f173dc32d616e62127fccb92e1a764032cc88d19c480ff86f8678a878360dc39c28b0411649d5123447771f030b7175077ef9e2c15

Download Submit
C:\Program Files (x86)\BkavHome\BkavHomeVn.log
Filesize
326B

MD5
762b07105bb0f89263df749cf4c15c06

SHA1
77814d00ac9d6c9750de19d32e0ca38359300696

SHA256
661ca89ed7d5514a5b855eef1549c7596cc01b0c48e070de9029605e7d680d02

SHA512
b0af492c594293d57f2fe6ed48fe46bcb2f1998a3e04f6984756f91d0408e2527550dc181ba09181f8bddb832d9e9cf2628b794de05e577f80ee8e5a6513cf6e

Download Submit
C:\Program Files (x86)\BkavHome\BkavLanguageEn.dll
Filesize
21KB

MD5
01e24029f85e6d8c3d4e0f0881f908dd

SHA1
67e690be62f01f8eac863b439f88365117d07ba1

SHA256
b0c7cfba67024867340e4360c7587f07fa82c64e99d9d19bcf7c5124cb00a7c9

SHA512
d699ab3683ec96dc6045c0edbaf518b07cfcc4650310016af0f79c38faa215b8f3beb06d91257d4db87560317d96bee5d31820ade73d07209ceed4039c925ec1

Download Submit
C:\Program Files (x86)\BkavHome\BkavLanguageVn.dll
Filesize
21KB

MD5
01e4009921321b3c512528196c5df3ff

SHA1
61b7cc9a31c024ad27eda2afa301f97706bd7a37

SHA256
218464d22df4958c3edafe72d2187f99f1e27640fb7dd47fc038038d63888149

SHA512
a23588c0d855d87c304b27b5766f8b42959351ea97b7100fc26dd6417701d2e829162ad1c803716ce5e7da4c59b4b1e01119f30fce1f8ff8d0542a140ee3b45e

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll0.dll
Filesize
252KB

MD5
7002284294743dabdf7719ef832bb7fa

SHA1
3ad440f1793f8e56e400602b0c76f66e74fd8854

SHA256
e641050a5f60786cac6703b1750b7d64c61094637d5d50e7319e20046cef498a

SHA512
b5932a5809976b01bb46fe2a942dc52d2d8863b5d637e4a6333dad989a1ae94a308d7e92af0f82e1c7604707b81b963f0dce9eb5141fbe6d3b42c02ec9d40a4b

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll1.dll
Filesize
876KB

MD5
9b264ab97e3682c14d40845571746d1c

SHA1
c5d199533882795232b58d0ceecb4a6275d4b1fd

SHA256
bce140ec0f49ab298da931d7fa9acd0468b7927ee09117b9517204b85d634573

SHA512
30cb06cfa55dfb09ce299f12ccdcc79fc6a959fdc0c8187a1f096c19dc2c4e0eb70c3c1f38b4f86970f6b215d78d04deb7c7646eac0241bf07c12713516389d9

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll2.dll
Filesize
108KB

MD5
6df6c10c9c423efc38155d582c088996

SHA1
2be721227feb8cd4bcf1cfb0663877d8ea87acb3

SHA256
f5280affd6b3620b399adcc0a7c484fac26863e55f9f03dafb4beea00692c848

SHA512
05170226e6244083f9789bc7f2d94d65b9e53eec7303ce66a78742e799beaa97148b026106ad4fcf4d8d4cab50fdee88ac060cd77183e41413e6f183e6a55236

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll3.dll
Filesize
7.7MB

MD5
d07f4f229220c9f35da15f05b6faf8e1

SHA1
a603832a0b2dacf52a2d02848b7dad2161e80efc

SHA256
3fa9eb81ba7576d2c4cd255fe1cf3ff4b04830eea95f5fc12e91072497cbd956

SHA512
1e2ad1b257f6cb08df78f3736c551857255ab39eb9435a457caf9c403b9e39605b89eac1e9d1fdc47336cbc58b36ab8d0dadc47648b6a670e586ebf72c4439d4

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll4.dll
Filesize
7.8MB

MD5
a88ee26962791122cde47f6cbd0297c9

SHA1
c9612cfd247d64e0b95af29d29ce354ea7d03719

SHA256
be9a4c806366c9a1f155c71b415e842973169da12153d0b7b8d5d054a90063fd

SHA512
480aed21fb48b78d041724f9fe90fc287610e8a43aea19093fd3ba24a601803669480beb46977ca149e9f3b655b4445f6719ae6f2ce2e29979a9547a9abf1133

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll5.dll
Filesize
9.1MB

MD5
02f23c37541e40fe626bcd574d38ac1a

SHA1
bc99b33f08f79aa9d65efe6badbe1fdd5f60534d

SHA256
0773731226035dae5d1254cb99fc28e84bd2b8b56fe7c5a23c55e6be3873f658

SHA512
df1afb3784dbeeb926db7f427aae856ebd38b10b2c16fe014162956210a57f2f06d0d5346bbfe456288c00dc8840feedd5d9ba227fc6333bfdcac9d5c0eeb2dd

Download Submit
C:\Program Files (x86)\BkavHome\BkavScanDll6.dll
Filesize
5.1MB

MD5
18d2e4c2afe7200cbaa6030006f400b4

SHA1
03054af951a382794562fe61ed67e1eb8ca9ae9b

SHA256
bc794c08b5f406b4d426054d2c294a5a7e2b966302d2b3f66f2e2bfac6d28212

SHA512
2a88081f44bb8732c0f0e019828269bf1b01ecc30bc933924af33fdd008f1afba1f1124df593b46783e1004c169342b724acfac2650a3f4e93461eb3403462c7

Download Submit
C:\Program Files (x86)\BkavHome\BkavSkin.dll
Filesize
1.7MB

MD5
77018cc51a7fe24742629a9a81835a18

SHA1
3275d59cc0c0fde2b452684d46f1a62cfca4cfb4

SHA256
6bc4359b340a63146b9f3dd77e369f707b9bc7e8fb21c51708fe8d27e529779b

SHA512
814558012d4c66dc07c7328e096edcbb28dd2301508c1543903f2c5670def61cab9ce49b6d199ff0aa723056cb7fdbb018a2f7e27a4d61244d642d231a749992

