34278d6fd8874bc12cd7498ded79852c87219e7d5d9ca75facfa3deb98089f36

Resubmissions

21/02/2024, 18:45

240221-xeasyaea37 8

21/02/2024, 18:40

240221-xbnwdsdh48 8

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fortinet-7.0.0.0029-installer_jLa-0t1.exe
Size

1.7MB
MD5

9402ecd688bb22ae501ee75565e15b4d
SHA1

5671c2706b73f9a68c20a8b41702e9fd161ae240
SHA256

34278d6fd8874bc12cd7498ded79852c87219e7d5d9ca75facfa3deb98089f36
SHA512

f43256d5e52750269679f95311fb097c555f92c0e61779f29e2a2d4dbc55c91c8dbb8fad8ecf5c0643ce650b7e85053d065a1f5779b3a463868a2fa92e294ec0
SSDEEP

24576:C4nXubIQGyxbPV0db26WKas4/Xnna2AVFwCGRjICE2lfWW0qXgoW1zSB:Cqe3f6mson6fNCNltv

Score

6^/10

bootkit persistence

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 13 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\AVG\AV\Dir	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\AVAST Software\Avast	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Executes dropped EXE 6 IoCs

pid	Process
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2328	saBSI.exe
2976	avg_antivirus_free_setup.exe
1960	avg_antivirus_free_setup_x64.exe
1656	instup.exe
792	instup.exe

Loads dropped DLL 36 IoCs

pid	Process
2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2328	saBSI.exe
2328	saBSI.exe
2328	saBSI.exe
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
2976	avg_antivirus_free_setup.exe
2976	avg_antivirus_free_setup.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1960	avg_antivirus_free_setup_x64.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
1656	instup.exe
792	instup.exe
792	instup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1816	2216	WerFault.exe	28

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe

Modifies Internet Explorer settings 1 TTPs 54 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.en.softonic.com\ = "200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1632"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.en.softonic.com\ = "1632"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1945"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D40FC751-D0E8-11EE-B2C4-6A55B5C6A64E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.en.softonic.com\ = "1945"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.en.softonic.com\ = "2036"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414702759"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c539b8f564da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2036"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\Total = "2036"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\Total = "200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\Total = "1632"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com\Total = "1945"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000011df6421226c714eb9e5799e4fb510e989172325c75b847e8787e34ecb657455000000000e80000000020000200000009148b543703d73ba2bcafaace280fd62df69519c9bd4c288787522cef6020de8200000003817b6bf00edec246438efdc4d5a287dfa019014855f22f6bd00263146ba8bad400000008656edc4adfaebe6a2f14984fdb616ac012a45affa5d32669f4805e39aeb92c8b2051a1cdad434b4cb393d4d686933fc54e30f9e5ad1fc2182877bd8ef715b84	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000c6e9ee86c5c1dd79bf43afd45d7a6aa771f72df041dea8dd639abb3665c80488000000000e8000000002000020000000ef435793c77d6a15974a6740279bed24c2c3aeaeee049ac74ed12debc065960c900000000ba329179ad1843defd4f3b98a66585135430c47cafdac1c3037e043e0029e49d65145caf78810d8b230d9b0b9a85acf5cf508bcbbd3631dd777378afa535d8df016f68962ea192656fba9947d534bfb0a980ae44190cdafa4adad4c8252435e94794e8043a3eb0eda464d1849625512b3040a3351f84f4292fc517f2e66530334995e193bccd9a80c6033fe00ebc8dd40000000d3f6bdf51ae99e15e51bd853eef5680211eaba99cfe9cecb022a10b50d8e0fc9b876207f9371da8b8478660b1175186ab6143887179b9fede23c6b73b554d635	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.en.softonic.com	IEXPLORE.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "65"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "48"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "37"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "74"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "85"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: instup_x64_ais-c62.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-c62.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Replacing files"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "88"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "64"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "81"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "71"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-c62.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "59"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-c62.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "87"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Host unreachable."	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "82"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "43"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "25"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "73"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "35"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "23"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "72"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "50"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "71"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "78"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "31"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "49"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "4"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "32"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "96"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "74"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "91"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "28"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "85"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "92"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "16"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "82"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "69"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "DNS resolving"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "85"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "3"	instup.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	avg_antivirus_free_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	avg_antivirus_free_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2328	saBSI.exe
2328	saBSI.exe
2328	saBSI.exe
2328	saBSI.exe
2328	saBSI.exe
1960	avg_antivirus_free_setup_x64.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 32	1960	avg_antivirus_free_setup_x64.exe
Token: 32	1656	instup.exe
Token: SeDebugPrivilege	1656	instup.exe
Token: SeDebugPrivilege	792	instup.exe
Token: 32	792	instup.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
2876	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2876	iexplore.exe
2876	iexplore.exe
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2208 wrote to memory of 2216	2208	fortinet-7.0.0.0029-installer_jLa-0t1.exe	28
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2328	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	29
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2976	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	30
PID 2216 wrote to memory of 2876	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	31
PID 2216 wrote to memory of 2876	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	31
PID 2216 wrote to memory of 2876	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	31
PID 2216 wrote to memory of 2876	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	31
PID 2876 wrote to memory of 1676	2876	iexplore.exe	33
PID 2876 wrote to memory of 1676	2876	iexplore.exe	33
PID 2876 wrote to memory of 1676	2876	iexplore.exe	33
PID 2876 wrote to memory of 1676	2876	iexplore.exe	33
PID 2216 wrote to memory of 1816	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	34
PID 2216 wrote to memory of 1816	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	34
PID 2216 wrote to memory of 1816	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	34
PID 2216 wrote to memory of 1816	2216	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	34
PID 2976 wrote to memory of 1960	2976	avg_antivirus_free_setup.exe	36
PID 2976 wrote to memory of 1960	2976	avg_antivirus_free_setup.exe	36
PID 2976 wrote to memory of 1960	2976	avg_antivirus_free_setup.exe	36
PID 2976 wrote to memory of 1960	2976	avg_antivirus_free_setup.exe	36
PID 1960 wrote to memory of 1656	1960	avg_antivirus_free_setup_x64.exe	37
PID 1960 wrote to memory of 1656	1960	avg_antivirus_free_setup_x64.exe	37
PID 1960 wrote to memory of 1656	1960	avg_antivirus_free_setup_x64.exe	37
PID 1656 wrote to memory of 792	1656	instup.exe	40
PID 1656 wrote to memory of 792	1656	instup.exe	40
PID 1656 wrote to memory of 792	1656	instup.exe	40

C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe
"C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp" /SL5="$400F4,836075,831488,C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe"
  2⤵
  - Checks for any installed AV software in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component0_extract\saBSI.exe
    "C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1_extract\avg_antivirus_free_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5f8Vueqw8fAchVZlA2LY6HV1QMoBEHcRYw9Ab4PwwQpZizyl8ZjEJ4qGHCkgNcxlvyODX5Iv9
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe
      "C:\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe" /silent /ws /psh:92pTu5f8Vueqw8fAchVZlA2LY6HV1QMoBEHcRYw9Ab4PwwQpZizyl8ZjEJ4qGHCkgNcxlvyODX5Iv9 /cookie:mmm_irs_ppi_902_451_o /ga_clientid:28367d42-903f-4bcd-aef9-8bfec9226a38 /edat_dir:C:\Windows\Temp\asw.900e7ce9f8ba0b23
      4⤵
      Checks for any installed AV software in registry
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Windows\Temp\asw.0eca6dc6d456e2ed\instup.exe
        
