4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee

max time kernel
150s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20231128-en
resource tags

arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system
submitted
13/12/2023, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_secure_browser_setup.exe
Size

5.8MB
MD5

3ad1c03d333da86a47884f01b8ae7664
SHA1

9feb944a823a0374f6db7bfd5abf78b494e49782
SHA256

4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee
SHA512

121c6bd0150ecde57e379a62a19583c1412cd6f411ef46533a3d3241c59613905e56ae58943bc685ba7f892bbf37018ec34d3e6f6fdb36efd39220b2db60cb1f
SSDEEP

98304:R8PxEloFJNcSmf0UH/Z10hTSYPHnyJLhNr1/K9O6oTCA+iGGps74a4:RSvFJyBsucZ74hNxKDiG/4a

Score

8^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 21 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\StubPath = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Version = "43,0,0,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Localized Name = "Avast Secure Browser"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Localized Name = "Avast Secure Browser"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Localized Name = "Avast Secure Browser"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\ = "Avast Secure Browser"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\ = "Avast Secure Browser"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\StubPath = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\StubPath = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Version = "43,0,0,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\ = "Avast Secure Browser"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}\IsInstalled = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe	AvastBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe\DisableExceptionChainValidation = "0"	AvastBrowserUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ajA645.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ajA645.exe

Executes dropped EXE 36 IoCs

pid	Process
360	ajA645.exe
1736	AvastBrowserUpdateSetup.exe
4968	AvastBrowserUpdate.exe
3560	AvastBrowserUpdate.exe
3336	AvastBrowserUpdate.exe
3044	AvastBrowserUpdateComRegisterShell64.exe
4780	AvastBrowserUpdateComRegisterShell64.exe
2396	AvastBrowserUpdateComRegisterShell64.exe
3004	AvastBrowserUpdate.exe
2288	AvastBrowserUpdate.exe
3136	AvastBrowserUpdate.exe
4268	AvastBrowserInstaller.exe
3548	setup.exe
2648	setup.exe
5052	AvastBrowserCrashHandler.exe
4976	AvastBrowserCrashHandler64.exe
2200	AvastBrowserUpdateSetup.exe
1336	AvastBrowserUpdate.exe
1672	AvastBrowserUpdate.exe
1316	AvastBrowserUpdate.exe
2492	AvastBrowserUpdate.exe
2372	AvastBrowserUpdate.exe
3684	AvastBrowserInstaller.exe
2760	setup.exe
2404	setup.exe
4956	AvastBrowserCrashHandler.exe
2456	AvastBrowserCrashHandler64.exe
3280	AvastBrowserUpdateSetup.exe
4260	AvastBrowserUpdate.exe
3264	AvastBrowserUpdate.exe
4396	AvastBrowserUpdate.exe
3328	AvastBrowserUpdate.exe
752	AvastBrowserUpdate.exe
336	AvastBrowserInstaller.exe
3968	setup.exe
1344	setup.exe

Loads dropped DLL 49 IoCs

pid	Process
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
360	ajA645.exe
4968	AvastBrowserUpdate.exe
3560	AvastBrowserUpdate.exe
3336	AvastBrowserUpdate.exe
3044	AvastBrowserUpdateComRegisterShell64.exe
3336	AvastBrowserUpdate.exe
4780	AvastBrowserUpdateComRegisterShell64.exe
3336	AvastBrowserUpdate.exe
2396	AvastBrowserUpdateComRegisterShell64.exe
3336	AvastBrowserUpdate.exe
4968	AvastBrowserUpdate.exe
4968	AvastBrowserUpdate.exe
3004	AvastBrowserUpdate.exe
2288	AvastBrowserUpdate.exe
3136	AvastBrowserUpdate.exe
3136	AvastBrowserUpdate.exe
2288	AvastBrowserUpdate.exe
3136	AvastBrowserUpdate.exe
1336	AvastBrowserUpdate.exe
1672	AvastBrowserUpdate.exe
1336	AvastBrowserUpdate.exe
1316	AvastBrowserUpdate.exe
2492	AvastBrowserUpdate.exe
2372	AvastBrowserUpdate.exe
2372	AvastBrowserUpdate.exe
2492	AvastBrowserUpdate.exe
2372	AvastBrowserUpdate.exe
4260	AvastBrowserUpdate.exe
3264	AvastBrowserUpdate.exe
4260	AvastBrowserUpdate.exe
4396	AvastBrowserUpdate.exe
3328	AvastBrowserUpdate.exe
752	AvastBrowserUpdate.exe
752	AvastBrowserUpdate.exe
3328	AvastBrowserUpdate.exe
752	AvastBrowserUpdate.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 31 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32\ = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\120.0.23397.71\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32\ThreadingModel = "Both"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32\ = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\psmachine_64.dll"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\LocalServer32	setup.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	ajA645.exe
Key opened	\REGISTRY\USER\S-1-5-21-3101619610-3579357151-2691346733-1000\SOFTWARE\AVAST Software\Avast	ajA645.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	avast_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-3101619610-3579357151-2691346733-1000\SOFTWARE\AVAST Software\Avast	avast_secure_browser_setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	ajA645.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AvastBrowserUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\browser_proxy.exe	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\GUMDA14.tmp\psmachine_64.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUMDA14.tmp\goopdateres_is.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdateSetup.exe	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_lv.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\dxil.dll	setup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdate.exe	AvastBrowserUpdate.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_es-419.dll	AvastBrowserUpdate.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\goopdateres_ml.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\de.pak	setup.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\goopdateres_fr.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\ko.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\lt.pak	setup.exe
File created	C:\Program Files (x86)\GUMDA14.tmp\goopdateres_pt-BR.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_ar.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\resources.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\AvastBrowserQHelper.exe	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\sl.pak	setup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_mr.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\gu.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\AvastBrowser.exe	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_bg.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\cs.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\fi.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\initial_preferences	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\nl.pak	setup.exe
File created	C:\Program Files (x86)\GUMBD6F.tmp\goopdateres_cs.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\goopdateres_en.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\Locales\zh-TW.pak	setup.exe
File opened for modification	C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\setup.exe	AvastBrowserInstaller.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\psmachine.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_pt-PT.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\ffmpeg.dll	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\it.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Application\120.0.23397.71\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\npAvastBrowserUpdate3.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUMBD6F.tmp\goopdateres_th.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\fi.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\gu.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\secure.7z	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\eventlog_provider.dll	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\hi.pak	setup.exe
File created	C:\Program Files (x86)\GUMBD6F.tmp\goopdateres_de.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUMBD6F.tmp\goopdateres_sl.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\bn.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files\AVAST Software\Browser\Application\initial_preferences	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3968_1729846166\Safer-bin\120.0.23397.71\chrome.dll.sig	setup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_fil.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\es.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\lt.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\Locales\nb.pak	setup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\ko.pak	setup.exe
File created	C:\Program Files (x86)\GUMBD6F.tmp\AvastBrowserUpdateCore.exe	AvastBrowserUpdateSetup.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\120.0.23397.71\Locales\th.pak	setup.exe
File created	C:\Program Files (x86)\GUM5B84.tmp\psmachine_64.dll	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdateHelper.msi	AvastBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\goopdateres_hr.dll	AvastBrowserUpdate.exe
File created	C:\Program Files\AVAST Software\Browser\Temp\source3548_268731673\Safer-bin\120.0.23397.71\config.def	setup.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	ajA645.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	ajA645.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\Policy = "3"	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\AppName = "AvastBrowserUpdateWebPlugin.exe"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\AppPath = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4"	AvastBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}\Policy = "3"	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\AppName = "AvastBrowserUpdateBroker.exe"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}\AppPath = "C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4"	AvastBrowserUpdate.exe