Download Submit
C:\Program Files (x86)\BkavHome\BkavSkinManager.dll
Filesize
140KB

MD5
078aebbc7b3d1eeeb4fe9acb11448be4

SHA1
d826605fcacafb8959480326bcd5a39a3de251f3

SHA256
873821d9661d431783822aad684996f6d77345fefe684d2657bd94b34a5851b9

SHA512
7521735956deb67ecef0c52e088157afefecaca94af34924da4485593043b2454e9541a50fb7526902eb56bc77763d08606bb168f7fb48c683836b267f75b571

Download Submit
C:\Program Files (x86)\BkavHome\CommonFunction\PatternCodeTable0.dat
Filesize
2.5MB

MD5
62b183b30f5dfd39c95ee05910c796ea

SHA1
93509e28225a7502f2a3f9d43d792ac2b5a7a7b4

SHA256
7d6be381dedc815a658903bdceeb68e7dee3337d3f2f5a9ac54f5d002b7992c5

SHA512
55d965f2fbe9b0e2b8ccb76b9cb098fa938f4e3deb9c696c930d29aba7e9bad88876ea633bdd90b908c0cf24a8313a530df720fda54a149ab498163ecc50e3ec

Download Submit
C:\Program Files (x86)\BkavHome\CommonFunction\StringDB0.dat
Filesize
196KB

MD5
8eab0fb46724907cee29a355468ed9f6

SHA1
8e3d57572fac142ee2df225a3706eca44b508010

SHA256
b5ccf66becde4b6d3a09e0fa7da49a9cc2b9624d777ccda5b6b25d067955ad63

SHA512
d805d861ba4510176ce986fb66769b3fcb77a36238a0cba3755c1f949b24ea26d14fa6ffb0e572658201e5176fa716b87822f26a5f524961fa95b59285585fa6

Download Submit
C:\Program Files (x86)\BkavHome\CommonFunction\VirusDef0.dat
Filesize
3.3MB

MD5
4f39b31bdde5f5bb58000ef41bfc4064

SHA1
efc4bdf789a90a4b5c6eecc1a824e2358dce48ae

SHA256
520dccc6ab1f2f8ab45be5302e8ff1efb0ec63c437080406fcf855dee0f8082c

SHA512
5e0b27423c0468a3d0351de990e7263df8bccc9e77e1fa602ab0aef8ea79b99e22958dd77e0bb34222206ecc0418c28077e7738d540486e4ee0a0ffd7081fab9

Download Submit
C:\Program Files (x86)\BkavHome\CommonFunction\VirusName0.dat
Filesize
1.3MB

MD5
d67456618987f46920fed4e9d9131cc3

SHA1
b10292909e61aa35135089935a4dc0aba98c7d09

SHA256
2746d65a0605829d5c9aa459fbb1941a515d10e85aff4caafb9ecde8348da8a1

SHA512
f5cfb7e4ca9899953ff5dbb9e309503cc4b4a4b49c040250878634b723165ac540096192776a0e3fc4761d4f7bbde06a12ba57aa0ba36bcaf272e18ae0604df4

Download Submit
C:\Program Files (x86)\BkavHome\CoreLib.dll
Filesize
81KB

MD5
8053f8edfe1401f56bfc6e8e5fae55b8

SHA1
240a5aba6bef8e33834de32a6b52547fb771cf78

SHA256
b354dc0f47a0ffb7abcdecf0fded8971204985497fbd0b17aacd5c3a9033d34e

SHA512
48b7edbcfbc815e369984461fdb66b3457d176cb597231fa9d53ce29755d768d7e6ae897b379ca631d10cc9857ef49a4cc2df627e34fcbfb1e8fa9184187fc5f

Download Submit
C:\Program Files (x86)\BkavHome\FileList
Filesize
2KB

MD5
209bdb60563677edd38b922da6c882a9

SHA1
71a0820e4f0c7ab0ff53397ffc902f23907fe083

SHA256
13e350db3d6caa9422bf6fe0635dc1b5689545fc0e5074753fad251bf597e7e7

SHA512
2dcff3a0b3c380753ae6f75d8480d84d611c0dec6adea5a20357913d29ab3a1a75d7ea23033f7e77af5c47b1b94880b05fff6dcc56faa2471913a4e22286a46e

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunDown.png
Filesize
2KB

MD5
68c28a87738f803b83f8be1cf300eb53

SHA1
f141fb3f78e58e3c18120d5996bfcd6276308a6d

SHA256
d20df2074f79ccdc849aaa5f0675955aca4f9741cdcaa845fedbc87e78d8d6d4

SHA512
bfd122afe76cdab644eb9388691a65a1099aa358c1ef183e72a8d552cd55885e25809fa9a2f317348c42d9da971b1026d0efdf7b4ec02456f360ac09c916ea93

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\ArrowBkavSafeRunUp.png
Filesize
2KB

MD5
032574ddbb8497148fd8365a5f5f2895

SHA1
e93fde57bc8f759bf476a1187cec466d0f235390

SHA256
1207ab1c69ff9b43a625ee3e62eabe78319d06f83b9321610fd44b0d7a81bc9a

SHA512
2c67fa5880eecd9639a103ef94daaf23888a7d5ceee9df154f2f6563b2b8d57bf52d73bb7e52e7409cd970d95014dca9d80ac948854e431b4cf9d4aabe9a28d4

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavChrSiteAdvisor.crx
Filesize
559KB

MD5
9e904c88c8443ae5d475e4f4112f2a0d

SHA1
7da327742ffd8253f1b1645f0e042fa04275a25b

SHA256
2acc4eae97f7a49b747f2d6c3883dc11b3c76244b889aa5c6604cc4a0f359142

SHA512
ea10ff00cba3760caeae7874832d4341f416992217ad19f892363bc63d695a1725433dfbd7935edb1bb6064b6aec63f9208d2d5f6b4c81659f7a90ea690d6005

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavFFSiteAdvisor.dll
Filesize
275KB

MD5
918bbe371e6e0e82b12d5112d3d025c1

SHA1
b5802fe3c930729b87e52279cf444882cccf8e07

SHA256
c4e311a5110d96118256646ce58b3585fc3dff921cb0d428f2611371bfc2e0fb

SHA512
fe04806d74c7c18527412e241ff5ce48cd71b893e395ab5ee7dec825407c29576d21f271c511fd99186d62ddbeaf729824a0693d0228bf1ed8be7035d9a0fe5a