        "C:\Windows\Temp\asw.0eca6dc6d456e2ed\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.0eca6dc6d456e2ed /edition:15 /prod:ais /stub_mapping_guid:1ab60ede-89c6-4c7d-b321-963efc8ab5bd:10789136 /guid:42507a54-eeab-4e9d-b9bb-2eff4cd34209 /ga_clientid:28367d42-903f-4bcd-aef9-8bfec9226a38 /silent /ws /psh:92pTu5f8Vueqw8fAchVZlA2LY6HV1QMoBEHcRYw9Ab4PwwQpZizyl8ZjEJ4qGHCkgNcxlvyODX5Iv9 /cookie:mmm_irs_ppi_902_451_o /ga_clientid:28367d42-903f-4bcd-aef9-8bfec9226a38 /edat_dir:C:\Windows\Temp\asw.900e7ce9f8ba0b23
        5⤵
        Checks for any installed AV software in registry
        Writes to the Master Boot Record (MBR)
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1656
      - C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\instup.exe
        
        "C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.0eca6dc6d456e2ed /edition:15 /prod:ais /stub_mapping_guid:1ab60ede-89c6-4c7d-b321-963efc8ab5bd:10789136 /guid:42507a54-eeab-4e9d-b9bb-2eff4cd34209 /ga_clientid:28367d42-903f-4bcd-aef9-8bfec9226a38 /silent /ws /psh:92pTu5f8Vueqw8fAchVZlA2LY6HV1QMoBEHcRYw9Ab4PwwQpZizyl8ZjEJ4qGHCkgNcxlvyODX5Iv9 /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.900e7ce9f8ba0b23 /online_installer
        6⤵
        Checks for any installed AV software in registry
        Writes to the Master Boot Record (MBR)
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:792
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gsf-fl.softonic.com/740/02d/f16d55821e6e472aacb4f28b66430e7394/FortiClientOnlineInstaller_7.0.0.0029.exe?Expires=1694537292&Signature=03b113a6193ec794cd5d824924b6b8d7d7555dbc&url=https://fortinet.en.softonic.com&Filename=FortiClientOnlineInstaller_7.0.0.0029.exe
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 472
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

Filesize
33KB

MD5
2a19b8dd504e12c633f7f30947e29a63

SHA1
147997f59d82e3bcf92b3c9aca14e385b3e1c70a

SHA256
be5ab5006b910a3c71ba89004f39bcf8496fa80fd3b1fcc83112244da03f31e7

SHA512
1e1a9d2f5cb5502e21911b85eaa0f70bceb2c9153351d72c82bc718c7679a5485680e05f8556de53e4d89139cb737477a2e857dd6403d2aa6ad0f253899d76c0

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

Filesize
56KB

MD5
00601e46216a72c9d63184f9fea587e4

SHA1
4f55bf3d59cc6712db5623ae1e7ed25a7e8060ea

SHA256
972fc0c5ce40ce823c7da39322c64b019a05f5f38d14c8ef00f3cfd83a525f92

SHA512
39d52bcff5f5007f9b8537a714b034e3a2cf3d748237498f7e6c513ab602a7b7238480c9d3b3afa3c9913f18d79216f395ae84b550b443d79b9244c90bb82475

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

Filesize
4KB

MD5
b545b003d4d9a96c50fc0660cebe9116

SHA1
a3e5d31a28b74e69c1e21646e1bc6f9fb4961be7

SHA256
d81f6ea703751cb0b7528808d0d5af7b8ea0491e181d1b2b82b31b4b9b616614

SHA512
256330b7dca9d74b0eb0b9b99451f6a2d0eef715c690ce87b72fe3326976e06a385d666f9f6b445bb77b7bbcf45426b3711356c3b8bce2f277590045fc27fa51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
acb7d9d1fc08579f02510f13b63086f9

SHA1
e99cf5952fb9e70fec3b20581d992f0b38082117

SHA256
1e075bc8e391657d475aba64670466e0c5c65a5fb51dc9fe246e8de6a68e2d8f

SHA512
0abad4f306586576428f6567bb000ac84d051e410bd655cc757d320213bfd72b7c2cf64eed7d1c03096588cd9785ece9947d8322c5452206a64004a51757e3fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
245c0b77e41a5d775126f57ba546acae

SHA1
710946dd042525c190a878b416bb0c2888c65067

SHA256
78e0f9a0b4f42d0fa3dbe09c6dc0496918edc5c14bca94e5b714e5bc43ac1419

SHA512
58a7ddebe3ec2705806d1e536a906e8acdfe62b162dc615011a878ec74300fd691ee6f206dc7e84b302ce2810f3d56ecdd4e9115c6b43fee1ea94f2757267b55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9233c4f0ff29e7f22f8e5720fd1a160

SHA1
fe1c32f04ce6ca8395641b1d80c607a23f0a869d

SHA256
18991760d6307a65af37ff57c5eafa9b1c6b4a2892fc0babd4675904923b0c82

SHA512
d965a2ceaf1c85416a0c317c8378b5a3efec0397c5d793fd736d523dc299a73be39ef5b64cfa49c871359b309a38cbe2342a299ce356ff293faa5d5174276cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
894912ccf4aa3346c92a46962d2f87f1

SHA1
5dfee0cda9feabddc64a4f35ad5e306dad255943

SHA256
2871162c7e9fd7915f927060c7feddc3d189b3650405cc3481316860594c6a90

SHA512
fa81718cb376c8c14d5a01a1dd4bb7e39c2c1ab16b75ea9bb2f781d2d5863356fc323aa2b6f4447e48cc31ff6c5165ef8eb602ff7f0663cfed3bf5a7ca908c65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7505af1358d7a93abc0c201ac8152a77

SHA1
4695d003e1e9941ef9569098264916622599b451

SHA256
06ca64bc9d641e237c5fddc6f014d8ffe31235e65192f2cbbcb8a7dd07a5e9ac

SHA512
d6d8124f051bf5fde445445ceafac04439b0f93b13418548aa52faa2ca2116bb1125c19d3ef4ab1cd9918bad0e551f5eafbe9ba4920a6bdc574ce9f4d7393903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8ce90a65d311d6cff6084cee282916e

SHA1
d5eb501d887777503fc311d899f26c3f1a140819

SHA256
74b5df52f959311d70a97da4f5babed08daf40b72bfdbb8649ce9e99d667dd46

SHA512
89cc0ac83ebe7676482c5a0e39dba613adf91ed08217de8ac391786379e124a3d91ad870ce6318238b6ee1548b5c6fc68cb71672a31f25d991312747ff346673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8a3b71c4665b7d2e2d5e3c35d50244f

SHA1
f7dd78de0879f18a0d098e773733328bd907102f

SHA256
13bd368402d386eb34d1f1ac64d80ad2541b84fc6cc34553b43b7b7f52196b7c

SHA512
3004802253dc64d3ab2a18aa1ed20fc57b308802bf4e73d99087e254dba795716aa53eb83f09ad7eac89066a7acbbd7e0d1e7ac1e897b6cbc43bad3624a83527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f78b2bef08c18452bc36cbdd96c3590e