Modifies data under HKEY_USERS 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69"	AvastBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVAST Software	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\endpoint = "update.avastbrowser.com"	AvastBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser	AvastBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update	AvastBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\devmode = "0"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\hostprefix = "beta-"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\MachineIdDate = "20231213"	AvastBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVAST Software\Browser\Update\	AvastBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	AvastBrowserUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DD8E03F-6BE1-41E2-B931-A37C7D1C0317}\ = "ICredentialDialog"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.ProcessLauncher\CLSID	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}\ = "Avast Browser Plugin"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ = "IBrowserHttpRequest2"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ = "ICoCreateAsyncStatus"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods\ = "12"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachine\CurVer\ = "AvastUpdate.OnDemandCOMClassMachine.1.0"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\AvastHTML	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ = "IProcessLauncher2"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}\TypeLib\ = "{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.CoreClass	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachineFallback\ = "Google Update Legacy On Demand"	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ACFD3680-431F-4780-AACB-75739A1CD788}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods\ = "4"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}	AvastBrowserUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}\InprocServer32	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2}\LocalService = "AvastSecureBrowserElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}\ = "Interface {CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods\ = "9"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassSvc\CurVer\ = "AvastUpdate.OnDemandCOMClassSvc.1.0"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D2A777F-793D-3683-8D01-62DB24DAC371}\AppID = "{5AB71627-A1C4-35E8-975E-327931339608}"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher"	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32\ = "{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6399AFB-987A-3571-BBAD-C388F0879754}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\1.8.1631.4\\goopdate.dll,-1004"	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ProxyStubClsid32	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\NumMethods\ = "5"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods\ = "4"	AvastBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebMachineFallback\ = "GoogleUpdate Update3Web"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastQH\shell\open\command\ = "\"C:\\Program Files\\AVAST Software\\Browser\\Application\\AvastBrowserQHelper.exe\" %1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods\ = "6"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastUpdate.CoCreateAsync\ = "CoCreateAsync"	AvastBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ = "IProcessLauncher2"	AvastBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\NumMethods\ = "5"	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\NumMethods	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AvastQH\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A6CE939-10CE-42FC-BDEF-A77E6DEB610F}\InProcServer32	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}	AvastBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6399AFB-987A-3571-BBAD-C388F0879754}\LocalServer32	AvastBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AvastQH\Capabilities\URLAssociations	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods\ = "4"	AvastBrowserUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe
4092	avast_secure_browser_setup.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	4968	AvastBrowserUpdate.exe
Token: SeDebugPrivilege	4968	AvastBrowserUpdate.exe
Token: SeDebugPrivilege	4968	AvastBrowserUpdate.exe
Token: 33	4268	AvastBrowserInstaller.exe
Token: SeIncBasePriorityPrivilege	4268	AvastBrowserInstaller.exe
Token: SeDebugPrivilege	4968	AvastBrowserUpdate.exe
Token: 33	3684	AvastBrowserInstaller.exe
Token: SeIncBasePriorityPrivilege	3684	AvastBrowserInstaller.exe
Token: SeDebugPrivilege	1336	AvastBrowserUpdate.exe
Token: 33	336	AvastBrowserInstaller.exe
Token: SeIncBasePriorityPrivilege	336	AvastBrowserInstaller.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4092	avast_secure_browser_setup.exe
360	ajA645.exe
5032	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 360	4092	avast_secure_browser_setup.exe	81
PID 4092 wrote to memory of 360	4092	avast_secure_browser_setup.exe	81
PID 4092 wrote to memory of 360	4092	avast_secure_browser_setup.exe	81
PID 360 wrote to memory of 1736	360	ajA645.exe	82
PID 360 wrote to memory of 1736	360	ajA645.exe	82
PID 360 wrote to memory of 1736	360	ajA645.exe	82
PID 1736 wrote to memory of 4968	1736	AvastBrowserUpdateSetup.exe	83
PID 1736 wrote to memory of 4968	1736	AvastBrowserUpdateSetup.exe	83
PID 1736 wrote to memory of 4968	1736	AvastBrowserUpdateSetup.exe	83
PID 4968 wrote to memory of 3560	4968	AvastBrowserUpdate.exe	84
PID 4968 wrote to memory of 3560	4968	AvastBrowserUpdate.exe	84
PID 4968 wrote to memory of 3560	4968	AvastBrowserUpdate.exe	84
PID 4968 wrote to memory of 3336	4968	AvastBrowserUpdate.exe	85
PID 4968 wrote to memory of 3336	4968	AvastBrowserUpdate.exe	85
PID 4968 wrote to memory of 3336	4968	AvastBrowserUpdate.exe	85
PID 3336 wrote to memory of 3044	3336	AvastBrowserUpdate.exe	86
PID 3336 wrote to memory of 3044	3336	AvastBrowserUpdate.exe	86
PID 3336 wrote to memory of 4780	3336	AvastBrowserUpdate.exe	87
PID 3336 wrote to memory of 4780	3336	AvastBrowserUpdate.exe	87
PID 3336 wrote to memory of 2396	3336	AvastBrowserUpdate.exe	88
PID 3336 wrote to memory of 2396	3336	AvastBrowserUpdate.exe	88
PID 4968 wrote to memory of 3004	4968	AvastBrowserUpdate.exe	89
PID 4968 wrote to memory of 3004	4968	AvastBrowserUpdate.exe	89
PID 4968 wrote to memory of 3004	4968	AvastBrowserUpdate.exe	89
PID 4968 wrote to memory of 2288	4968	AvastBrowserUpdate.exe	90
PID 4968 wrote to memory of 2288	4968	AvastBrowserUpdate.exe	90
PID 4968 wrote to memory of 2288	4968	AvastBrowserUpdate.exe	90
PID 3136 wrote to memory of 4268	3136	AvastBrowserUpdate.exe	92
PID 3136 wrote to memory of 4268	3136	AvastBrowserUpdate.exe	92
PID 4268 wrote to memory of 3548	4268	AvastBrowserInstaller.exe	93
PID 4268 wrote to memory of 3548	4268	AvastBrowserInstaller.exe	93
PID 3548 wrote to memory of 2648	3548	setup.exe	94
PID 3548 wrote to memory of 2648	3548	setup.exe	94
PID 3136 wrote to memory of 5052	3136	AvastBrowserUpdate.exe	97
PID 3136 wrote to memory of 5052	3136	AvastBrowserUpdate.exe	97
PID 3136 wrote to memory of 5052	3136	AvastBrowserUpdate.exe	97
PID 3136 wrote to memory of 4976	3136	AvastBrowserUpdate.exe	96
PID 3136 wrote to memory of 4976	3136	AvastBrowserUpdate.exe	96
PID 360 wrote to memory of 2200	360	ajA645.exe	98
PID 360 wrote to memory of 2200	360	ajA645.exe	98
PID 360 wrote to memory of 2200	360	ajA645.exe	98
PID 2200 wrote to memory of 1336	2200	AvastBrowserUpdateSetup.exe	99
PID 2200 wrote to memory of 1336	2200	AvastBrowserUpdateSetup.exe	99
PID 2200 wrote to memory of 1336	2200	AvastBrowserUpdateSetup.exe	99
PID 1336 wrote to memory of 1672	1336	AvastBrowserUpdate.exe	100
PID 1336 wrote to memory of 1672	1336	AvastBrowserUpdate.exe	100
PID 1336 wrote to memory of 1672	1336	AvastBrowserUpdate.exe	100
PID 1336 wrote to memory of 1316	1336	AvastBrowserUpdate.exe	101
PID 1336 wrote to memory of 1316	1336	AvastBrowserUpdate.exe	101
PID 1336 wrote to memory of 1316	1336	AvastBrowserUpdate.exe	101
PID 1336 wrote to memory of 2492	1336	AvastBrowserUpdate.exe	102
PID 1336 wrote to memory of 2492	1336	AvastBrowserUpdate.exe	102
PID 1336 wrote to memory of 2492	1336	AvastBrowserUpdate.exe	102
PID 2372 wrote to memory of 3684	2372	AvastBrowserUpdate.exe	104
PID 2372 wrote to memory of 3684	2372	AvastBrowserUpdate.exe	104
PID 3684 wrote to memory of 2760	3684	AvastBrowserInstaller.exe	105
PID 3684 wrote to memory of 2760	3684	AvastBrowserInstaller.exe	105
PID 2760 wrote to memory of 2404	2760	setup.exe	106
PID 2760 wrote to memory of 2404	2760	setup.exe	106
PID 2372 wrote to memory of 4956	2372	AvastBrowserUpdate.exe	107
PID 2372 wrote to memory of 4956	2372	AvastBrowserUpdate.exe	107
PID 2372 wrote to memory of 4956	2372	AvastBrowserUpdate.exe	107
PID 2372 wrote to memory of 2456	2372	AvastBrowserUpdate.exe	108
PID 2372 wrote to memory of 2456	2372	AvastBrowserUpdate.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\avast_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avast_secure_browser_setup.exe"
1⤵
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Users\Admin\AppData\Local\Temp\ajA645.exe
  "C:\Users\Admin\AppData\Local\Temp\ajA645.exe" /relaunch=8 /was_elevated=1 /tagdata
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:360
- - C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\AvastBrowserUpdateSetup.exe
    AvastBrowserUpdateSetup.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta-"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdate.exe
      "C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta-"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Drops file in Program Files directory
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4968
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3560
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3336
      - C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3044
      - C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4780
      - C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2396
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTYzMS40IiBzaGVsbF92ZXJzaW9uPSIxLjguMTYzMS40IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0EzMzQxNzQ4LTY1RTAtNDg5NS1CREIxLUExQUIzNjJDRDYyN30iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9InsyRDJCN0E0RS1GMTAzLTRBMkEtODA3NC1DN0NFQjJEQjREM0Z9IiB1c2VyaWRfZGF0ZT0iMjAyMzEyMTMiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMTIxMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5NTEyMTY4NC1GRTQxLTQ3ODQtQjkxRC04NkU2OTdGMzUyNTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NkQzN0M3NjAtOEZFRC00OEE1LUE0QTQtQ0VDMDk1QjJEOEREfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2MzEuNCIgbGFuZz0iZW4tVVMiIGJyYW5kPSI5OTk4IiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMzc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3004
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /handoff "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta-" /installsource otherinstallcmd /sessionid "{A3341748-65E0-4895-BDB1-A1AB362CD627}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2288
- - C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\AvastBrowserUpdateSetup.exe
    AvastBrowserUpdateSetup.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta2-"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2200
  - - C:\Program Files (x86)\GUMBD6F.tmp\AvastBrowserUpdate.exe
      "C:\Program Files (x86)\GUMBD6F.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta2-"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1336
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /healthcheck
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1672
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTYzMS40IiBzaGVsbF92ZXJzaW9uPSIxLjguMTYzMS40IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0UyRUQ2MzU0LTgxNkItNEFFMS05NDdELTQyQzhFNzNFNTYwQ30iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Int7MkQyQjdBNC1FLUYxLTAzLTQtQTJBLS04MDc0LUM3Q0VCMkR9IiB1c2VyaWRfZGF0ZT0iMjAyMzEyMTMiIG1hY2hpbmVpZD0ie3swMDAwNThELTQtQjItN0EtMC0xMkItLTlFM0UtNDU0MTQ3MX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMTIxMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsxNEZGNjA2OS1CNUJGLTREMEQtOURGRi0yMjZEOUVBODI0ODV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NkQzN0M3NjAtOEZFRC00OEE1LUE0QTQtQ0VDMDk1QjJEOEREfSIgdmVyc2lvbj0iMS44LjE2MzEuNCIgbmV4dHZlcnNpb249IjEuOC4xNjMxLjQiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTk5OCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTcyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1316
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /handoff "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta2-" /installsource otherinstallcmd /sessionid "{E2ED6354-816B-4AE1-947D-42C8E73E560C}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2492
- - C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\AvastBrowserUpdateSetup.exe
    AvastBrowserUpdateSetup.exe /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta3-"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:3280
  - - C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdate.exe
      "C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdate.exe" /silent /install "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta3-"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      PID:4260
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /healthcheck
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3264
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezZEMzdDNzYwLThGRUQtNDhBNS1BNEE0LUNFQzA5NUIyRDhERH0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTYzMS40IiBzaGVsbF92ZXJzaW9uPSIxLjguMTYzMS40IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezMxODJBMzg1LTE3QzItNEU0NC1CNzU2LUZFM0NCQzgxRDJEM30iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Int7MkQyQjdBNC1FLUYxLTAzLTQtQTJBLS04MDc0LUM3Q0VCMkR9IiB1c2VyaWRfZGF0ZT0iMjAyMzEyMTMiIG1hY2hpbmVpZD0ie3swMDAwNThELTQtQjItN0EtMC0xMkItLTlFM0UtNDU0MTQ3MX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMTIxMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins0NDY4NTFDRC01N0Q5LTRCODEtODkwMy0yNzY0NDA5MDVCMTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NkQzN0M3NjAtOEZFRC00OEE1LUE0QTQtQ0VDMDk1QjJEOEREfSIgdmVyc2lvbj0iMS44LjE2MzEuNCIgbmV4dHZlcnNpb249IjEuOC4xNjMxLjQiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTk5OCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4396
    - - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /handoff "bundlename=Avast Secure Browser&appguid={A8504530-742B-42BC-895D-2BAD6406F698}&appname=Avast Secure Browser&needsadmin=true&lang=en-US&brand=9998&installargs=--no-create-user-shortcuts --host-prefix%3Dbeta- --reset-default-win10 --auto-import-data%3Dsafezone&hostprefix=beta3-" /installsource otherinstallcmd /sessionid "{3182A385-17C2-4E44-B756-FE3CBC81D2D3}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3328