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIESiteAdvisor.dll
Filesize
188KB

MD5
073254069f5fd8ae0a9bbff477647497

SHA1
4ef6a699694f781eaca6f0604c456502b8f20817

SHA256
e526a513016f22518b9440f43bdc05658045a3993cfff51f4a8f01074f02695c

SHA512
6991acffdad00cce85d5424385dbdc4e4b346bf2af3c5884cab07a11b686e9df185f3422267687163aceb313d78d144edffd8d89582a6cb84170954b48c86bf5

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon.png
Filesize
16KB

MD5
802eda5874b317c0f41f9e57bc80e35f

SHA1
3a6307faa7403031a9b26528938655af7f3b3454

SHA256
adc6c1bf0c392e912115b0228298497771ff4ba5bdbdf168a7e94ada179a0688

SHA512
b554643e5fa1234e4159cb679a353f60f3acea9eb3331cf6c11976be0e2f486e27ece26ab936385156009e8970b36f7bffb4b4e7d6f473addb242bc0a8adf98a

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon48.png
Filesize
4KB

MD5
64e5c9652be8e9a16410a8a09f10bab4

SHA1
0958fb45faab76c7f2e282f1f3bb01515f973b0f

SHA256
c1322d99bb69fd74cf53981c9014dfdad6f4a544ca5fc1ed5ea97d6638745a6d

SHA512
f133ba15d406e30ae6bc9d2a774d3b9dc34be365f426122d7066e87669517aa30e12a28117450f584fc639c7596ecdad64362f035575d645e9c6d5370066cf7d

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavIcon64.png
Filesize
22KB

MD5
c073b81661e399e4badc4f3e5d4b9ac0

SHA1
336c9f9bbd9514ce1ed63799cf59a18d5507c851

SHA256
ef360a5fa0c6ca5ae7e7890030a414f57d4b3fff242f24a1418444b1585e2240

SHA512
22a1c2297e4acf8ec0fc69aedf6c0f113084462da32f37c1f7ed2532b5c4888d86301f0d6bdb3b96598b5c56ce7c2e720b603c9caf620edd86ec0a8bb96424d5

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BkavSafeRunStyle_FF.css
Filesize
2KB

MD5
23b8a6c178eff5020d1688ba4ec56947

SHA1
fe88a598633a1d6c352a3cccf28f48677aefb7de

SHA256
0b81d076f74a2ec5d64101dbcc41a36950398415fa79d9c5afcd7eff263e79d4

SHA512
844aa611783ffd54da133bb6f8e31f5f80ee63c81e46014204e28cbda9b2bebdfd45f9435e169b48f0e6ef4d092643438aa6c4068fe458ae9d162ca20bbd6d8c

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomCenter.png
Filesize
94B

MD5
583a2cbc4264087a599506bc7883831c

SHA1
c0d39c07894b22e58d2ba4cf9534231c44672bf6

SHA256
353513e37154f698778f75783a1aab4a96a28ca319e5e567905af5be65aaa16e

SHA512
39ff2013a435bf7f07971e477fe42bdc4be309771da05e3d3b166cff313be3420dcfe0fb500c633dd6f47cc6d697bec50be1e0c0df89656eef8a6cd48bf556cb

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomLeft.png
Filesize
2KB

MD5
c09c7625aa0639a3223666254ced6637

SHA1
d8495036cf0b37631dd833d802db5b0868793163

SHA256
cd5369d0a0407afb2d672bd4f6149eed8ea9cfc17926aeeb20561dccf43bf6cf

SHA512
4817e5c2592e842fdc76a07f9d14fc72ee20922ba2cd0a5ac92eeaa36744a02adbb235c582510ef86f0fff769f4dada50f0d219ecd8b9a862a0d9c8e397e2954

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxBottomRight.png
Filesize
2KB

MD5
eeedb2b016139be51fe44d1bde0c43c3

SHA1
368e2d8e33800221b36a85bd2e059b327cc8f5a8

SHA256
1797a18e6c0df9bd4d15517ac9e6c539a9d711c513a4619d783a364cc2e6eb08

SHA512
9ba92fd5ce6f2c5f05b7cc04cf75d4193ba5fa69dbb52f6ffeeb88539a3578389fa67a42894d05b8109d6656186975d6f06fc1d91d09a814a6f808097eabfd4b

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxCenterLeft.png
Filesize
93B

MD5
a5dcf12af07145c6b04a38607784ce9c

SHA1
70caa413db0ee8cf0ee35b6bdc778bf672107a17

SHA256
aca445d7c9bc6a860f8502f40c73f1a7d238e7fed8ddecb831a01a60867256f8

SHA512
1f94ab22854b08e591effe73e9e6eddc56fbd706d429a9004f77d548071df47b27b1fa1bb32cc58b0c08fe28b653d8ca8f8fa84f30293c72712eb9f793e02258

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxCenterRight.png
Filesize
92B

MD5
3f6bb7c6a81603715076a1cdaae54d56

SHA1
edc39f56aca85cc3967db219a7fa24754070f3d4

SHA256
9cae3909d8f81f167e0c33af9dba7b01c204bda7663b644279e2fc1ffe99de53

SHA512
0beba13d22615c13964011113da04fe88894ae9fa5f2b839c67eba4dfa46cbe7b7d93dc187dffa29ca4940da9ad3ec60028ca806fc712872c9ce89f707d29cc1

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxTopCenter.png
Filesize
148B

MD5
3e8f0c822118449dfe86022dc688752e

SHA1
b48cd9b79113aa1a29de89e5471a872bb689244e

SHA256
5ac57b3553f3b3b352b345c2a4455424480124157007112fadc1cc9a5d2fa152

SHA512
6a4e56ab717af76ffd9a339788d1866e3c1ce9e7e8eda4560bea694bcce325b983999d28782521ccde14c6193679472b72070c0c56e69e1d31de4288624c35ff