SHA1
bd6b9b048b88bb5608acd293e05646ddd5775108

SHA256
a58e74f5fab400aa58c49391c7529fb9bfbeee82098b518aa29c1694fba1aba2

SHA512
823cb829f53c03db83328b9562ad77dca66a9ff7ecfad76012b93a52070bcaf241de00865df1f86950b0432534ecf5455c386806667c5d7cc1699482d0ca4304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b156adcac0423aae0eabb6f2e00eb206

SHA1
037f208c97137c838823a73088ac7efdffe8e6e7

SHA256
decd8115b17582f43337d998ae2ca5c4a0db2f620deae08af652bf67b4c1e876

SHA512
cd4c370d8f51615ac971865dc3bbc61238675293cdb03dcd605488d49a4b580897bd92db18073040b6f2da597af9b2885db899375dbfdae9e8671c8b990d3c64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78eced4ae80103fa93f804fbc022c974

SHA1
03eff04bf2991aa93fca40532315ca14852c4f69

SHA256
b3d23ab18b609350eaa632fa36f1198e6997da0379f4b3840c57e9c6e603859e

SHA512
fb14d8e8c23f802e9fb2d283f4530e95feb62540d533755b40848382020b245928d7c594ca3d9e01757a538c3d61819908db6a8662f0c97bb39a8696cdd72c68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1772cc3f9ad06d6ca0493f1b5647a1fb

SHA1
089dd941bdb323de473ce79a005ddbcc31276952

SHA256
7a0d1499ede0610dfea2d57aba1bdae1288443680742a91127f4101f66cfc6d1

SHA512
1cecb5e0565466699802fb5b7993f3fa54f24b2010b239e5f9b23737204223b8cc1b2f8a217c66677f7831b68a33ef80a1964d32c936547d01dc13ec60edb8af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f622110981cc0d3e208ed56a8514adf5

SHA1
b85805882596f0215822670ea221359fa1f190d0

SHA256
1ec61f66652800a25cf521f2375690bb4f47f8e9886497909cf964f411b0a74e

SHA512
251f859bae1bfb3cdd0b728b4d796ab6b5671894d4d03fab5a768eda33371f9f11998a2a0fda64ca0ed31e371253d49e53681b707b1ffa93bc80345a3eac28aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcf4efa6bbadd1906782c191389c2426

SHA1
1375d1f93eeb554801d7ea136e5d4f9c7e8a5178

SHA256
92ab7ba145a77b0e93bfa9238db12de8de40eb2ff2fb01679df7f40c4c6be834

SHA512
fd846b38824005a5fb2aec7ab2c456c555ab63547c06bd86496b99c70f8029a7fdcc82135ec47bd723fffd7de2211d79151a8d77e78deb321ac296ca9b210781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1579d98ccb7a6b335a03d273cf12269e

SHA1
23c9a0b6e24a8f8424fe4d58b177f36b9fb38371

SHA256
64112134c43bd22d7d59ad974e0fb1e3cf8539311b1e6ae5bd73ac7931571808

SHA512
98dd09bee80ed6fe89ec4da350b3f609160fe9af40b2fb71c2e0718e32f32aa0021ce78f79b10ab7c98a3c06ade43705c4245bda142ddaa5f996e554b0cfd322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41601afe79b0873bfaa7db3ceb0e78b2

SHA1
d090107c17b8bccadd925281567c72126fc79e14

SHA256
fc409baf6f09e1680c749ebc2308afb8fcb572f84b9138084a87c74752eb12d0

SHA512
ebceebc7fc118975c46aeeb7bbc3bcff1e686d966800bd9ca4b40dda466e46071e1e39945a54b70dd2fa00eaadb2d5abb4f479dcd741cc9f65f0a6a13499e9d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03d3eaeadaea0169bbe8e53903016bdc

SHA1
73693be1046ddd9e31d5393d23e29c38c36bde36

SHA256
1efd938077c010a7f9bf1151996989682f74be38695dffbb4bfbc9bcd77a466f

SHA512
71869e1399063fedeacd45aa61d1eebb9bdf2295b580744443081d9e7e232ec0ffe17d6a256466fa347a33010e5ac3e53afb48f0b21b20ccd5af05cf9d984d3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
142371b393e598fa9dedc2734d05d407

SHA1
d01ad76542caf13d56f11ad71fadf51a1fe1466f

SHA256
8c20ad9ff4ec453690e5b9cf1e6ea38114d231b7c38b55bd15620be2a3f28abb

SHA512
75b5d9f9eb93a48d9b54691996104a68197a04398fbd784fb9d19d1b1d8f411437b4151ee88888a2614f93c6c6719eb25d70346adcfb7c79a398effd38509934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4c94a39cdec210e64c08f0d74be59a2

SHA1
77679f4966cc40d4fe3b2f006ebb7658d7849d19

SHA256
d16148ab8f9ccfe73c2dc5a6e522e2a38256b1c44606b4eaae198c1c6c50b28c

SHA512
bbd924b63e1ac6b7cbe33d07fc6e3c64db493aea385cd6eb976e3848ef7769d503ad69209d05765e96c5335e49a22112521466c4618d5a58cada9da31745dd68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0065557e523ede1cd8377e8e541dd25f

SHA1
e5508a53290510cd8b8d3c1e5c8e96bafc57a6dd

SHA256
6ab8cded46176d6417c7077573c5b5188632bf0cd0ba6c9c1e4c6ea02b70eb5d

SHA512
27db0ebb96651ab7ce81ed8093b6fce4c2854c356cb143676980e701983d8e7707f81457999d1aa91809a6f7a2c9b9683f3bcd4e6754b4a925e4487673ea2fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec8080f733b7a0fcf546f3f687f3e4af

SHA1
673efc4309eb15be8caf70c92c0c1c8bb9aed271

SHA256
c47f97ad5f90f1d6fb44daf99b3db0a3c8ec63b67eff2ac618e8f05ca8bf261e

SHA512
46baddde43cbc9cc27804b0630f2fe06225b64222533be8326a89fc2f9f2d643d5151a21d5ddc7c8ecda7cdad5e72011ab6a87733f7075a4409f9a9b6c2fe1e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b95a91d92c3a6940b3c49e302c6e337b

SHA1
fe3799fde06548764d7846e01a9c0eeb49bc2894

SHA256
99442924cad456b115a4a7ccfbc7ff0b4b511aff432d9c621808fdcf92ac29b8

SHA512
89f9bb48a2f4a6414772e2a71be7e70c0ddbd7d2407aa064b71fb8a30ae180ebaa2f05281ccbed16c6b459e03f7b14267dbf712ecc0c3702ac936815dc1e4dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3d6a56c423df478f0c973d23cd0b444

SHA1
6d25ba0bda74d255126c0f54177ab7fd22b75a3d

SHA256
9c5af8bb4cdca7f4c36a16c6c0cad660670e4b3803679c27838babed0ae450df

SHA512
ba91d804255839f9bd27d89a2b6edf903b1e7ffb52ba08d19a34e6fed0a3cd5806e11010f7f2688f7205ac214a40d69bbb5f6f7465d7981239dcc815a1827d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
302855bbed589e09836db1cca45ed9d5