C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\AvastBrowserInstaller.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4268
- - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\CR_753E7.tmp\setup.exe
    "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\CR_753E7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\CR_753E7.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3548
  - - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\CR_753E7.tmp\setup.exe
      "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{A5024ABD-894D-403E-906F-35A32CE3F5C1}\CR_753E7.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=120.0.23397.71 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6e3cd8f00,0x7ff6e3cd8f0c,0x7ff6e3cd8f18
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2648
- C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"
  2⤵
  - Executes dropped EXE
  PID:5052

C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\AvastBrowserInstaller.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\setup.exe
    "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\setup.exe
      "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=120.0.23397.71 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff796668f00,0x7ff796668f0c,0x7ff796668f18
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2404
- C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler.exe"
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\AvastBrowserCrashHandler64.exe"
  2⤵
  - Executes dropped EXE
  PID:2456

C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
"C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:752
- C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\AvastBrowserInstaller.exe
  "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\AvastBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:336
- - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\setup.exe
    "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --host-prefix=beta- --show-developer-mode --suppress-first-run-bubbles --adblock-mode-default=2 --default-search-id=3 --default-search=bing.com --no-create-user-shortcuts --host-prefix=beta- --reset-default-win10 --auto-import-data=safezone --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:3968
  - - C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\setup.exe
      "C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{364EF3D0-FBF7-487C-AD66-F4C98C4D04C7}\CR_8CBDE.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=Avast --annotation=ver=120.0.23397.71 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6f6ad8f00,0x7ff6f6ad8f0c,0x7ff6f6ad8f18
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1344

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AVAST Software\Browser\Update\Download\{A8504530-742B-42BC-895D-2BAD6406F698}\120.0.23397.71\AvastBrowserInstaller.exe

Filesize
15.6MB

MD5
590c85f890069a433bca36d72c197b11

SHA1
a55b76327146a8c1dae93fe3e981a1fc598049c5

SHA256
7a5d93691942bbbf9162875dcafb902f8e8ff0085ac465f2e6f8dc9d20030e5d

SHA512
8d07dcac637af6aa5291aadb65ad0cbfcb97a9fc4069a3f5ca829de1ad17643fbad98d2699207309eeccc0ea8eafd6f50a05fccfb87831912c1c4716eebfba33

Download Submit
C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{E3488B18-61D2-4339-805A-B99B7B40281D}\CR_365E9.tmp\SETUP.EX_

Filesize
1.6MB

MD5
5f5e537607c12e50858201b953550601

SHA1
572ae38c3b0842d8853bb90733608204ca8e62d2

SHA256
7b2bcfc0a452d675c51664e2548c17daa2d3ca13055af0efdf1b590ce47f8d10

SHA512
9983efe418da2dbfe7087d2022187d21578ebb31921dfd32a661220790d1764a88e45751146c70977212bcd97f1a36a1eaf71e647796c495be9bb3af7b2f4f8a

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\@PaxHeader

Filesize
28B

MD5
70ca6769bab47a6cf9b3dd16f920af11

SHA1
943f5aed39490e418bb55819673dd07f404b9473

SHA256
ae35a7c892daa61081cebd90beac73cd89405537fc4f1bc480bd341e1265de51

SHA512
b3d24a4eec0d110aa7a5b7622b16f2b264a8a4a15b217d525c2c5a59750633e28ceb499e1d8b32b72d6164a1b3fce4beb23340fca47043198e5dfc17e4a280e7

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\@PaxHeader

Filesize
28B

MD5
8730dcc07715231472fab2b85eb66494

SHA1
abf2c4faecd86ae788eaa0d912a0d6b6fcd1a9df

SHA256
089784a82ba0ffdd71bdacebbf8ca45824bf3c7fd8d0a39d6f1b176cb01aec84

SHA512
eae97e2a088be40b7cd78de4d4df28294e15253d8bc42dd21663bb0e9fd74f14becc2d233491397e1bd93f61eaacac5bcf2fbfc9d0819e83cdca8e612d7fceaa

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdateBroker.exe

Filesize
133KB

MD5
b71d40e61bec03b1f51e9dd71517cf5c

SHA1
95781fc1486d6650a6260f2e446f81e6d3facdb2

SHA256
b5babe7d9df67f9726d9d4a852c19531ebbf9b8b13a663f650f1b514e6242aa7

SHA512
e6e6e02cc660249f567a3585b597b222b3f958af7bb96ab09cd87b43415499a42983209e4a047da5b3e937ca72a15d6a08ebf1f15e3791e25efa6dcebe7a7ad9

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdateHelper.msi

Filesize
32KB

MD5
ef1c6be2e8262f676dbf8609e5a2704a

SHA1
fe2c19a070749465b5e1bb2d3c14af29004cf34b

SHA256
283626acb52e60c9b06d2a5c1a115c2c07dec6ad3fa6eab4f0f243c5287e3018

SHA512
f87396d25add33d31ae3524f98f219df097ebef50e0c17611c88a041eb39f737895144173783d017a5afd5a53e151771516e12f15c0367517911528e2d8df399

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdateOnDemand.exe

Filesize
133KB

MD5
7b6a90e2cc203c000ad2983aac8b794e

SHA1
1aae520ed7c3acaf23465f2f18a9cde0511067c4

SHA256
1a67d3251d74a466bbfe1d3fa267bcc0b8c3d559aa5d83afe43526a6aaddb523

SHA512
0612da81f5d51b5e2e0751d09ff0744d3626857da72dac3454deae3e1b0563c887af4c12e8ba017542953268236103c635cc488b3b88fe8aa989f4338abc8de4

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\AvastBrowserUpdateWebPlugin.exe

Filesize
133KB

MD5
8ffb8adbb98103cd1b7ce13b6f4ebe42

SHA1
6a40d82dd65b057ffb7e28ec4fc6264494909567

SHA256
77c8d226a2a9ac5061172a56bfad8f15e5c9be6820c0bf903589482182fc2f03

SHA512
28c6ae7dc6f6d3a7b74275b9ca211ab468ab5e55e422572d63f5af6c748f80e39620514f487c63d81620e48174f92f25ed8ded704e9c3069d43eb52a777e83f6

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\acuapi.dll

Filesize
548KB

MD5
404e4d90b89b703bcab6feb408c5ef5c

SHA1
cce042d6a5b3827e13f449b5ae97a2581284e20f

SHA256
62df2e8bd1a1d7effdf493d3e5b9da0845cdcf07adb75fad8a8a294fac3a864a

SHA512
2272e682d7ab5e1554a09739aaaf05519e11ae39ba2cba986af1ec2583347270f53c84123e4307c309d7e119e31b01cf9d1305b23dcfe0c1558bb134c295ebb8