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxTopLeft.png
Filesize
2KB

MD5
1a127f999fdd90dfddf005f40dfca659

SHA1
e770aacc18afe0fae763042ef985d0b321e1300b

SHA256
70a228eb5b61e9e27db0d7bad6ac2cc71949e97e9cbe7ba1f102d9a0a42e3f3f

SHA512
395d1b946cdea74863c1ff0d895bf30270da2eedc5497203fa14a73da22034da8c3b4c3469341cdb02569e9f1e8a12c370f223ea03aa30bb75d73557aa17ce12

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\BoxTopRight.png
Filesize
2KB

MD5
59064033aa98e75cc102fa997105ba02

SHA1
713a50cbb31defae984fcb21d494fb8c5a9b7905

SHA256
b66898909715ac48ef7a0149515a8b295a3359dac28d3ddbfa79eb5523a003d7

SHA512
03b6653e13b9c0528439c16e1a0a1536511cd848502147b0ada3b77f15f841384a45c585323d6a81226812609794a68670fc4eabf20a00bc3f27be7af359b268

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFF.png
Filesize
3KB

MD5
6846021af4515ec453f2a6d775af09c7

SHA1
d8fc9c4258e26cf98e15406b01aeea342341dabf

SHA256
aa0d68e701621450132f8c8b15733787d05cdcb66a6cd1d84afb3fc95d824c1b

SHA512
8b97105177cba47b0db994c0c4b0a9c46ccd742ce816275a139a9357e3ed3ecc0d411cd030e589f8c33c6463e4f1f1e433b9ec17b0b9ea9edd717f2ea2def6eb

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\SmallIconFFx.png
Filesize
3KB

MD5
8e74ec235d923359b7bbe8c51801741d

SHA1
76a7e038c35f6110d63acd269bfc6264748cbd9a

SHA256
27dd54a51530451585439f6d819cd75bbff7c086a1258e32c052d4324cfa088c

SHA512
df938595a43e06bfa661473f417fa1895b60ea7bf93f8d9dc435b227bb38be6b4d26a9298ef12994a05d26380dea8391829bca603d0b607480baa44372229998

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\alert_FF.html
Filesize
12KB

MD5
c78a98b6f6538b1cc13adfe43b6b65f4

SHA1
92dd2597b9b1e67a291235c2a0f2d70628574857

SHA256
33a6ce419b1794103dad8d7c9b737e4bae44ba20405969be4a81871488c59ede

SHA512
b4fa4e9e1ced68b9c5f91ef2d10f5ad76fd1cfb1c41aba2c71a17493b7138e4cad2bc529b4e4de07a7923b7d2d2289a3b1c77c23d530c70d03a19c5e3e20951b

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\bkavsiteadvisor.js
Filesize
18KB

MD5
b1e50d90c7a0f3bc9e10c86516783ea1

SHA1
1d4bfc2506b28a74a0ecacc7ce6637c73e07e870

SHA256
11898081d9961c73f3ae1bc7e7d8ab0abcc4f172d4ee751e9d0cdd2f09d70e2b

SHA512
99048568c8ce46706fcf486eedbd15e5e4300cf94e19a4a4b945cc7e1437878bc61fb76e356cf325314916946fd2ac0e317e258791caaa2487ab7a5789b3db32

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\browser.xul
Filesize
830B

MD5
2bc810522aaeb7b2cf067ad91a4ce7bc

SHA1
07d5043e04d40af1b93e1551c1fb52e5f17cd8d1

SHA256
b94bbdd0c63cbbdbd16ba30d25cfa6d964dde3790160ee860780af6d4ecea0f3

SHA512
e47eb55f8cdb42c4656a10a45cf501087119250f38b9f92c43a9100b4eabed9b838ea93689f078812c8a508d0ec37cd6cc42b73aeb41bc9ac2afe0a1a4b6acdf

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\btnBack.png
Filesize
1KB

MD5
95c4b7fc5c49bc776ab03525ca22b095

SHA1
46f2834c7f5f37ee68eba6a43f536e196b6c9092

SHA256
bac7ae43397784c53cc7327780ce2f63b580f8d7bddce99acaf782f1d13f0b0f

SHA512
0ca8602039d3905ba1c8dbfb86da7d11f41a1f1d9321c2a13b6e18697bbb844ceeaf86a90ba5dd43ccea5a2d5858bf50e901eb6fc49f48f3580672d76ce24e70

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\button.js
Filesize
2KB

MD5
06d08b3564e1b7e71768b7317a4ff14d

SHA1
6206b61b2453caebddcf1ef5c8cfab5dff93cc21

SHA256
0463fd3945c16256ff65acc17d62df49518d44d2b87daa0743ac2df6c9042902

SHA512
e0a9e7ec44b3edc25054c53ab85be7b8c718c1c44d70f3c9f4270c89ea20dd5d1320c3e10ff71a5a44e15f2beedeff294fd23bfb383a2b7fa3c4cf3970a8878f

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\chrome.manifest
Filesize
314B

MD5
3e54619b4770c7464c8efdc911f1d0d4

SHA1
0c61dbd75bcc7c3c0bcfd6e3191ab9b5a784a3f4

SHA256
fac4c7184f5969ffedab81986f4cdb38bddd60341afeb2bdf3d3a71a7b6ba7da

SHA512
fbde3d805eccafc466696a87aa51df8c23bf4c56dfc84609ab6a7a3694d5bbf0c4f643e5836c090d8e54f2a560fbe15ec1ad4e5a6f58a104c18e901fb1af9e8e

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\install.rdf
Filesize
839B

MD5
a052c4de9b77a29b9e473b2a0b8e8531

SHA1
8d82f223911552494a72803d2e2bcf84a2287da8

SHA256
0a17dcce0e861dc9ad9e67d9de84f968c8059eb5be74a14819029deff1f6f5d3

SHA512
f6e68e7bfc64334b02ba30a05a4559bfa703c0f9e7ec79fbbabe0281bbc28b5f6762e922e33a42171137d865f5e54e9fb2a93d71682d8cfadbaca07bdf0725af

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\key.ico
Filesize
24KB

MD5
5035218ea43224b2e36981bac9188878

SHA1
aaa0231639076e2a135dce9cbe3b1944cd793e2c

SHA256
11c063a77aa03aa5388d21003b2ae1297f57710775aafb03c29f6835cdd49359

SHA512
a454aece653034e9484c2b2ec7a8a1d0baa961a69aa0faa6a8857e51849e22d667aa899a0b2fa803e0e071b19b41835006f83e6d7a2f545beeb73d9219cbac64