SHA1
c9c8d93ce5316c10ee65059347c39c8285f97aac

SHA256
2baff83b5fe8f0cfe53b0a7883ed5cb454368281d0ae3778d75de4c347729d70

SHA512
87c13eed7335edc1ec5eabf1d416dfca4a330fef29ccf272b484f896153454e7e6af48cc269635ecc4e9c8201e9bfe603eb591ea4d9686bd4ff72ba0c5a125c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb1ec2d0ad0df21c3b61435f7495eb5a

SHA1
636b3ee1ffabb93e488937231096c38b24873b44

SHA256
085477da929be1c0952b14894c073d1e23376343ce173118b6ec24d2e39bd67b

SHA512
1170be9c0b7b9781b835098d1afae9979f89d6292450a1913b544c1e30cf75d69e9eedfbe9d45b04afa1cd596fd1fdae54915feb8ce648c6b2ce7e1db283817e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffd3302ffb1daedc385a38c9d2d4c4d3

SHA1
80c0862349de6e777012ebf4bdd10e02822909b1

SHA256
bfd7c2107e16999fd60cb70953d92fb0f753e656504410b13d15b2b08b757ffe

SHA512
b1d2e212f374bcbe77fb6256877d481c6bc46c4da7660f95d2602092b79fd80fa91be92759b6c9d67f1d56597e2181c527050d15694d99fe9048088469538f8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f373c458bb736eda817068406a7a504

SHA1
0fef3853af233f160ec4154ba8b080e84ef6cac6

SHA256
1c08e2a3b5a018b2fd778b75eae4a286647209b3969ab4699ef51b40769d5c29

SHA512
aad6a02647e3c2a2c95c38cd49ee1ec2cfcac0a15057bf1209c758f65eed5f6d44fc0a06cad2ce8a0a75b3138df1183d3c89fa23b974266a50029fcb6a8399a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae68f5882f4e5fe0ed13256bcee6c03a

SHA1
eb9f286ac15e8f269cdf883aa3f3e4420ed3729e

SHA256
e07501074d578cfff90a671d43e067544f5ad1246766e8bfae4001ff211a2634

SHA512
5be09e9a7e9524684243d43658118b537bc9bd46402fab774b33ffd48def4b55c7b774dacf097e60d98d8488acb34633e411bb1ca957d5a0f6070555ce952ea3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fed60930e2308e4cba6069c739dee8e3

SHA1
fa76aa128d75ccbed141818160f68ab2ede54318

SHA256
935b2ca3ab98eba67a5c217e27413d1641e2e945311d3a96708cde68dcdda7a6

SHA512
2eb63b5f7d96ee95c7984913d056e0b78a74a3e7283281dd1e5e33b12f0691522ac901200c2d45c6e5ac555412ebff60c2e17c2a1986dab27ed944673bf37bb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01196ace973fb4cfcd176b293bf53d16

SHA1
ee62a6a78fe94e46ffdc7eb1651ed3a50fc0f34e

SHA256
313aedda7365a1240ec7f66303b1907d98c65b373f499bd135a52679d149f5c7

SHA512
30333fca8dcbb06d10afd737b68b362402bfdcd2a794a5c20325a552df65ab833f705c8c75274b05cad6dc662c73dfc60751a6b9d00af9806966eb66e960c740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a544ecafd9ea670a11b31a1e1f073b4e

SHA1
170f56c41d3b5174b1168dceea4207009b312869

SHA256
210ee656f97bcc6001d5793fa7b0e44e74ea90665772ef4b4e3150ac4b3726af

SHA512
d2e42fd0803a8ffaf0182f5e4599edf72fadb6b4b9da7e61803de7337d94a3bf0d89dc18eb7aebba24476bb08807304ddfeaa1f5ba69781ef12c1678f7dd32aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

Filesize
2KB

MD5
860f2e2e84863e4633bd12ac8680793e

SHA1
4c8a0763bd28a6321669c6f18891211c8fd79ae3

SHA256
ce0b94eb2cb952cac22c7a0cebe5f5c19940e68a277d494458654d2a0299ec9b

SHA512
f67406e61e2a538a45d15aa2372a1ad37f188c4099686a11f9b0a84242ab6a2be9caa5c2b92d4acfcad0e668de98bd1c00644ec14c651ae6b58ca36431da8c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\fortinet-icon[1].png

Filesize
2KB

MD5
bc1e610c1d2b16fa125031bfc162df41

SHA1
02b13632fbb9388adfddc0f351e596bac6fece45

SHA256
e762b2add404802bb1f20dd8511c2f58f1579593b96eb3c58d0b1ee2fed36be6

SHA512
a80ce8bceb779674cadb3b79ea558c822518243a88cf6339fbdf52019c00712e564199c3101ed515d7b607d83b3eafb3968223b2462efc8dd1f0c78142b3d7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\js[1].js

Filesize
202KB

MD5
2e73c10498fd6548e3e26aeef95b998b

SHA1
26b0e6872d6a1da20df0745a93345b67ee0dfd24

SHA256
35788aa5f8c9512940651490ffa45e5d22927f4c8c6dd175c93fccf04fcd8972

SHA512
a59197c4cf34f9fa808a9d93d910e7bba739f2092df8206d4ecf77fb05d1b8a4615e166ec05220bfb11fa5622cb3c33f34bb3b6b5b25f3b92dd90f5a3dde9dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39F6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A19.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\AVG_AV.png

Filesize
114KB

MD5
5ef5291810c454a35f76d976105f37cc

SHA1
8ce0cc65ae1786cef1c545d40d081eda13239fa6

SHA256
03e69e8c87732c625df2f628ac63bd145268f9dea9c5f3dd3670b1cf349a995c

SHA512
3bec461bb3cbbbdb3c05171fcc5ab7e648b2b60d7b811261662f14d35c3836148b14cda1a3f2be127c89cc732de8cf1644d2e55e049eeeb2da8e397c58cc919e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\WebAdvisor.png

Filesize
46KB

MD5
5fd73821f3f097d177009d88dfd33605

SHA1
1bacbbfe59727fa26ffa261fb8002f4b70a7e653

SHA256
a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba

SHA512
1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component0.zip

Filesize
499KB

MD5
cd9c77bc5840af008799985f397fe1c3

SHA1
9b526687a23b737cc9468570fa17378109e94071

SHA256
26d7704b540df18e2bccd224df677061ffb9f03cab5b3c191055a84bf43a9085

SHA512
de82bd3cbfb66a2ea0cc79e19407b569355ac43bf37eecf15c9ec0693df31ee480ee0be8e7e11cc3136c2df9e7ef775bf9918fe478967eee14304343042a7872

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component0_extract\saBSI.exe

Filesize
1.1MB

MD5
bb7cf61c4e671ff05649bda83b85fa3d

SHA1
db3fdeaf7132448d2a31a5899832a20973677f19

SHA256
9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534

SHA512
63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1.zip

Filesize
122KB

MD5
56b0d3e1b154ae65682c167d25ec94a6

SHA1
44439842b756c6ff14df658befccb7a294a8ea88

SHA256
434bfc9e005a7c8ee249b62f176979f1b4cde69484db1683ea07a63e6c1e93de

SHA512
6f7211546c6360d4be8c3bb38f1e5b1b4a136aa1e15ec5ae57c9670215680b27ff336c4947bd6d736115fa4dedea10aacf558b6988196f583b324b50d4eca172