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\acuapi_64.dll

Filesize
702KB

MD5
af5461e77f13f7ea89c7a9964398e499

SHA1
e753577ce23003e58942f8a33a02304adef1dd5d

SHA256
19a74fe6c8b692ec446a394e627501dfbb7ee7ef6902090003a50db44ac379b9

SHA512
fb8d39e486a2bc57119e8239cbeecfaddedb334228b416a9db720c7586ddf3956f8b8216efd17a7906b8424989069903b1aaaa7420ed8ef1fda69541273bec5c

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_pt-BR.dll

Filesize
43KB

MD5
33b5ae1c0471047e007726d4e45ea49b

SHA1
96a478710264ce0026f0f97e7a4092a2be2edf1c

SHA256
9c64e8acbe393b33b4b71e4beb1c21c0fcaceb949b12780a6f58a87162852aaa

SHA512
5be4e9fcc0bd2063afd7807fba6bfd47fe351928e063a097197421d69236ab8faff0090c0c41d0892e515aadb0b6425f684696daf20f13c0791175c0965254e3

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_pt-PT.dll

Filesize
44KB

MD5
773f1136286469b2d54844f2b3e3f947

SHA1
ea1dd7233bc230f29fe48b5581cad9023b6b9bc4

SHA256
1651f05e3c9a3de55ec14308d23709c7b58367993be613d17af3ce6c984f8ce2

SHA512
7ab0dfc9fa3d0fcb89b4d998a918eba3614008e6181990c7522eac6567285e8af782940328a96d30404f5be567a095b90c9b06c5e8f274037abf4a111a5c32b1

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_ro.dll

Filesize
44KB

MD5
7a35c6e34c568545625beb4e83b55873

SHA1
9572b108d278ca8854bdb70bdfeffb3a10ec6fd9

SHA256
12107bdb5dbda8a0ce8f02a5da4dd0ca223ee5d2b5387dca628c02470a91622d

SHA512
74851c942af33223a4c9ab3475fafd9295886c59170f646b2ff131fea0da4ef09605c4c589d3f5accc33b7ecea1b82081e7b69e2d3c963215d5ea54d3e7d9093

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_ru.dll

Filesize
43KB

MD5
6060bcb4edb2a0540c8e6237fc507070

SHA1
2c48b1094b04c446b9e2e6526e08b96f361a507e

SHA256
e9cd997b8b78999fa164b67e2e482b8f384bbae300a2e45ddb0dcc197bf4ad52

SHA512
16d890ca78dc673dd14d9f2bde75d9846a1c248b45b296cbe209c4d6309884a02639e52a7581ce2b38bfa718aa85dad7e899ededf61fbc96b3cf2486722ee163

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_sk.dll

Filesize
43KB

MD5
7b038a471ee6d4004604bccd512d0942

SHA1
192377891b10f536cdb721029931a5a30d3c72d7

SHA256
613a94e82098c73b3c96092b4e3d000405159f274b4f3ce94fbf6c8697d1a50d

SHA512
13bbc63cdeaa0a0015ffd54d40a03a2e39339456520703cd30a291d20bcfa2760d8a6ebb71bc3a07b04b0a238c73e28f86e2d7618d0f695a539d1870107e6478

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_sl.dll

Filesize
44KB

MD5
ff09e158fa95b06cdeea1c3406ee121c

SHA1
9308091e1375b76b06ab68609424222a65943c46

SHA256
4df89b9a1ea023f18288bb032fcb3c6a16d32de7f7a448f25a79a96093b3bf9d

SHA512
d20fb0c6a8b520c5cab6392cf2e72371e167279cb47a750c256ef6aa340f65d86300084fd0916802f5ccf8327cc655d3d8f66c34f46b65360eba7fba2bc1c8ea

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_sr.dll

Filesize
43KB

MD5
2c805597ee5271e5e21641cc8a973afd

SHA1
c91f589a00a8af688c4c3f77c26f25da9dc29455

SHA256
77bb5b27e1f3cd964ea000219fe5bbcfc11ab149a073ab7df18d2a132ecaf728

SHA512
b7850d86ee1379c9050ad68297c87db0248df9e8c748e6560d7f123239a90a1dcb7df0deb145764b06c2cb6a1b533790bb1aa1bd83b65cb230c7ce4fa9d9e047

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_sv.dll

Filesize
43KB

MD5
1e9591f0e4fdeaed322195d267be3f6e

SHA1
517b9e1da58bcfd15dd6c5d6c8c01b96c29195b9

SHA256
dc23d84548448f34646f26c4d934db6337f8c2ea504a5a70fca8a25641410380

SHA512
7a038fcdcef7bd65930a1b00f68140ed42bf8c309c72ac8dbc629d40aa6e0adf4bcb9ed7ab195d50dab95e5fef0f8820fabee942899cd8a2fd5b4053433e9141

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_sw.dll

Filesize
45KB

MD5
46eac655a8805dc0c0e4a836a0572ca5

SHA1
17563d9eabf327127b6ca464cf53104a3a421dec

SHA256
77b710904d6bec25287d9644ddf4a9875f0f9673fe9af4ee4cfc56830ad8ffa7

SHA512
4e80a85a69836595bd1a787757e864d2380c71f84a5713cb07aff7feb2fdc21cc996df8bf95a0bd1855eb1d41b4001514f479d05edab8ab154fe9f605e37d815

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_ta.dll

Filesize
45KB

MD5
d131a7da019ed1e789c73019c90cbf71

SHA1
352fdc90b50a672b43ba933536e0f5789aefbb52

SHA256
c9a448cb4052d88e4cf7edb39dd4e7673a1e14942705a464e5f32e1c19eee059

SHA512
6b7c03409342d97e821323ca4c438efa41cb7a11b8206c20d6a0c706cfe9b0046fa0cdd16a16610b9cc80dfc8fbbdd84db73dc0d7e5a027024955d179b2a238a

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_te.dll

Filesize
45KB

MD5
cf0d8acdabcd9d83a80a2ccac45aa11f

SHA1
52a37318c14852e34418e21e5d5647c4715145a0

SHA256
12f3bb240f42a44017e6c2abad5c883dd1fa53d9443a7410b9043206ee365f70

SHA512
9511c8667316ea4c6053b71512faa708bd2fd744f68793a930b2d7b69913126665fd36694875ab801e70ce7311629042b5942a4d6c9feef5111f4c250b7c6609

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_th.dll

Filesize
42KB

MD5
2c7212ce557a332d5630c42a9915916d

SHA1
3cec7e80b5299fa6399bb2c0a780302d8447afb4

SHA256
d0690a5c9ff2e36065fef51005013b0e59b65e5e9675f6c2b0151d77271d64b6

SHA512
2dfd40ecdabf1c5f55491c9aea86fcdc988a085374524f176cbe134c23ea3ac3a20c4c61ead96fe0dff36ba540d2b1c7af0c74ce8506868ca90c53bd3c564936

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_tr.dll

Filesize
43KB

MD5
8444ec842dd43d2aa38bc2b887f4a890

SHA1
b3ca7009061e6062e1ccb03d466ee3527937ff01

SHA256
e6b2d5a413639f78b5368d25082e561c7f4541a1aaa125739be8d92d350884c1

SHA512
f13545db4adb9812fdbd282a5f706c5d745893582f89a66684e7afbf4fda8847822db0b2b9392b09e8e09de5a1efe927c48217035dd909683cf4edf3b982deff

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_uk.dll

Filesize
43KB

MD5
8e5718472316851889bb0a217796fc47

SHA1
53cef510ac4f360b975b014196f855b555072886

SHA256
79343950c57c9ff1406fcae1f7cd4f18dbab6a9e6ebaf705aa3325aff79857a0

SHA512
7975ab48060f7f96b9f50b0a36fbe5819543ef61468f305d2dff290785b3ac4650850574b9c9e719048df72b3f0c940498c4cf72b7839b7cee1d2e818256ffc7

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_ur.dll

Filesize
43KB

MD5
1ad341162f25f3f274e8eed361bcf13a

SHA1
a85a82863e692a081d270c91b56a8ebb01863636

SHA256
ff831083da9d5610c2b6f5fe7848f991c6f2288fa7158f691744ec8998f4ac32

SHA512
2332b9799080f43191b00e39e131f56489df44ea74eefcf1624bf8aed427a15b23d787fd00841f51724c030afe0e9153df9b5e210f040d711bd81ce9786b81b4

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_vi.dll

Filesize
43KB

MD5
4b1e652f2af2beb0bc3d435ad450d00c

SHA1
bb20339859b6e6debb00533525f2adc1b63984dd

SHA256
e81d62c16827064f1a1cd67f04da8f245a6e9a7ff0556e3707d1b807fe3677a0

SHA512
b50d1c77653e1cae006290cb2caab8755e5459b0761b97fc9bfe8851211040d1b018da76e3d89fb51f62f8ffb4df2ab6b57e43204f4117bddc80ccacf34f2d66

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_zh-CN.dll

Filesize
37KB

MD5
e04e842019fa85b7dfd53f26b09fca81

SHA1
3df83b9f19b6d501b5b3627913dd567020c0aabd

SHA256
bc15a6b0e6845ddbbe5cdd7d85b4c8954fe4fcb30d8ce53bc4b56235f042ab07

SHA512
25802babac8cad1cba8be178142d7ca1f27314f3984fd191a4e2dc79f71b0e1194e5bc7cfb7b6c278730081d5110bc77eef6fa485b00b760404af61a19760466