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\keydis.ico
Filesize
24KB

MD5
997590c0c50174f632bd05f36a5847f3

SHA1
c9a253da029a1e30a7d14b6f13071317d76a86ac

SHA256
c94e8f6cd9d961c43192a469cf94aa3bf0a4fd6730d4dcef20af73ab6e563ceb

SHA512
cebf1fd188bcc8c076807831385924d2bae3ccd4af2e265f66b3ecc3f5f582301c32e6b4d4a0e6bb23e5368f8ecfb526451c92a8d8fdb9a4a0fcee02e3b3d1fd

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\npBkavSiteAdvisorPlugin.dll
Filesize
1.2MB

MD5
265df5b9377db0438701b287e1a5c24b

SHA1
71dac3173b6c6f080fb8f7030ac4a664a85c527f

SHA256
d5cfc99fc8ceec09808a1e0ebe9dcbf132a5d3be554a80328009922abec16117

SHA512
86ed415e6719730e0d697bff729f96c92f34026657bcd23e8d62cdbd6e1f0068480f9d72d040df1010636ad3ad06c8db2045a2e81da9aebe57e9e9f3c52016c7

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\plugin.js
Filesize
8KB

MD5
9a7a91c98445c8936f07324da6ad18be

SHA1
f9d63fbf2acbb64e45fe1aef1d37837e7fe1a363

SHA256
a27ba7aadd2390938c645b2ac2858f9ee8235f3b0073cfd7c9aae74d8ad049dc

SHA512
3aaa801f3dfbec6d5ea1718966e3ac19e0da6aac43dfb26e2ee8ba4b0f2a5860e6d4858549f3490f3a38367b63eeda7b4e07f792cb640671af7e1667860b93e4

Download Submit
C:\Program Files (x86)\BkavHome\SiteAdvisor\sqlite3.dll
Filesize
548KB

MD5
8e9758cc0f272009ba08216f8c47dc8f

SHA1
1e8baea44ae758ed09e49ca9846bddad5a72b740

SHA256
d4ced15789518788a6e7629257ff3d71a648dd3cc27deb4ffc124ad24f59386e

SHA512
06f6c1f029b04d1cf9dadb662ae9b737e9ff139a20aa17008ff1a1bc810c12522e2fe0c98d42f6fad1921607eb5edc33741e7ecc70badbf7e79eae90734e4e7a

Download Submit
C:\Program Files (x86)\BkavHome\SkinResource.dll
Filesize
10.1MB

MD5
b88902b6aa96f8ecf7df82e4eeb739a6

SHA1
ccb958b5c114e4c0ac4ebe18891e9ad59fb6f44f

SHA256
d9f7f807c3626b79a770028205ad0415f0d90d6713327a9062fb52cc05fa171b

SHA512
a8705aa153e62b86f7842e7ad704088069285cec4be22cc2de2353ae9ee51e344a6c29643199c3ce7f1bf415170e1e93617872697cfcbb4316096e79dedcbc29

Download Submit
C:\Program Files (x86)\BkavHome\Temp\HomeVnSetup.exe
Filesize
4.4MB

MD5
827b0b47ceb8433253b5e68b12c0e031

SHA1
43ea8df2f4cb4ce72c4adddf1bbe6c553c3364b2

SHA256
99820a9ddd81b24d2ffed7a7606d0abb8757565116e5473d879211cd34e90e20

SHA512
ff2f3d057d5809016b3e90d20288ab1f38ec0b12314327c5f19cf382cc7fdeb34e2962f8247a29720542e76ed4a8763de4469548751d55d8850f95b921ff5e09

Download Submit
C:\Program Files (x86)\BkavHome\Temp\HomeVnSetup.exe
Filesize
4.4MB

MD5
827b0b47ceb8433253b5e68b12c0e031

SHA1
43ea8df2f4cb4ce72c4adddf1bbe6c553c3364b2

SHA256
99820a9ddd81b24d2ffed7a7606d0abb8757565116e5473d879211cd34e90e20

SHA512
ff2f3d057d5809016b3e90d20288ab1f38ec0b12314327c5f19cf382cc7fdeb34e2962f8247a29720542e76ed4a8763de4469548751d55d8850f95b921ff5e09

Download Submit
C:\Program Files (x86)\BkavHome\WP\OrderTabVn.htm
Filesize
1KB

MD5
c9f00828ac789e7f484f6cd1d70373f0

SHA1
1ccfbaa1d4dfecb1c59218a6cdc01da90e3717be

SHA256
a19b6b8fc114f1cb1ab4b121eaf147e4472870d95411ffc6ce4dfc9ea8c297fd

SHA512
4e735c01028bc1860120de82c392b7bb86720c3b104b9d69fd567f6bf97498945305a45ea22260cd4262a3f42d9bb4172169f03c52e70299d101fd26b5bcdb27

Download Submit
C:\Users\Admin\AppData\Local\Temp\BkavHome2014\BkavHomeSetup.exd
Filesize
97.5MB

MD5
086eba2ea2b4c84eb3e8617206333c15

SHA1
ad6cc1f5b21814e01a845e027af120472157955c

SHA256
de1f66cf1f617a8528a5eff15a30a02c6e0fc3ccc76eeb862abaf6a5366c6fc5

SHA512
923dbc9ad5f232f1316fe26557eb3d7d806d9609b722ca829b6269c01ab39e31d693f4f6ac1b1a9ded57a1d2a077cb8907e4762cc690bd911a52b3faaf80b694

Download Submit
C:\Users\Admin\AppData\Local\Temp\BkavHome2014\BkavHomeSetup.exd
Filesize
97.5MB

MD5
086eba2ea2b4c84eb3e8617206333c15

SHA1
ad6cc1f5b21814e01a845e027af120472157955c

SHA256
de1f66cf1f617a8528a5eff15a30a02c6e0fc3ccc76eeb862abaf6a5366c6fc5

SHA512
923dbc9ad5f232f1316fe26557eb3d7d806d9609b722ca829b6269c01ab39e31d693f4f6ac1b1a9ded57a1d2a077cb8907e4762cc690bd911a52b3faaf80b694