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1_extract\avg_antivirus_free_setup.exe

Filesize
190KB

MD5
cf26e9522e556c733e99ab62af902fd4

SHA1
28a87a1e690f8a1b8d436d72775c444279ae1cad

SHA256
3d7226c43390708f049af7c2cab91baa0cf28ef0106d6048114d7c337aad247c

SHA512
08555bfc6272e30bd803939698f0cba8e7df81e71368a990c4549b9d50d318a82b5affcb71137e1afc977182fdb3cbdc37a77183e4b3a6d21d31822f0c93dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1_extract\avg_antivirus_free_setup.exe

Filesize
229KB

MD5
26816af65f2a3f1c61fb44c682510c97

SHA1
6ca3fe45b3ccd41b25d02179b6529faedef7884a

SHA256
2025c8c2acc5537366e84809cb112589ddc9e16630a81c301d24c887e2d25f45

SHA512
2426e54f598e3a4a6d2242ab668ce593d8947f5ddb36aded7356be99134cbc2f37323e1d36db95703a629ef712fab65f1285d9f9433b1e1af0123fd1773d0384

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\mainlogo.png

Filesize
4KB

MD5
876aef14e8c4c55edf801c5d29c39409

SHA1
f8729c763d309c1aad26f9dd9e23b2c197633f66

SHA256
aee796737569322493175e6b4d6c75eeb0dea180be23a12c318941ba265555b0

SHA512
81bbe9c680999fd110f0df915b0a4a126f06a13cf4e76510c469f208c1aedb46478244aaa12cae417dc0e86bbd10232035aea37c8b42c3941125819602026683

Download Submit
C:\Users\Admin\Downloads\fortinet-7.0.0.0029-installer.exe

Filesize
333KB

MD5
7dfa10d3f62877062553f0ba4483d720

SHA1
4ef82feba5b4394497c0d022990a3728a223d344

SHA256
1e7be29ff48028ef2007a4adca1fb5ccb12c1e145ef8ba4ff1090f27993bcefb

SHA512
97e0380bce195ce7f3b89ff8b934c13e06f6268ce0658b93daba967ddd535c6226c9d3a883a17f6e466be6a0f26fe90a7bf4e17fe572e70042952a742f881579

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\Instup.dll

Filesize
13.8MB

MD5
4dd97ab1ab0b6e871c9de4becb838b2d

SHA1
00076b42d62cf61e885ac5d4589fcd6db4c0ea28

SHA256
eb5067af7bfe3ea367a424a8e62653bf147b5d66e2ba6e52113927fe611fde7c

SHA512
5291dcfb9687f2f4f9896e820e57a9d5ec1e89a9afdec7432533bae20213e6066bec1867f0df957fc8f5413eabec1e7117af2fac3cfb7048ff70a23bdc2a64bb

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\asw132c19fc08b64fdb.tmp

Filesize
1.3MB

MD5
18292afeafa3f8cc088f00080ab10eba

SHA1
41d9d886afde2e4622388b3595a73e19fe4c7b57

SHA256
14cc364ae83295f70c7df17de2cef01098b0b76bd5244996ae63d4f74b146d57

SHA512
a595dc283bc25a1a24b98b296a4ba76511a10b2a21762d720ad1193db01400338b6220000ff2f0a624440f812b426aebde096b6bab5e1c11c2db5355866caf88

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\asw3dee3f483cc41415.tmp

Filesize
3.1MB

MD5
c545527e69a46359a4a45f58794a0fe5

SHA1
e233e5837bfe5d1429300fb33f12f5b54689781b

SHA256
8d86976b5ecd432772d4ac5965ff86bff6da04318f231b3e7ea64818de6211f9

SHA512
754c891b4f582948ba5dd776a87edba35f96453a540c20c5dd78f2d816bc83161e0d3f8a0f6052b5d0835f5a0b4eeb6d7a871aa611bd74e61ca25ea7046837e0

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\asw7d01b08e32ce6d8c.tmp

Filesize
831KB

MD5
ce4d45d0b684f591d5a83fdbd99bd306

SHA1
e89637b905c37033950afadaca2161bd5b09fb5e

SHA256
907e054fef8297e3cd31d083299ff0ac495775eaa928e3e10e7000fdf6baaed7

SHA512
af0aefc20b9c9c91f63f34fcd70c27e9e304073d51cc9ec45113ab360dd5ba4ad104b5c752e022b8b153f435527b56f6bfbb6022dd4bca98f8d1778e2bfc97d1

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\aswa9053dfb133da36d.tmp

Filesize
5.3MB

MD5
3392f3974048e9396f9a4313ff7e2430

SHA1
00e8bd5df51b4b13754c4ff4e77247b6e11be22f

SHA256
fff047191336928d866d2a5d1693376e598246b38021c7c438bee8376769e6c4

SHA512
39ea8a500e5ba2dea8750b0fca9ede91543ee9c0043915d5295b522177cf4810711c56a49be8ad54f2c417196faf802cd42e7d54aca6b93a4fe54cc43fda23ed

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\aswf6f7d337ff23be15.tmp

Filesize
15KB

MD5
e38cc92cd980a55d811316ac62883e14

SHA1
fa83737abe11ee825c3da6843cc4d8e3b459729a

SHA256
be4d8a5dc335ca8446c0dbba4ee4ef07553a5c242bed560f11aaef4793855e87

SHA512
1422c8f94556ff0409a3cd1ff581f6c4ea56b01be36ba5b2c0e72465f4dad38391eb85bae28b079aa2f1204615d32a17b7e73e92ffcc9964f39c79626b7afe16

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\instup.exe

Filesize
128KB

MD5
c2f8bfef20d1df2e464dc26b6d9309f3

SHA1
90bb6f5edd98aaef286787baf20dacc0b5ec6006

SHA256
33541e3c1d31dce207db3f4f5c2c8ea2ba086d33ae622821c3a2848ad965d5c8

SHA512
48549ca76c2072efcd98478ced536f24642dbe1b561d51784aa51700b29a6466c7070a1be9611c2f70198120641032e52455e2d44c6e0606f1a5c2ca16633caa

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\asw7d975b8e334d93e6.ini

Filesize
605B

MD5
f6bcba09fcac0f763332af5c3859f272

SHA1
9a7850aa7fbb9afef931337800ad04af37716356

SHA256
09aa0c2fb5e3cc04c6188575f2bd6baecc3103f331bd7a5e754432e345776251

SHA512
71ec9c7134cc2df13ee092db8e20f5dfe88f105f2dd023ef8985ea519f1c7c88f55c48ad6b94993d32db34f2412733405a4da5ebb2b0a3cf330c2f8cd23b0ac0

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\asw7d975b8e334d93e6.ini

Filesize
508B

MD5
610bd3caa03c4832f48bba809a609ba0

SHA1
504643d392abe714cf847d2035db8b55645f894d

SHA256
50350d91058198f1dba05c5355683b8e104d13177a994eede294a44cd9f23fae

SHA512
29536d9a583f0ab992e64a9c2e762c6fa19e19f9a1471eec4c59b0ab5f4e647aecfca3e72586de388e965c8b4554f305baef5817eac54011639b562faeeef325