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\goopdateres_zh-TW.dll

Filesize
37KB

MD5
803c16311f63b9f78515783048399668

SHA1
855a59806d23b81d2e80fa46ac37804b33ad2486

SHA256
3ac9fcb6c41e8e31f8c9bf212fd121ca253189e529f96bcee1d51f14d60800d8

SHA512
bfde60a678cbbe9d3ab0c28168e263893218f656c56755651dc34dc4ad53f802591c101609d257eff439f760de6aff0829acc28d8b0dd0e5ac17a27f49999613

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\psmachine.dll

Filesize
386KB

MD5
12438acffaec52323a140f7e0c6a1b5a

SHA1
c6d1b685bd64306e06cc67655925f09c8af5aaeb

SHA256
2686fbbd4fc3cf7b65deeffa8c2708770bc4b02a5b513776c0a6f15fc1446cd9

SHA512
d5b613df1d9a8c848c3d1adc41049e7c4630f394ebb1c82c28b8a1d7a4ecd9772f8446029980f8f644858b8b226974cf4fdc3199324ee2b403957bde958e4985

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\psmachine_64.dll

Filesize
509KB

MD5
38fb7718dae617b8f8340e34c962d0ee

SHA1
237250dd2ae0e990cebab9cb57a0e36365695a3f

SHA256
0eb899874e750a57fa1e303a8ddde61807e837adacd99323105032b76e3eeb71

SHA512
ab3c98ea20b913f5b1d5d32c30681a04974d49c2e9c267c7422fd4ebcf94ff93b92ea280d592c28ce873e530fc787c63939a59b99af8b843f352d30288d3089b

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\psuser.dll

Filesize
386KB

MD5
9c41aa478abc5f640a466a7d95c8e1c1

SHA1
a7d6b420821e3e1221123e9155ee2884483e0301

SHA256
1054c10799a7a4ca83106f10cfe177170c03b36f15a83d8475cb8dcaa3fd016b

SHA512
194c37ae7479b6f899e810f8580da0dd01aa6f90d9082cb0d31a49e1e13f5bc9660ac33a3798e9e7a752b6d48064464dcff1ae2bd8078a3e5182e53092017f92

Download Submit
C:\Program Files (x86)\GUM5B84.tmp\psuser_64.dll

Filesize
509KB

MD5
a1101dcef1ed0b6d607428f77ef49110

SHA1
7f040b1713e6c58836dd8b156a3da6a096a08878

SHA256
8ae3add5afed24a5e38b04c8ba554e00ebc0003e1f622d6d9bb7e6ac0500660c

SHA512
3dc5b8bdec1078bbdce82ddf2167b083ed8f855d0ed4532b17c71a5e87406742009006cd087a478ba596faa22e010d3b9831e608f5c65668820abaccc6747be6

Download Submit
C:\Program Files (x86)\GUMBD6F.tmp\@PaxHeader

Filesize
28B

MD5
fbe932989104886f6ce9108e7929bd64

SHA1
198f96f169ca09b2d292c704eda7c15650cd51ea

SHA256
0bef82b9e81e6eea9f0ad6be27a9633912d0a8d70a165e22ba979f18e43b7c4d

SHA512
393d781d336a04eb48616f2f11941e274ed8c08cdb0243b052bf2c87d2b64159a2a478f0c0d77cc292ae725e32318b0b50e5b31174f57808b2c5c4e9ac68986f

Download Submit
C:\Program Files (x86)\GUMBD6F.tmp\@PaxHeader

Filesize
28B

MD5
615ecd50e43fd9917ec749d71b81d829

SHA1
8a0985d2f384f680002c5aeb7066d128df70d30c

SHA256
507c58da8ed1aec7ce37b1b9e3e3171e8e265e77c9a43f2599bab3c7573b9e67

SHA512
37062437c6d19c043a25f6d814d0a82e2d5b75c65183f361459dfbde5478be77bd8414bf230378d060f4be36f8fcfe24664c66efb67f13e2a7bb5f291dad39fb

Download Submit
C:\Program Files (x86)\GUMBD6F.tmp\@PaxHeader

Filesize
28B

MD5
7d0a6f7d0198b691fd741740c22f48a8

SHA1
f0d3fe0d2197f8550fda876c06da19310137da33

SHA256
8f4f7086ff2bf4816a6f1d4b71ecdb997020b7e8873fed61bf298b49a9a6ba88

SHA512
0ed4968937b19381addcdef423f74d0322791712cbd867ce458e1a8e0e913f92e6030f29a6f41734a71e140f4f0ad88308994c01ecd05cb4760f9ad3228aecb0

Download Submit
C:\Program Files (x86)\GUMBD6F.tmp\npAvastBrowserUpdate3.dll

Filesize
507KB

MD5
115e188ea0c8549c84524909bacdb03d

SHA1
f9de18c3d691a36d980b5c5678b1592a6b276f89

SHA256
26071c0c9cabd9ff2d55ee2abddfcaac3e877cb0da8ff1bb2db226d63b6371f2

SHA512
879f202782602c2867cc71f5cd0c674e7df4b85989ec2b57386362fe3a1a8c953a8b291c7a54a1c46d69001265947dc391d8e1a76e0a88dbcd282e103f76c70c

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\@PaxHeader

Filesize
28B

MD5
b995076ccf0100e39d30b6901802e0a1

SHA1
d30f702a4e7f954c04ab9423ba1f65457958baa7

SHA256
33610c486dc2c4c3d87cfd8a9cc0f23478da3b950a7e5fb2a960c19672c792ab

SHA512
54d1da3af44245bc8ebbd248ba13440c83d0c2935216003a54363f19cb8fa93b6ea01abbf4ec88a2ff5f1bea05931045ec79deb5be170f177406f7cbd25a376f

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\@PaxHeader

Filesize
28B

MD5
9fd4208d9d123985e07562924d32ab4d

SHA1
6e8c6396302a13c952f903862f5b658623f3c101

SHA256
ffce9f1c1627a5a1b12589ac06ab80b486a0435057b5fad4d0ba686afbe7c622

SHA512
cf47568d6fa1e171bae7fe5e7c2e4f10c8258a49a6b31c90ad4ca1b593fca18aa89cc3b5be483ff0dc83cfc5a8489e30c6beb4144792c2b3afbec2553202854c

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\@PaxHeader

Filesize
27B

MD5
64c6b11f9e21af3f69356b9a340d1007

SHA1
7f30dbdaf1e945935b0c6682910a213981f81642

SHA256
e149477a4fd12dbd8e1cd8916f122f098e043a1753280122fb964cd14c97a0b3

SHA512
4d0f39f9861408be5036c3998f6802e976e5148c70be0789e1bb2eca0828641a35b193260f66a44d922117aa33a067cd1781e96016236e74f226f079aed075f4

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\@PaxHeader

Filesize
27B

MD5
1f46e21f1a86c8df8b67b94969b5231d

SHA1
3e866adad25d7709b78128733ab9a9eb67fc26be

SHA256
afa86adf515dbae7f1b2da1effe5e3c885b7b432a5c76cdb0a840752d63f48d8

SHA512
b5ed042160a1c3f03cdda85249c9e7588ffbd2e053f4c1fff7204fa69b6003690583556f7de5843042599e91ca891bf441bc8107edf2a4fc3efe67835234d578

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\@PaxHeader

Filesize
28B

MD5
a77a5c7f12ad3918d6ae5890c7721d07

SHA1
f2c0722011d03bc5778e3021911ddc970b2923d7

SHA256
3d63be14aa205362609bcf9b4d664ba286d033d0d588df5288c996c2d055ad97

SHA512
2f30f5cbaca723bead15f7d7e42fc4e217135eac057c12243f85b0754b93c9b513aca4995963c3c260ee98a9ec919d246bf56d902e0c3ed31d33e4f7a5544b1a

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserCrashHandler.exe

Filesize
131KB

MD5
50cc978f72dacfec8e1f61acea2d12da

SHA1
a0d7dd0e6f6eec6f0c56e260778238dc3a5fb705

SHA256
2c7af2eb48f51a42f93824a2022fce7ad0b2df1a348560c76aabef5d666da2e8

SHA512
efd27a7aca756d0c4e4e5e1d34f55e2c255bfc75296ae270ba7b6f75a0d221cba2fa38e4c7439ddda3bc7a339f07c961fc6e47a949084dc57299ba3ce2026683

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserCrashHandler64.exe

Filesize
152KB

MD5
bab0e5fc48a37c6d18e2aea27007746a

SHA1
8be3f947b183aed390f0c7daf3c40b6bc451322f

SHA256
62dde1ae0cf875694fa0cd748685f4615ccfe8d146a2f57ebd5dcedee4782ca2

SHA512
3228a1806935e35e42a190c4a23e229337388ecb59b213d513733109472a0f20a4cd8da827ddf9d2ae1b1b8613fd044ed02a7027052a3f1ce8e475ec88bcb2c7

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdate.exe

Filesize
186KB

MD5
008b382cdb77eb7811d572937805de53

SHA1
b339ce200f027307c3588096a413906d5c348b95

SHA256
17dce0905356c7eebc78dbba0913aa1476ed84cfc09284abfb8aa7147fe89004

SHA512
2bc380bcb872bfb8b61ee24442df21ccc101f56f05d766f41a3f34b103d0be2e6569ed371c3f9011b2b806911d6e5c4b56208ce387d45027d382b7f2d6da986e