Download Submit
C:\Windows\SysWOW64\BkavService.exe
Filesize
284KB

MD5
a8aa6cb54ef95f2dadf337b5df8def2c

SHA1
33a6be4c5d59289a5d4c102c6323785aecc9b456

SHA256
3df3ae1cbec5f24ed8f73310fd8c9d6992e21e15804ddfc79d41e7fec0826a5f

SHA512
6ebf133f6e0528655bc05ec05ecfcd2862f52655ca55cbe3b228407edd8512915728a18a0b54fbb61ea6ade79ab568d9836dbdc172bc69ac7e90fbcbca769812

Download Submit
C:\Windows\SysWOW64\BkavService.exe
Filesize
284KB

MD5
a8aa6cb54ef95f2dadf337b5df8def2c

SHA1
33a6be4c5d59289a5d4c102c6323785aecc9b456

SHA256
3df3ae1cbec5f24ed8f73310fd8c9d6992e21e15804ddfc79d41e7fec0826a5f

SHA512
6ebf133f6e0528655bc05ec05ecfcd2862f52655ca55cbe3b228407edd8512915728a18a0b54fbb61ea6ade79ab568d9836dbdc172bc69ac7e90fbcbca769812

Download Submit
\??\pipe\bkav_service_pipe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShell64.dll
Filesize
130KB

MD5
849de2625456c01b1c5e9423bff9c4bf

SHA1
5db6bd701791e0bc839ae9ee3f4070f6f3a98880

SHA256
63cfd425ecf7efba03137185f015b3b797b5dd72531cf9378a9b97c1cd753c41

SHA512
f482d85ff84e5ad6cd395845d12eac43d339003c0ee7df11a9e870cbdfa140a45eb5e3f78ed1dec04166a4147dcc54b5010744f2f5bcb343284b85f54799589d

Download Submit
\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll
Filesize
127KB

MD5
3f51a0fadb687ddbaeb5d774ea7c78e5

SHA1
eb3a101aee3a6409fd6ad41ed394c976872328f2

SHA256
fb55b1c99d983a50c8bac4ad513153b9e798124b0c5381138b3edba1d35a40bf

SHA512
24a48a5432052d23d9a6278a5d77e6d1cae70a39aee61e2828528cb0e9a54d3aed2d3b16c0242b2993a909558439a786a17a4120af6cef97011d0b882fc6d920

Download Submit
\Program Files (x86)\Bkav Corporation\HomeVN\BkavUhShellEx64.dll
Filesize
127KB

MD5
3f51a0fadb687ddbaeb5d774ea7c78e5

SHA1
eb3a101aee3a6409fd6ad41ed394c976872328f2

SHA256
fb55b1c99d983a50c8bac4ad513153b9e798124b0c5381138b3edba1d35a40bf

SHA512
24a48a5432052d23d9a6278a5d77e6d1cae70a39aee61e2828528cb0e9a54d3aed2d3b16c0242b2993a909558439a786a17a4120af6cef97011d0b882fc6d920

Download Submit
\Program Files (x86)\BkavHome\BkavContextMenuHandler.dll
Filesize
118KB

MD5
19f79d562875497545654fee142a58e7

SHA1
0f3ec94d55bb6c7562e8b26b53393b45bf56324d

SHA256
e29955605bd14ea4d0a2bb35965ad6d9cec41f1b5d80e3824e332ae8205c2066

SHA512
b8abdf11229bf1281536bc89b2a7f51ac95878bfa886952b2ac15722585fbb22d291a9cca44efdc3f2a04e65e830804061598f916520e9f93858fb5a79764f89

Download Submit
\Program Files (x86)\BkavHome\BkavContextMenuHandler.dll
Filesize
118KB

MD5
19f79d562875497545654fee142a58e7

SHA1
0f3ec94d55bb6c7562e8b26b53393b45bf56324d

SHA256
e29955605bd14ea4d0a2bb35965ad6d9cec41f1b5d80e3824e332ae8205c2066

SHA512
b8abdf11229bf1281536bc89b2a7f51ac95878bfa886952b2ac15722585fbb22d291a9cca44efdc3f2a04e65e830804061598f916520e9f93858fb5a79764f89

Download Submit
\Program Files (x86)\BkavHome\BkavLanguageEn.dll
Filesize
21KB

MD5
01e24029f85e6d8c3d4e0f0881f908dd

SHA1
67e690be62f01f8eac863b439f88365117d07ba1

SHA256
b0c7cfba67024867340e4360c7587f07fa82c64e99d9d19bcf7c5124cb00a7c9

SHA512
d699ab3683ec96dc6045c0edbaf518b07cfcc4650310016af0f79c38faa215b8f3beb06d91257d4db87560317d96bee5d31820ade73d07209ceed4039c925ec1

Download Submit
\Program Files (x86)\BkavHome\BkavLanguageEn.dll
Filesize
21KB

MD5
01e24029f85e6d8c3d4e0f0881f908dd

SHA1
67e690be62f01f8eac863b439f88365117d07ba1

SHA256
b0c7cfba67024867340e4360c7587f07fa82c64e99d9d19bcf7c5124cb00a7c9

SHA512
d699ab3683ec96dc6045c0edbaf518b07cfcc4650310016af0f79c38faa215b8f3beb06d91257d4db87560317d96bee5d31820ade73d07209ceed4039c925ec1

Download Submit
\Program Files (x86)\BkavHome\BkavLanguageVn.dll
Filesize
21KB

MD5
01e4009921321b3c512528196c5df3ff

SHA1
61b7cc9a31c024ad27eda2afa301f97706bd7a37

SHA256
218464d22df4958c3edafe72d2187f99f1e27640fb7dd47fc038038d63888149

SHA512
a23588c0d855d87c304b27b5766f8b42959351ea97b7100fc26dd6417701d2e829162ad1c803716ce5e7da4c59b4b1e01119f30fce1f8ff8d0542a140ee3b45e

Download Submit
\Program Files (x86)\BkavHome\BkavLanguageVn.dll
Filesize
21KB

MD5
01e4009921321b3c512528196c5df3ff

SHA1
61b7cc9a31c024ad27eda2afa301f97706bd7a37

SHA256
218464d22df4958c3edafe72d2187f99f1e27640fb7dd47fc038038d63888149

SHA512
a23588c0d855d87c304b27b5766f8b42959351ea97b7100fc26dd6417701d2e829162ad1c803716ce5e7da4c59b4b1e01119f30fce1f8ff8d0542a140ee3b45e