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\asw7d975b8e334d93e6.tmp

Filesize
18KB

MD5
f5f2ce31f228b7c83c4e790b14fb3f18

SHA1
0784689eeccd26926711c0e2522a69688bbab6da

SHA256
9097d7d712682e3fef5a4886e41a5c011c550f200b25c0a79be5cad6588634fd

SHA512
2d8e609e78b5c28cc0aed307d19572b857a62691ab50117b411bc2105b3d632d91495cadaea8abe162b48dcee6ed3f8f12a2cff2e6fe71794fcd0e89c673301d

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\aswebadc5eb7d1c4d9a.ini

Filesize
977B

MD5
4afdb1a81f9fc675441dea9fce57244a

SHA1
4c1d369c885c7cb1bf7fd9132e2d70a3c4aea7fd

SHA256
121a7bc5d906e9e772ccf70f7a0d5a30e346320c086b0b1a55a59e82d4cb750a

SHA512
42de85aa4baa2d59b75859d02f19531a2a0764a78dac00c5e923b064938a173665db901f91dafe1bccf03c55f4f56b57596d8322e0a292b1be759e6541aff819

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\aswebadc5eb7d1c4d9a.ini

Filesize
1KB

MD5
90999156e9b06c54be44076826ed7d41

SHA1
0337ea002330176efc510bbdda74b4bf6db24ffa

SHA256
878e9f4cc4d4d073d2872707acf0e352f5a6cef320f26b93c7bec2ff74770912

SHA512
2dc3eed9339025496fd15d82deb7b4419fb7073d529cb11c6d7a11e4f733d5cf4197801ca1bd80a367c7a681e7608a810788a1fa7bd93ffc0419e57038d56743

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\avdump_x64_ais-c62.vpx

Filesize
907KB

MD5
43dc9e69f1e9db4059cf49a5e825cfda

SHA1
519298f8a681b41d2d70db2670cc7543f1ee6da4

SHA256
98efeee831a7984d94cf13800aeb1de68e79bea0bb5d95ff7adcbb43b648ed4d

SHA512
d0c07cb1e251f2135fdb21893e6ca70efc019a8b759274c87266fb5a2c48ebc0126aecee0020bd48cfd65ef2f794b81b1e417000c91db18e2ac128c86eac4079

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\config.def

Filesize
18KB

MD5
a08dfe1f2d22903d9618828773900f12

SHA1
a8e140856048381926fdb0842fb060d559869412

SHA256
22297885577d4301037d99718319e570218e9ea082db9f0a6974972ff0f4396c

SHA512
7d7890c41197cd54222719418d27e6c1f75f4eaea70bd383814aa4924fd625bd7beecb00d5fdd7e25e4ec7dd438c355771dbe41266c6729c57cb79aea16405d3

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\config.def

Filesize
22KB

MD5
beaf90b4af239b8e9f34618b68a47881

SHA1
4b182ac11c8302f4180c5331603b994293c174d3

SHA256
665de03307f008ec24fc2f29cdfff2a2ab66fee8fb0838aef5964300fc47062c

SHA512
95ab7b7fab697e91012f0f54d81edfa76905f11ba8201014ef73b15e5fdd1ac7c53e0a14a9e7c292356b4eaae3d6e1974965aaea58131ab1df7925fae5df782d

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\part-jrog2-f4.vpx

Filesize
211B

MD5
ba81a80188a257b55f8a7726bf977980

SHA1
fb589d277f9e69e676299925a4e176e321083b52

SHA256
83f4b36ea3cf9661a350a87c32ec21b15e37a7971a97ea8eb1901636893afa80

SHA512
e1365a78a656cfcb587273422cec8707111c42e1cc1f0bfd8c7833740081a6b6e6f00379cafc895c69cb447b25ba5c17be43438614189f179474619948947b5c

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\part-prg_ais-15020c62.vpx

Filesize
175KB

MD5
29b9bfd25fabf42939e3a6877f9b3ece

SHA1
c30d865bc2d680311c68eb0bed0e356845f700f9

SHA256
ed586b6ceb3e9dcc7dd21dd7dc7addd89e71a2b90039fe15b751b367e402d475

SHA512
a22827a2f9bc3de3c6c0ed5a4e36c383b5f8d4989fc543aa1a4852034c84055925df7456c1f9466ff3923de81f9d58a6f12d8f24e782bb2e805b908ef814a90e

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\part-setup_ais-15020c62.vpx

Filesize
5KB

MD5
d5b798d8816b252e7d718195dfeb8a8c

SHA1
860c5807fd491aeeb12d661d8cf2ecca4ca1639b

SHA256
75176962c8691f84eb299a555d4c82796b53a12161f1e6616ec50cf97393b499

SHA512
16cd2e8f57c05ba2bae79de39867cc35178a6d99cd035d7d20efd8788076360a408affa9b6caf3ea09daf5c32834b995e47b1ab4ec29fcc1fdfddcf0ba96cce5

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\part-vps_windows-24021999.vpx

Filesize
7KB

MD5
b9c0950b8d893524c20dffc868612304

SHA1
d84d6fd42402de8d2209a5f636a57d6d5f7f4f60

SHA256
47182cd518093c282b78b47dac14983004ca9cbf5827c6c23a3dadda53e429f5

SHA512
4aa6c266d73a4d3c0a20c3b7fd0e166c0384dba0e2f84fa7054a754c2c84976d091cf6b3f1afb61115c45df01575182064530a3d1a0eee28ace5aeb7e2e5963d

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\prod-pgm.vpx

Filesize
572B

MD5
5f8c40b957706746fbb38dd572264a3f

SHA1
48b6eb07bae59e15c31adb5d17d1f564276ef730

SHA256
2e734f4b0c8d1bc4a7d9eee93a90bdb3f1b0ec7694a0ef651bae84931fefde5b

SHA512
76b21ecc8c01b0eeb1ba63161d8b39b107fd0939bb5676f61394fa19bb1d69e0904317c0d87ab158a2a0bcbe9e00aeaf9d605e992c6e3c6a55788d69bb48ce06

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\prod-vps.vpx

Filesize
343B

MD5
fc61679cfd35f80cd1e54665c9e9f5e9

SHA1
2884385bf3a0a140b75f8a82ca7742342c98f648

SHA256
af287f7298dfc622c30bc99872938bb791b021316039e9f3c4b660f46904448d

SHA512
cc86fa2c0da593ffbd5906389e49e2f5ce4a3f26b251be3ea73624cc851114af66b3149d71a3c0c3a79b5b027dcbae72fc7b234b1d7d0fbc639ae927ff031747

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\prod-vps.vpx

Filesize
340B

MD5
a753c794096da54c379c6d6cbd03862f

SHA1
cb62d0514d58879999273a85355e9f76903f112a

SHA256
f406a89c533eba1eee36b7ec2f16f977e357aad150e2380fcd27e0caec26c243

SHA512
04391494644c6125f905aebbd7f564e00ced62d3416c50f53fafc406e2f63b878883cda2a2d41e36c04637602ac655ef0d869c589550d321009df3e01a57b465