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdateComRegisterShell64.exe

Filesize
428KB

MD5
5702ce24eff2ce37e98ce9f12b515e5f

SHA1
fca6790be58360c0d165f2290e2f1f615a904b13

SHA256
f9b34dbb670de6bd85b50e6682bcdc97275737fa8478cf444db21bd04c45b0ee

SHA512
55059606985caf27a3bef331ec4e7593e2ed702123cc3094fb2f907ac2e692c878a11ea01e006b8f70c30cbd8f0bd6245018061765e7c169523633e021d7a968

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\AvastBrowserUpdateCore.exe

Filesize
495KB

MD5
8b06fd52b58667f52866d1418a309625

SHA1
0f7e7c7d08e89c6da32a54f6c0dd44235d9e8e99

SHA256
29bf5df67f542ed38cc61b1e0899f59885a097bc72a40f08e006927a0b8bf2f2

SHA512
79c029518e44ce875de5ab0f50fb4fcca788d94bd55ede9e190cf3777ef52d103899647b44dcaf67a7cb472b6de975b435063ccf6d67bd710a128805c1b405e5

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdate.dll

Filesize
1.4MB

MD5
6b0399eaee3d3f8668facc835649e7d6

SHA1
960f1db80910e1f3875572e60210621694dd33be

SHA256
2170b71910bfc3daa160b2d0675f40ba6516b58db6151fce220e77a904215b5a

SHA512
e5e669ccef97a850df75a1ce33b737bcb64b024f1599f3f63a4f55762e56c087e7d05dcf4876b081be6f5e4c5735276f80bd502a38edada3293055b21e5b61d0

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_am.dll

Filesize
42KB

MD5
1f38fac4bea77244ba8e5f867e8c43e9

SHA1
a81515c4eba7ae5bd6195c4ac17605fc0263efb8

SHA256
da8ad629ad5ab0037a5deb146a0ae46a6896dfc3db475ecc9813a4b13ff2832d

SHA512
06c2bcc9546a849c63cc7345320528f16ac7bab267d258883e52d8a55ccc997e13f1ebe765b50cf16ea28a534c94f97b5074369c1b496e18313d3662073701a5

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
6e446b5cb462880b13e965594ded6bed

SHA1
a30f72f36d9d390780017e0fef8719d9fa04f214

SHA256
17b730aaa18b3739dc32b2642c9c9c37eef851814fd88062a3b74bbcc391df0f

SHA512
820753be644c66a8cb18632dfda202621a529e8a4bcabc95ba8422ca0a117cd385659552edf57c99b0c39ab79cbd13c0f9bc3d275e929118587ddd6092b0b826

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
92df1a264f92c0a04a62e9174fa4bf5b

SHA1
9141f94fba8c7ee0f9be2875a918fd95b3ad7b30

SHA256
0e7f9cf7756498f891b3630f3eb812ca6ecc1e30cf42da5cf90a3bd3afbb3a56

SHA512
37befeed94a63bbe262e7b37b4f5bfbcbf51a58155d0a63d27e5d379f1e1ea136dd5f7d45f4dcdc93b9b8bef5b4804de9f425925ba7cdcf4649a764303c0be6c

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
e333fd3cd6e94e2e1ff6ce4c502ce1c7

SHA1
a6aa89ed5c4fc072251fac1d9b95c115dcc7bdaa

SHA256
286ec415f3675d0351fe18f2236616eb69bf362960fbc0d3a470753e9b416f6c

SHA512
abfed8c216e93867ef840105be2e39c2db409c89e8b6bcd4c7e53a5f5f399c5bddfca0ccee4a098e0255412bfe14fb6681ef9ea9e1a6c259ee7bc94aba69dd96

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
fd0e1242e4265cb1fda0bc4d860e492e

SHA1
e978caec71098bd5bb157ba6745a476aed181ed3

SHA256
2aaf74829e904912ac6e8cae5e8371a5ec4038a8fcd5213f4e9a97e4b44981c5

SHA512
ed9a132e19751ad0f4914d51fb353d05f655ddbaed84e2ec07c3e9fe13e0c4351ae8de78e7b4893479ec5fb899227f3fb0d5af0a08638b11887404228fb70e7a

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
028057962779e6290eefac48edc99976

SHA1
460434fb3007be992ef15f9ce344f00ac2b7bc7e

SHA256
6f18b8f74bc4f2e2b732b09162e5e12a90fbdedc8d44ca67bf57f6e9c60ce472

SHA512
d3ec806bad5090057667e0bc372e62c10c4ecd2784667e0b1a15224c7e7655e34c9c29739b5c2ee03e1debed8662686b706cfd5e455480344a4ae511b45a9106

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_da.dll

Filesize
43KB

MD5
ed7c7e9d4088ececb9f7bc3822f1ffc8

SHA1
52e457856b058e870c0c376f4238a9d3a598737c

SHA256
7931405cc305e2d236e1d26b4a5e03d478d2137afe1b5ca78da667dd1bb77dc7

SHA512
4612ff47e27e44d800aba4f0198aa6dc349b677bffdac58cdf1204d834e0fe24bf463455d1e5c5b7c5a875c6201ee425ea63e41a6f60afccc018be5e446f90a0

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_de.dll

Filesize
45KB

MD5
7d31ac4e5ed0724aa79558ac86e6c35a

SHA1
a6b19545874904f1cf52bcf405a50af95ea5b9a6

SHA256
b2184751aabb9dad80bbbf5e981ef9d7737ff48199d9e210df86d5c50f3f5df8

SHA512
7a1058c7f176cfb5ce2c9e816173cc6af1fa218571016b0cd274a2bc9044a4e1db1dc102aaddfb623d6627a144c52d27990fe1a7942c8a3555b415f09c67ceb4

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_el.dll

Filesize
45KB

MD5
d9b9e3e6b77cca7080f124e78b2462c0

SHA1
1a270a4a03317e5e69cf33bbe63a9f80209b1a53

SHA256
fee6e6387e0df0716c4b15b5b297a85b18a8af76025312d844176f3215b4185d

SHA512
c7f3ec02f3dda1474746c2a88dfa6cafc7e516b7b1622db8a4287de41ec43da715952456d78939b54dbad35c15943366dc48a52d6e3e43e4342d8374dbad0220

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_en-GB.dll

Filesize
43KB

MD5
4ea9165200c99cfb9bf17fe1124d3648

SHA1
ff75d71ded42120c65eb0f796f6ddd4937b1142b

SHA256
aaca991a3dcf5f56c7151ca9fa79f15a51dd34b4132eed80f347304f9c6c4c9f

SHA512
997c712f3b7ad07a0239305b34a90db18e2a7dd7cda750434ff02c87b971b39a0b68f2358535f46edb443c06d9fc149d845f91eb1990df2c7ece3c06a23e9bd0

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_en.dll

Filesize
42KB

MD5
dab9fd7c77f73c8a7a0201fecbe3e882

SHA1
7c8836d026d4b5feb2e64141f2567218f8fe6edc

SHA256
efba6c4686bdd2021e1a6e03b109e955cc1fcdd0d36036bd9a66c78eef5c9fcd

SHA512
e687bae81fc2c536197dc95edbfa70f013a7a3f19aee3b8b0b18325a8110a33b92213e082757295192a4f66e0b1e6ab4362fcc2a70da105ff1f469528748b3c0

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_es-419.dll

Filesize
44KB

MD5
1857a1a05852d0aad09e3b7f27bccc45

SHA1
3afaad8daa9a019cf32fac6b82d5641a4247b591

SHA256
c634e56c9b9c165a3b230ec94d02ae4aa4725b7aaae57dad8f17c2be58d15fc3

SHA512
962db68f1fce9de892847df558dbb8fddabd1bd4d5a3c3b5cedb97681fb315b4d0366a41fee32877a96a34d60dcdc721b5b3fd221418f63f6acbd8d56e579728

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_es.dll

Filesize
45KB

MD5
72ea3bdc5d4f0f951518d03aeccd2bf6

SHA1
01156af60ca96f6f5b29a773a89930ee188318b4

SHA256
53d3839dd7f3e9a12fc192667bcf9d721034a0a7c1940dbe540fe841cd4ed3ea

SHA512
b7ccde88474d3849c3d55bb3209f6938fdfaf343dc44f4a26bc195b4abe9c476a8fdae1133ebad9a5a852c3908bf828f1ea8d7e51c92000833b6892f0c6db1a3

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_et.dll

Filesize
43KB

MD5
ebf1ab8035e5d22d748fbfe58ad5b569

SHA1
525d1a6fa85a147a0bc46ecb536019aca54c23d6

SHA256
ef5325ccf0a97fb550030e0fadce9349039d124cee390226fbb30296205d49a8

SHA512
7cfbd9bd54a56c333e78b35e38390f5207e0d17777ba2d28742e4cb413e10c17851ebe3e88a34ae8ab8807d6092057b600ecf0a9e9dbd52de40549418e6c7d12

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
40aa4e15b44245d0320c2d6cd85bb42a

SHA1
b06b1ff202ba5332ee5a65d011414f0e8969ce2b

SHA256
277979b950dea3372ac9df4c95ec9c8f7e8549e714b6a78a8d77be141d53c007

SHA512
4ced0c4198305f8dcb71ead6520d7962ded65c033696df29311f20b677bcde3e62e25de890cb0a6c4dee6ceb1cfe41b2b61a08663beb57eb6d3873edfde4162b