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll0.dll
Filesize
252KB

MD5
7002284294743dabdf7719ef832bb7fa

SHA1
3ad440f1793f8e56e400602b0c76f66e74fd8854

SHA256
e641050a5f60786cac6703b1750b7d64c61094637d5d50e7319e20046cef498a

SHA512
b5932a5809976b01bb46fe2a942dc52d2d8863b5d637e4a6333dad989a1ae94a308d7e92af0f82e1c7604707b81b963f0dce9eb5141fbe6d3b42c02ec9d40a4b

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll0.dll
Filesize
252KB

MD5
7002284294743dabdf7719ef832bb7fa

SHA1
3ad440f1793f8e56e400602b0c76f66e74fd8854

SHA256
e641050a5f60786cac6703b1750b7d64c61094637d5d50e7319e20046cef498a

SHA512
b5932a5809976b01bb46fe2a942dc52d2d8863b5d637e4a6333dad989a1ae94a308d7e92af0f82e1c7604707b81b963f0dce9eb5141fbe6d3b42c02ec9d40a4b

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll1.dll
Filesize
876KB

MD5
9b264ab97e3682c14d40845571746d1c

SHA1
c5d199533882795232b58d0ceecb4a6275d4b1fd

SHA256
bce140ec0f49ab298da931d7fa9acd0468b7927ee09117b9517204b85d634573

SHA512
30cb06cfa55dfb09ce299f12ccdcc79fc6a959fdc0c8187a1f096c19dc2c4e0eb70c3c1f38b4f86970f6b215d78d04deb7c7646eac0241bf07c12713516389d9

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll1.dll
Filesize
876KB

MD5
9b264ab97e3682c14d40845571746d1c

SHA1
c5d199533882795232b58d0ceecb4a6275d4b1fd

SHA256
bce140ec0f49ab298da931d7fa9acd0468b7927ee09117b9517204b85d634573

SHA512
30cb06cfa55dfb09ce299f12ccdcc79fc6a959fdc0c8187a1f096c19dc2c4e0eb70c3c1f38b4f86970f6b215d78d04deb7c7646eac0241bf07c12713516389d9

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll2.dll
Filesize
108KB

MD5
6df6c10c9c423efc38155d582c088996

SHA1
2be721227feb8cd4bcf1cfb0663877d8ea87acb3

SHA256
f5280affd6b3620b399adcc0a7c484fac26863e55f9f03dafb4beea00692c848

SHA512
05170226e6244083f9789bc7f2d94d65b9e53eec7303ce66a78742e799beaa97148b026106ad4fcf4d8d4cab50fdee88ac060cd77183e41413e6f183e6a55236

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll2.dll
Filesize
108KB

MD5
6df6c10c9c423efc38155d582c088996

SHA1
2be721227feb8cd4bcf1cfb0663877d8ea87acb3

SHA256
f5280affd6b3620b399adcc0a7c484fac26863e55f9f03dafb4beea00692c848

SHA512
05170226e6244083f9789bc7f2d94d65b9e53eec7303ce66a78742e799beaa97148b026106ad4fcf4d8d4cab50fdee88ac060cd77183e41413e6f183e6a55236

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll3.dll
Filesize
7.7MB

MD5
d07f4f229220c9f35da15f05b6faf8e1

SHA1
a603832a0b2dacf52a2d02848b7dad2161e80efc

SHA256
3fa9eb81ba7576d2c4cd255fe1cf3ff4b04830eea95f5fc12e91072497cbd956

SHA512
1e2ad1b257f6cb08df78f3736c551857255ab39eb9435a457caf9c403b9e39605b89eac1e9d1fdc47336cbc58b36ab8d0dadc47648b6a670e586ebf72c4439d4

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll3.dll
Filesize
7.7MB

MD5
d07f4f229220c9f35da15f05b6faf8e1

SHA1
a603832a0b2dacf52a2d02848b7dad2161e80efc

SHA256
3fa9eb81ba7576d2c4cd255fe1cf3ff4b04830eea95f5fc12e91072497cbd956

SHA512
1e2ad1b257f6cb08df78f3736c551857255ab39eb9435a457caf9c403b9e39605b89eac1e9d1fdc47336cbc58b36ab8d0dadc47648b6a670e586ebf72c4439d4

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll4.dll
Filesize
7.8MB

MD5
a88ee26962791122cde47f6cbd0297c9

SHA1
c9612cfd247d64e0b95af29d29ce354ea7d03719

SHA256
be9a4c806366c9a1f155c71b415e842973169da12153d0b7b8d5d054a90063fd

SHA512
480aed21fb48b78d041724f9fe90fc287610e8a43aea19093fd3ba24a601803669480beb46977ca149e9f3b655b4445f6719ae6f2ce2e29979a9547a9abf1133

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll4.dll
Filesize
7.8MB

MD5
a88ee26962791122cde47f6cbd0297c9

SHA1
c9612cfd247d64e0b95af29d29ce354ea7d03719

SHA256
be9a4c806366c9a1f155c71b415e842973169da12153d0b7b8d5d054a90063fd

SHA512
480aed21fb48b78d041724f9fe90fc287610e8a43aea19093fd3ba24a601803669480beb46977ca149e9f3b655b4445f6719ae6f2ce2e29979a9547a9abf1133

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll5.dll
Filesize
9.1MB

MD5
02f23c37541e40fe626bcd574d38ac1a

SHA1
bc99b33f08f79aa9d65efe6badbe1fdd5f60534d

SHA256
0773731226035dae5d1254cb99fc28e84bd2b8b56fe7c5a23c55e6be3873f658

SHA512
df1afb3784dbeeb926db7f427aae856ebd38b10b2c16fe014162956210a57f2f06d0d5346bbfe456288c00dc8840feedd5d9ba227fc6333bfdcac9d5c0eeb2dd