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\servers.def

Filesize
27KB

MD5
7d8263312165f04f2b32382f004282d7

SHA1
3b90d2aa3fce90f19c2029aceb47abf39de1f395

SHA256
4dfba94624a02fb1e5e3dcaaab40dd010de7bfe7ffbedec7ccd01e8303be0d1b

SHA512
fd64d3a5ae5024143472c507060fad9b6ee9d44b648097077d354f6a616e00e4c9c0f7eddd9c28a5385b3658686b5d05ca955bbe9a4c063e319c81f8aabdb778

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\servers.def.vpx

Filesize
1KB

MD5
3aa869f4c645e3fcaed484cc44289f40

SHA1
70992eeb6559d83353c41f130a1952b6697dd4b8

SHA256
793fc06cb7e0a01547484c36a93b0c829e4d5d04e3f089e2dc09d6332d44f9ec

SHA512
f67ebd1f08f2bdaf2299aa9fe634568f62237d206de8f9543456a5fe8063d0ea77b940bf3c66d14b04ff0c6814ace97458571c5d756dfab0add7faff296c4047

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\setup.def

Filesize
37KB

MD5
3fc9d055795a4c01893e5661f300c513

SHA1
29c64165afecea436a2dcb57dd5b54163a002df4

SHA256
425eb69377f5ab3508bca26402d48377ab0362840ef0c77852236f45efc597e0

SHA512
e1622c0390a66dba328f5c699b10b32c66aec8a20474a6b5d49c2e0faf3a9997620db0f2162d6763976d70159e53363e9217d372cb19f982241f66ec8761c902

Download Submit
C:\Windows\Temp\asw.0eca6dc6d456e2ed\uat64.vpx

Filesize
16KB

MD5
b10e591a45499acd1e5333365af33864

SHA1
1e46d676ac3c71a28bf3dacd649d0b89c692d16c

SHA256
0c8c965b08d60ebf3f0718ff48649dc73a83eaeed47c6417be111987f2a5e696

SHA512
78a44c5c322378a37f8dd22a534ca2be1b6c117c0b5f09bb96cf05803d784ad1bb270da045f9feb6ec05420a3623b9f942fc92f7f64599c43810af07d4267875

Download Submit
C:\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
3.6MB

MD5
b0b723d4b649b80777008875aa554aba

SHA1
fd2cae3b02c0f4c8ede15ee22193235971a74958

SHA256
ced249d24d6e4aa14be4e7283c09a2501f443ac09b846936e48476ccb1b1f958

SHA512
5825d6372cea58b99c863531958e14dd35d363767182eeb16fb671750a7734256af6def9891e5c40818279373983452c8cb62f49155af0315b1defc95a4243e3

Download Submit
C:\Windows\Temp\asw.900e7ce9f8ba0b23\ecoo.edat

Filesize
21B

MD5
3f44a3c655ac2a5c3ab32849ecb95672

SHA1
93211445dcf90bb3200abe3902c2a10fe2baa8e4

SHA256
51516a61a1e25124173def4ef68a6b8babedc28ca143f9eee3e729ebdc1ef31f

SHA512
d3f95262cf3e910dd707dfeef8d2e9db44db76b2a13092d238d0145c822d87a529ca58ccbb24995dfcf6dad1ffc8ced6d50948bb550760cd03049598c6943bc0

Download Submit
\Users\Admin\AppData\Local\Temp\is-8DH3O.tmp\component1_extract\avg_antivirus_free_setup.exe

Filesize
128KB

MD5
f943821a8380ca33bd8adb12b25b5a80

SHA1
88fe4d432c1b19c4701eb42b98860ea86e303193

SHA256
e24273891c75ea0f5fc8f8ba395adc57f3dea678441d0edd447a431483e87194

SHA512
02e2892914a61743447f74ae7793e1cb35ddb6e1b3847903a4b62ceac35521e8b671c36b665da7d849e00e99fdc6af75c794431134af86256096e8b49381f024

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
3.1MB

MD5
c8c4d20b0a603fd1e0a2ea304fa05721

SHA1
608cd0a7e122682c6f0a0622accc2a6cc23b6c4d

SHA256
c1e0bf25484a1dacced5e782f6fa50c4994fbfd026f3a901ae93601eeaca921c

SHA512
e0f6226d280c221da8b5902629b9e29ec09dd1c311eba28ad739b3eee44f57608a3d276ca5740a7687106ea905ee12d40fd0983be8bc20daa8ff45d0834d766d

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
1024KB

MD5
80fc207d17d6ea401fe1c8e3bd5d3064

SHA1
86bee6d4e84766a249b2e46aa05e1bec034b2063

SHA256
4bc2d03d61279986568e07dcf6d6af60352730b85a2f151adf9dee4f408f4b7f

SHA512
3e3920be18dfa517ca6f63338702e496ef04a63733c505a093570aaea203faf08077c5def62ba377722c6fd36dae33b0f21589365e72ee7f9c3c0399f4a589e0

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
896KB

MD5
bb562fe50e63b365ab047942f012c83e

SHA1
d367555c306819a4dd0397efdc2cfdc7e3ce65c5

SHA256
73eeec046337287ef6fbd396806a4bc9507c503a2ca1ac6f61e8244728923810

SHA512
ff9763af428889f092677ce02d2194b8cd26f7a3b8ad9fc2d8c789f396a7a1299f2acc804b036439202d793634abfda82f6a820452a4efc7f3b14343ffeb0ffa

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
832KB

MD5
9b60f5aa1cb2b4ea5c8331ff802b9ca6

SHA1
3e2d08c8dfb0009578a47b17cd910cdc97b446de

SHA256
9b0a69aebf79f5a70ef9034151382fe321ab6853e6906004b89c413abf281152

SHA512
06a83458f8d7312cebe6c226502a0c384d7321319609f7370f467086f408d767439db3f6ae7cb54b50da489a47e4868e1912be46e5ad760e46a7507fedfe668e

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGU8D.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
746KB

MD5
05535ada24928118b11de1dec6d61fce

SHA1
0937a456c7213835997a3f66587a1012b7036509

SHA256
057a0807605a1b972e77d45feda503f447dfcb544e65849798fda81d6ced414d

SHA512
35c71dbb16233e56a3c7d02d211f80c7c854b068cb3a2999e81843751c8c0c7ee91ad20a472c2c6e531b1d3944cebfed770cfd5efbae7248c8b4813675140d68

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\Instup.dll

Filesize
1.1MB

MD5
f02f0700b9bd1dfb6f9f3f1069ebd747

SHA1
3f67dfeddec033efcfbf9ad88b819cfaeeee8c62

SHA256
4831c79e356d39d0fe26110f1d504c7eb6d2d7571680b0f1a476f417fd16629d

SHA512
aa5f07ae8e6112e4a2a66a9738ea99403097543fc507f32d06581046397f57ca5cd6f9adfadfe8814cc71e7183d5d65c3d959e0d902a28935a88f9771c094fa6