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
501cbb4a49ddd3abfb8929b44213dd54

SHA1
073c9619c1d7eb7b893eba3e2065470d373ac292

SHA256
902cd4b195c0fa1f58d83ff2b7b7e85237f6fdb7cee06d593393422eb1cfaa0d

SHA512
6585e2616817a91a70696a51849d08ea34c582b6a3fffd95d9de9ba0a5b8560e2684c049856106b6dbfe50ea9ea1c29c31dc8e197559e4863b89731bd7dcd38d

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
3875ba78fb49cbbd8ea8a258e3dc53d3

SHA1
62fdc568d19aaf3b3537464acc356946b85c2ed0

SHA256
a07e9b984284d8a3b8d948393364299f87565e45e8003583e32f2670b085442a

SHA512
3516f9994cb8c957c7967cb1276cd9929f2b410ebcab428c02d6b4abe20e13bc8717f148d7f59236e75b171946dc7ab38c568299f47f8dadf4f7739aefd71268

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_fr.dll

Filesize
45KB

MD5
552d2a7da0b056d6e8db9f8e143c5f97

SHA1
7d88e63e6d8ba3224902a40dba0293b727010f37

SHA256
9c29f6536e064f753f8fba0b26efe32f80a83f48daa416ef53d3b55cbce02aa5

SHA512
c48cf4cb54001a8a3490f45500fdc81806da1a663139814452fc8d952ccb4b1caa3d38fcddeb1be772d1f65d455537a62e1db41083dc9d9763f109857224dc80

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_gu.dll

Filesize
45KB

MD5
0dde60e0de5ade02a339b76fadd5ed33

SHA1
4ef9d16e772388101f02757b18faa2082e67234d

SHA256
0f4b68558b910436c1184b9e8e682a7183a748a9a0ee99631336be9a71e9956b

SHA512
e1f2f8772ce6ab329069eaddce9f710009425465892eb059c83a87b4c9fc9c49e353c20521d93692da48bb4af586b7a9782f16a17f32d07762e712da33460cdd

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
550a2dff384afe5e4b8339e48a43dcaa

SHA1
69e2e67340e13191567af9625771fadf25878ae5

SHA256
3df2afd18c225d6ea7400c4a8b5f2412a02265a98b2f258b969e276a5bf23c94

SHA512
6530d98d42d01d83f2493df213cffbd72cb06341cec640bc0303e8d80f7e8cc176899bb9dc3a7cdd790d71301af301ac78db17f7774665ed7036ca070d9eb13a

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_hr.dll

Filesize
44KB

MD5
36a21d299298d7c0709f7bfe0bf0cad8

SHA1
baad265e2bf82fc21d1f363d7e61ba81fec1d701

SHA256
ed27ebc725fc07129ddefa4932eb1cfbf77cdc8617f0c37ccb9104eb2379b57f

SHA512
38b65be12d96d40840471680cc7a28c9647205155436eae2247981830ea6a5375f2e377dbf9b1e79ddc19dd65522f44f7a6b6d8cdf4178e91bc1c59eaba6cf60

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_hu.dll

Filesize
44KB

MD5
16e63288e7d55c8880f30860d43410f5

SHA1
668fe406ed6977d6d689ea24e21b55a62280efde

SHA256
035af5641b1751c78b1c626d16bc103654be5eefe9e8d15b53bd24f5313d8a5e

SHA512
28ff6c3416f6012cf8beeb72a740efd32df463f6d26ecd54d9046580325267f1537756d37b9d07f0c247746199727550b5af365f0262f221d35d200a27c2253c

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_id.dll

Filesize
43KB

MD5
250ecd64822e2a3b86523469dda45c36

SHA1
e94ccfa2de0b1f69576c2183eec57994542ac544

SHA256
dd530fdcd7a5bff02c217ec409852a33455c7bc3dab13e1380bbde5af188bfcb

SHA512
544a46500e5e89077e91298c032a7222c2cb5867b33fc6749486ee59bcfdd24db61aa617ffc9f0e62235b0cb191904118235e31be7a5fc6740630749ab8e2915

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_is.dll

Filesize
43KB

MD5
46c2f35b5a91501a671fc3ce63a8c202

SHA1
1fc33e0faa71dcd7e7c8068f8e268a1b117fb0ce

SHA256
82255b1acd999198e4116796ad94b3f1e31a95666a52319fd27b390f5dca516f

SHA512
a8cc15c12415b490624a993453cf23288c6a40dbe8d7e6b133f363881f60ae47ce0e412bcebb60c433134740be94d83a03169f68d835d5079ebc5192cf47b0f3

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_it.dll

Filesize
45KB

MD5
902f5c4add30b9665df17c46849cb20b

SHA1
0a4a086c9e9da4225445bf52376a38f748f3af47

SHA256
bc3c543182ccacc02ddd1706719961745767206a4468d8685cd00a4279c12328

SHA512
cbd0c475a37b5eaca040e0e7943f84a90e3c24995bd4b61ae7220cd9562aea3b83593b7a8e3d22b586dfae67bcfec1d531ca3924cf77170f41e539313f99763e

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_iw.dll

Filesize
41KB

MD5
5315b828cb27f4b142eb3770c77d600f

SHA1
0582c18fcb5a0214e58c404713a3699319fa7385

SHA256
2780d95b9f649e6df20d7afa65f6f4193f07fea877333d96807ad0d8b7cb17a0

SHA512
73d452890df20bbc61eaf73e800cbe1a7cc014da7fb4e8bfec90ecde4e523b35804c436a737ffe21d8fef569edbfbd819bdc667ffecb46636cceede9c5e10082

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ja.dll

Filesize
40KB

MD5
64895710fa9f8b5cf9703e8e4bec6d25

SHA1
4e29b6fa9ee435a046e618a95302c04662a0bafb

SHA256
53402867e91a018160e35b027f3266bb364f6072ad641d8f583cef0ee3255986

SHA512
354e5a39d1bec4a436a217f296044dcb2025cc75eefb961822a59a12624043fa6c9d873a834fba8fc8ad9a9bdc7fefd3616dae98c7302819f579c7cdfb7a871d

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_kn.dll

Filesize
45KB

MD5
29d26e1da2cd11575ba121aa36f0a638

SHA1
abf359f445ea199ad8773586e72fd660036e8c84

SHA256
252c0acb781ceab837f7ec927cc41dc09c2d0d57ac6975c111d0b561ed3cd1ac

SHA512
e482ff4094368c3055daf5b69e1215e7d41719c1f4789785d05baf4a49c28d4ad142ab9aedab37c7df69d14234e9ba79331f51fa644db671f2b7394c3ba000fb

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ko.dll

Filesize
39KB

MD5
e9f5c3854fcd642f23ce4c4ab659ec28

SHA1
63c29acc295dccb38be5746e48902328bbc3e9df

SHA256
fa4ecaa06a8d0df5bd60c056946b63650497bf6a853ea0bdd93cbe411b96c26d

SHA512
167edc03400da59a06878ab3a8c27b5ac9498b28973345a483abeacfaca10884f34eb739d423058ebda50c4afc5a94bce57d6ca606e84a84cbe482b331409112

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_lt.dll

Filesize
43KB

MD5
e105561482f05e65eaf98c2814400c5c

SHA1
f68a0f610dd48746f9a4a0e835528426d6fad47a

SHA256
a5595bb4278165894446433c27bfebf78231570ad53b0c69e5d0df86e4724aa7

SHA512
7aa61a8b4e012b79243f7328f7fb572b6e8be4382251dc2ee27c282b3d0347d274ca4f553b0e0184dcbfb369feacb5991718e9abefb85e57655384e0c1126cec

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_lv.dll

Filesize
44KB

MD5
73745046a61605f22b9eddc34629a81a

SHA1
d8181ed29b3df33788eced0adb72178f7deacfb4

SHA256
5e790d8a5ea811c4f5fcd90f0820e8bcef1202f3f5e98d820e529ec47f875fca

SHA512
106ddedaab46e3322401437ed842225b1cdacd1fc4d01a79eb6195ae4d449f4f20569def23aeb0a28c23199af5e95c49abb8c69d7db9906395818592ce6095d7

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ml.dll

Filesize
46KB

MD5
c9091349771b6ee27024e49afe316cf2

SHA1
7adb311a5cfc584c717e6f1957842dfbf69a7cf1

SHA256
890cf80909d652ed6e220f5809880ba796b9d0981e16cb69b0e245c7c30a2082

SHA512
3cbf605462ffc847418009c41b9f526ff40774054bba92a2fc510c8823e268454023114ca5685a5b94a5246e6019acffb92902d031399fa2ac50bca9bac094ca

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_mr.dll

Filesize
44KB

MD5
e9eaf89a970341e8a588fc7b5d31f411

SHA1
52d94df567d1353db5ffc44ccf2ba5224831a0b5

SHA256
f1c134607740645f05111944f1a860143af8cbfd828d0a439f8d5bf8888ec975

SHA512
4fadc8a6841efbadc52a790174dde437dd125b56fa8bd1ed929bd8b2ddbe18a6dd2591edbcf5ace6d0ae5700fe82cfb6d85700cf993e8bd5a94a9c070f3c0683