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll5.dll
Filesize
9.1MB

MD5
02f23c37541e40fe626bcd574d38ac1a

SHA1
bc99b33f08f79aa9d65efe6badbe1fdd5f60534d

SHA256
0773731226035dae5d1254cb99fc28e84bd2b8b56fe7c5a23c55e6be3873f658

SHA512
df1afb3784dbeeb926db7f427aae856ebd38b10b2c16fe014162956210a57f2f06d0d5346bbfe456288c00dc8840feedd5d9ba227fc6333bfdcac9d5c0eeb2dd

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll6.dll
Filesize
5.1MB

MD5
18d2e4c2afe7200cbaa6030006f400b4

SHA1
03054af951a382794562fe61ed67e1eb8ca9ae9b

SHA256
bc794c08b5f406b4d426054d2c294a5a7e2b966302d2b3f66f2e2bfac6d28212

SHA512
2a88081f44bb8732c0f0e019828269bf1b01ecc30bc933924af33fdd008f1afba1f1124df593b46783e1004c169342b724acfac2650a3f4e93461eb3403462c7

Download Submit
\Program Files (x86)\BkavHome\BkavScanDll6.dll
Filesize
5.1MB

MD5
18d2e4c2afe7200cbaa6030006f400b4

SHA1
03054af951a382794562fe61ed67e1eb8ca9ae9b

SHA256
bc794c08b5f406b4d426054d2c294a5a7e2b966302d2b3f66f2e2bfac6d28212

SHA512
2a88081f44bb8732c0f0e019828269bf1b01ecc30bc933924af33fdd008f1afba1f1124df593b46783e1004c169342b724acfac2650a3f4e93461eb3403462c7

Download Submit
\Program Files (x86)\BkavHome\BkavSkin.dll
Filesize
1.7MB

MD5
77018cc51a7fe24742629a9a81835a18

SHA1
3275d59cc0c0fde2b452684d46f1a62cfca4cfb4

SHA256
6bc4359b340a63146b9f3dd77e369f707b9bc7e8fb21c51708fe8d27e529779b

SHA512
814558012d4c66dc07c7328e096edcbb28dd2301508c1543903f2c5670def61cab9ce49b6d199ff0aa723056cb7fdbb018a2f7e27a4d61244d642d231a749992

Download Submit
\Program Files (x86)\BkavHome\BkavSkinManager.dll
Filesize
140KB

MD5
078aebbc7b3d1eeeb4fe9acb11448be4

SHA1
d826605fcacafb8959480326bcd5a39a3de251f3

SHA256
873821d9661d431783822aad684996f6d77345fefe684d2657bd94b34a5851b9

SHA512
7521735956deb67ecef0c52e088157afefecaca94af34924da4485593043b2454e9541a50fb7526902eb56bc77763d08606bb168f7fb48c683836b267f75b571

Download Submit
\Program Files (x86)\BkavHome\CoreLib.dll
Filesize
81KB

MD5
8053f8edfe1401f56bfc6e8e5fae55b8

SHA1
240a5aba6bef8e33834de32a6b52547fb771cf78

SHA256
b354dc0f47a0ffb7abcdecf0fded8971204985497fbd0b17aacd5c3a9033d34e

SHA512
48b7edbcfbc815e369984461fdb66b3457d176cb597231fa9d53ce29755d768d7e6ae897b379ca631d10cc9857ef49a4cc2df627e34fcbfb1e8fa9184187fc5f

Download Submit
\Program Files (x86)\BkavHome\CoreLib.dll
Filesize
81KB

MD5
8053f8edfe1401f56bfc6e8e5fae55b8

SHA1
240a5aba6bef8e33834de32a6b52547fb771cf78

SHA256
b354dc0f47a0ffb7abcdecf0fded8971204985497fbd0b17aacd5c3a9033d34e

SHA512
48b7edbcfbc815e369984461fdb66b3457d176cb597231fa9d53ce29755d768d7e6ae897b379ca631d10cc9857ef49a4cc2df627e34fcbfb1e8fa9184187fc5f

Download Submit
memory/4284-261-0x0000000004030000-0x0000000004954000-memory.dmp

Filesize
9.1MB

Download
memory/4284-255-0x0000000003860000-0x000000000402B000-memory.dmp

Filesize
7.8MB

Download
memory/4284-250-0x00000000030A0000-0x0000000003854000-memory.dmp

Filesize
7.7MB

Download
memory/4284-494-0x00000000026B0000-0x00000000026F2000-memory.dmp

Filesize
264KB

Download
memory/4284-496-0x0000000002700000-0x00000000027DD000-memory.dmp

Filesize
884KB

Download
memory/4284-498-0x0000000002490000-0x00000000024AD000-memory.dmp

Filesize
116KB

Download
memory/4284-502-0x00000000038B0000-0x0000000004064000-memory.dmp

Filesize
7.7MB

Download
memory/4284-505-0x0000000004070000-0x000000000483B000-memory.dmp

Filesize
7.8MB

Download
memory/4284-506-0x0000000005270000-0x0000000005B94000-memory.dmp

Filesize
9.1MB

Download
memory/4284-511-0x0000000004840000-0x0000000004D4C000-memory.dmp

Filesize
5.0MB

Download
memory/4284-726-0x00000000026F0000-0x0000000002732000-memory.dmp

Filesize
264KB

Download
memory/4284-728-0x0000000002ED0000-0x0000000002FAD000-memory.dmp

Filesize
884KB

Download
memory/4284-730-0x0000000001550000-0x000000000156D000-memory.dmp

Filesize
116KB

Download
memory/4284-731-0x0000000003FD0000-0x0000000004784000-memory.dmp

Filesize
7.7MB

Download
memory/4284-736-0x0000000005270000-0x0000000005A3B000-memory.dmp

Filesize
7.8MB

Download
memory/4284-738-0x0000000005CA0000-0x00000000065C4000-memory.dmp

Filesize
9.1MB

Download
memory/4284-740-0x0000000004790000-0x0000000004C9C000-memory.dmp

Filesize
5.0MB

Download
memory/4284-243-0x0000000002200000-0x000000000221D000-memory.dmp

Filesize
116KB

Download
memory/4284-267-0x0000000004960000-0x0000000004E6C000-memory.dmp

Filesize
5.0MB

Download
memory/4284-232-0x00000000020D0000-0x0000000002112000-memory.dmp

Filesize
264KB

Download
memory/4284-237-0x0000000002120000-0x00000000021FD000-memory.dmp

Filesize
884KB

Download