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_ms.dll

Filesize
43KB

MD5
61fe0b035cab068a1e89bafe0bd73629

SHA1
dccb630c3d7a2dbec283f87bc966ee96b11e6ccd

SHA256
03464e5e7808aa74d8f24f395b29b75c56abdf750cfe671a7ce388f0299de63f

SHA512
ee3de599b059db1f7888052e573f447d92970b7ea6c9db1c09f8df3339d2191be21a766e56369f667b75f7b26f770d3dc8adcb920eebcd8316530edf506ffcdf

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_nl.dll

Filesize
44KB

MD5
6b426996c9d7a6b5c7b83d09e9b9a6b3

SHA1
e3f3137cceee850132e302c7f67c691f018428bb

SHA256
73650e199c53eda546a2f342e7d19fae3c5de4252a71e0044f461db796519629

SHA512
ae66ca8cc9cd16d934226f9d1962659e8de6a400b978ea1793a035c6729c0ad648bca47e036bbeeb56c02ccb0b08832879f2f451b814264b828d514f3cf47d2a

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_no.dll

Filesize
43KB

MD5
e163b26a7a806ef48774ffad0067bc24

SHA1
b1883272d34abf3bb5654aecce8439950cf6fcac

SHA256
348bc8bed07c3625236399e9d5762f432bb9539a21fc969dd63b275ba7c9d31f

SHA512
924c038de6f1f6a87dcdec3b32a1ccd766344186c88a1945a9684b0e0f12f346787da84c38a7a538a9153e62ca46ea7a30f0776ec09a0dae978fc2613c7d432c

Download Submit
C:\Program Files (x86)\GUMDA14.tmp\goopdateres_pl.dll

Filesize
44KB

MD5
c3d9b238ed70b3de4692e32b5bb7bacf

SHA1
90733f68e13d927d338927fee3bb02d1a47831fd

SHA256
0d8eff876be13900aa77ff340c8a224ff606c1d204a01f09a0bfcf754ec9b0b5

SHA512
e17936184cfbd9cdbe9dc2d6abd5590646557a2e1f396c2d2900d381c471e68fb651ab1b7c4131adcbe409746d548d341f72eb402315122f5c1d6afbad09215c

Download Submit
C:\Program Files\AVAST Software\Browser\Application\120.0.23397.71\Installer\setup.exe

Filesize
3.3MB

MD5
25bec0254d1822c9a830c394af966aeb

SHA1
18b66dbbd7180484c6249ff9418d593aff6b8c57

SHA256
a06d8866b7ab2076635f498059e07a365ecb8bb905ea685e42c1bc3dc3156295

SHA512
f84ed045fdbbf6437a0a8515dac88803e9db10f967832169f0e4a418d9d845b229061a0eda04e145db646e90e4338eaa70512e26a6dc18f148d41e777495f82e

Download Submit
C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe

Filesize
2.9MB

MD5
2d932a88b0f6a22f6aeca6e8236c890c

SHA1
d340aa6a82049058eb6a4d1a3f70c71a9bb1b9ab

SHA256
0d5d5bd4a5822534bf80aada338074429652afdd287266a13a1dbd10c32ee90f

SHA512
8a6fde5cf48dde7ad64c9e4d7d68cc9080b06ec0e10ee805df7862e5936969cd01d6cdc1de57c4873f1cd228e05520581c81c5d8a40d308805f529f37ece3894

Download Submit
C:\Program Files\AVAST Software\Browser\Application\initial_preferences

Filesize
848B

MD5
331bf6cf9660d7870db73b9eb215f72d

SHA1
a9fd1071709c1d6cb618c2b518253a475f0d3c45

SHA256
e5f3f90599f5c284b7cad283bd51c1c386f98e814e5fe3e1c604cba0cae07fe7

SHA512
71f2a43b10e5ebcfb4068a7e5b3dacb851e3720593007f1c265df347e7622642cb11c5611356e44e42d5f31466ee5e157b1457d9bb3a40106fde4d957e112f2f

Download Submit
C:\Program Files\AVAST Software\Browser\Temp\source2760_1690926840\Safer-bin\AvastBrowser.VisualElementsManifest.xml

Filesize
413B

MD5
f23a72c4dbfd4948e9b730ccb329d94b

SHA1
50ffd6603d41b321017dd906e6b7d3f02ab19b05

SHA256
e970b812ff03a73d7ffe37e2b5e75db73d39a95e7121dc8321e0012f8c7e19b1

SHA512
fcc2cb444ca3e2d868421fc48cab4e034eab174ae6698b6cac9f381837170a006d58ea1f12b3d0e012210955af104624abd61feae6d899435049f3b87497ec11

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b07ce292c287dd50161c41e105c98ca8

SHA1
85caf49dfc198504c651f713482dce881066ed42

SHA256
c6de30a4987f6ad068caef9f96ae181eee48a95d7bff7297d512b68c80bb24e2

SHA512
5ef87c9289816e0f6982573bf6a92925b5b5119ba421691e769982570fa67f3ac2dba3f55481bc767da88a709edf7a5e1b72657fdf6eef7646f41d956efda66f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b14496d248a07986e0cd800e041aa514

SHA1
f0a8b6b33814d9b4491b98793ccd543fb826712d

SHA256
8818f0f6e475d86a2f6cd4ae19c6dff5eb9c7e5d7bce84136041ea6743effeca

SHA512
19a96fd12f59298b30455560995135d285f73d3d20e4ca8fe6976c27c4040bcf7f5ffb19cdf9bdfd38bc55c5b9e417a88fabf76a5aee8ae95ed2560cf3d9a073

Download Submit
C:\Users\Admin\AppData\Local\Temp\ajA645.exe

Filesize
5.8MB

MD5
1deb81b483e500b96aabc4c8761e642e

SHA1
389a03ce92bd5869f24caccae43855331b4a9800

SHA256
7a48d929d17de49160db68b3be58aba7d354f73f7292125adbb024bcd65d82c5

SHA512
703eb1e3cad9349e1772d552b30e69ce07b3fb80b78311c0f698a79ca7cfb04d424bda1b722f4d8c586d9862ed56e1c2b99cd2d7df64509d3d66d1862e9ed936

Download Submit
C:\Users\Admin\AppData\Local\Temp\avast-securebrowser-main-tags

Filesize
44B

MD5
2ec65a257499e518b624e07fa5a6bec7

SHA1
6fda961264c69d30c1db21e72d07c4cc7c73ffb5

SHA256
fac1758f6f77b68e6590cb530c84091c308b96475118bf9c0f9d9aead73f7d7d

SHA512
b56cd3ba7c5a16fa736c2b746854024fd18b83ef64be3b9aa2a1c1b370e33837d44d9373522ea8f465a6e46c522ae589cd936d74151abda577749e982841a734

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm984A.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
04091b9dc274a8aeceaa250d9d5aed4e

SHA1
39a8988a05b866ec3505be1650e521d2b3e71c1b

SHA256
dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb

SHA512
7b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm984A.tmp\StdUtils.dll

Filesize
195KB

MD5
f6e528af6e8b1e819c5c9f8138d38098

SHA1
f4e3e035648be7711aade5d1ae594d1069efd816

SHA256
e0922e33fdbc433e36fa069791b6ced6e8d3177544b1331bd0e181ad600c628e

SHA512
389bed7716d725f598a85f5e8a3806a351c40992dd5ed9bc1c4e4450b150d0d74f28df61d7cb0cbf6ebf681f49a454f9b04aec86a88fac9b7a33e6cdf964bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm984A.tmp\jsis.dll

Filesize
127KB

MD5
6b740d7060e09cfee3523704436ba00f

SHA1
f369460d22992b8a468f08fc19f208de52e2cb18

SHA256
65c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b

SHA512
2c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm984A.tmp\nsJSON.dll

Filesize
36KB

MD5
0acda819bacbed7d368f036847960ae3

SHA1
8a4367182e41076e28870ef60efa8630ecdf846c

SHA256
2508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800

SHA512
d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm984A.tmp\thirdparty.dll

Filesize
93KB

MD5
3f2dd5b3899d0abf2ed4e7749d85900a

SHA1
682f8f786422a25ab5f525fb1d30928ab3f094c7

SHA256
6d81bd6f69d6005d0ebeea74ff185842dfd1df5ec1c84304370b88bde38da497

SHA512
3474a8e6d9550dff4b75af772248b2f48a95820554d10f27ac9dbc9178c659d8f7fde4ecfec26f648d5a93bdac3ec838b8ff581fb65f36d5b9e2475b16f659c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\AvastBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
aa47427ef91955ca851284c59d32b29b

SHA1
48629191e099df41a0cb750b6ff0701fc0e07346

SHA256
d54f5d408a4a2d3b80dff71af9534d2119cf5284bd3ffb67ef48ac75419e5436

SHA512
5fdb16f918cb6bfea8b3b80dd3282c2f02f50f1710df6d9dfbdbfc7124df331ead05a3ec2fff1857d18559dbeb20bded5fda80c0e3ef38ea3bb359c28ca3f917

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\CR.History.tmp

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\CR.History.tmp

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA9FD.tmp\Midex.dll

Filesize
126KB

MD5
26ae155bc699bb8d535006d9889366ec

SHA1
47990e176505ba8fe8c9aa43018c71ce84702ed8

SHA256
7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

SHA512
03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C680B1A-A76F-4040-ABFB-B989A1ABFFA1}\scrt.dll

Filesize
5.7MB

MD5
f36f05628b515262db197b15c7065b40

SHA1
74a8005379f26dd0de952acab4e3fc5459cde243

SHA256
67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31

SHA512
280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

Download Submit