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\Instup.dll

Filesize
14.2MB

MD5
2e88e451e048aa4f356e962bfafcb05d

SHA1
fd2351162cf0e7a2616630df03327fbfbd0d966b

SHA256
d8f9e1eb85cb96bc7265e6641d72453e4360bc698c64956297947de12790f3b9

SHA512
e81c6441d69b3ce60aa780bac1f0979d86256b9e5df226c14b2e489bc118d3f6c32f49d407938ff8ef6a89a3a75fd7f218e87977bfd19c567fb35cf899227353

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\Instup.exe

Filesize
3.7MB

MD5
2a62083cac17766e96820e689588901d

SHA1
ccf083c24281f84a7348d85192692a926468ebd9

SHA256
360d5829176bf0f7958684a45d32f29fd68dd13086337514681c1f400147779b

SHA512
ca52e9eff91e9d7022d8482e948aa5f272787ab460eb323be878265a70b1ae2af9ba9d5c1ab4dff4d6b06aa62ee39a13bdbd7a5c0926186fc5071174b14feaa5

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\asw132c19fc08b64fdb.tmp

Filesize
4.5MB

MD5
bbb61ad0f20d3fe17a5227c13f09e82d

SHA1
01700413fc5470aa0ba29aa1a962d7a719a92a82

SHA256
39154701a5a844eacf6aa1ccc70297c66bda6e27450fd1043778cead49da859e

SHA512
c614246263664268970562908c63e933ddda0a7f1c2f06b63eab9a06a2d8253356636cac948f709c37e66929d5d8b57663bf5f0d34fcf591ac7461c2af5b63e4

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\asw6f351ceb96f60035.tmp

Filesize
3.8MB

MD5
0b830444a6ef848fb85bfbb173bb6076

SHA1
27964cc1673ddb68ca3da8018f0e13e9a141605e

SHA256
63f361195a989491b2c10499d626ab3306edc36fbcb21a9cd832c4c4c059bb8f

SHA512
31655204bfb16d1902bb70a603a47f6bf111c0f36962fea01e15193d72cc1fffcead1f1a7884d2929ceb77ac47c640ca8039a93b4648747496d462ffe6a05e65

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\aswa9053dfb133da36d.tmp

Filesize
7.8MB

MD5
e3859f4176982824a56421d9908ef0ef

SHA1
5190c827e46de6544320faa3196ba13551df057f

SHA256
fd14f30dee53d9bf6d7d47b89a66f684b94ac1f348facaff028d5296c9705023

SHA512
d66bad473dd4e15d1894f5183a09cb193329137b046d51fd2a9d4c510b0d12cb0be9e1b97aebcac305fd3bbde525be6ac0f418677576ef8d870aafb980748685

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\New_15020c62\aswa9053dfb133da36d.tmp

Filesize
6.4MB

MD5
9bc5e71a10df2ec14c0e190a150e8296

SHA1
1a82c6e8b71a4f0f5bae4b709f8d613bb955732a

SHA256
e63cbadda4e424b10f12a420d5104188dab2024d0ec1c0c3408b52952a439b1b

SHA512
5dc94f65c6e5e54ab85e69d3cee5c12cd26ab8f6ec3a5847503035d2571a872e2a77d5c25642a704ef38973c5f66bc49b8a7ce567a4664f5e188591c611db22a

Download Submit
\Windows\Temp\asw.0eca6dc6d456e2ed\uat64.dll

Filesize
29KB

MD5
ceb30780eecdd503e62dd89989e1aa38

SHA1
f1d71ed902f09dcb59445bdd7e3ac8b27513339f

SHA256
cff61251635939df4021c752792184a688c32b47b391328e138c5f0d400a8c42

SHA512
2aedeb8b55df3e4f10cec4b996b25f1a493bc486095a4baefe4516124f423d561eaae2a8ed183fe5d882f4db4d0ab8352f5a2080441e3652b82894915ba5a90f

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
3.5MB

MD5
24eb9816d5bb16c79e56f193967c31a8

SHA1
3607fd9253e0fd82a458e2b3947b90bbd79c565b

SHA256
7573502cef37600786210299d529ab23fdf8abebb0dc0487bb381ab4a0c6bafd

SHA512
728393cfb1b6d19f17fc44dcac14178c8cc3ef73f98607eed819ec724586a4b6c04951b070f7bc8a5dbc9f25590c2e0306879e991494b0c1f410909386dd285a

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
3.9MB

MD5
733f8d7a8236c49f1b453cd8d60a3994

SHA1
814f192127a7a8b2992a7398bbcd5d1934bb0527

SHA256
6cdb2495d43e0f42030a696a7587ca760f3fd147f477eaaec03c26217d96d83b

SHA512
f74dcc8542b9fa4c5326dbaf1ce6562d6acd2b866d2d26ee7a5f9cfbe5d9dfdacc86b9f167c6cbe9e7e8ec454d37024ec702c7f36ec014c5186af9578823d638

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
5.5MB

MD5
a5b66cc00bc9747d25aaf711c2011e9e

SHA1
6ce940d3d52a2fd019228778cfba63ea1d9ffa6f

SHA256
bc02dc407dc2a207568d291c686725b299ee50061285ebf20263f4352ea5324f

SHA512
80e7368cd8d4d60453c159a9f69073a1f78281b1621bd0e83b33ac2c12f407bf9c11fe73b88a20add8f51a9051fa6909e7276628e1790e744e4a176dc7e8fc47

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
5.1MB

MD5
b6a32d52d02f8097fa7b8eac5f6a7b43

SHA1
1252fec39f704a825abf27ea74c85e5bbf87b0e0

SHA256
3c8d9bb43cfc784417d645da3fbeaaf8f7b78df84b14dc4bb5a198602574b514

SHA512
c6bf381082678b9fa7c57e447ff59480092e595e557dda0c2cebcb9fe48abb796b7eef9fc5b825a6f2716bf2751069e14be69aae3e78ee359ec38b55d1999754

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
5.4MB

MD5
8c5d5c894f04217f4c10acf6ca4fe269

SHA1
ee3ee0dd79add34432ebb9b5a86d21760eb87026

SHA256
993ea5ff9a502c74d1c029751edd9ad0c9b6c265396b017412a1e4a3751e9516

SHA512
84cefa14ef3c0383606140dd9dfefa9ea9d4e9b57aa1183fc812b1e24af1adbfeaa50e57454f58ea626123df062970266e0effb50659b17da58f79e4aa93b5cf

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
4.3MB

MD5
686f8d7bf84bc027206f03a0944a7fe3

SHA1
7e3c985b4e3367da11b88dd001be38c1dc8460c0

SHA256
8b3aff5437928046da29fd7b59a77ac07a098363c99270e0f60bbdde26c88f28

SHA512
32698ba1d0c78a0e71faaeb7e94e004f20e7bf7b4181140b4cf7e2f4225e4f7d57ac8ec9b7e5c9f5e4d66a4450706b4df483a21c21a47a905f0d562ee23b8246

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
3.9MB

MD5
6bc30705047fcc23e982a2a2c21ae9c7

SHA1
d388391cfc619832a0264ae2a11b2a2bcbf9b882

SHA256
0529d9466a105c88d086a1aee00d555e891705427e16f88a74cf7d18b626fa03

SHA512
86ccb7785e3d11dac6c46da4995dc173b23cc57cdd5d2069c346f7ce9b5dff93247593e599359dd8b61161d362222fc914991616c4a97e24be91be4295796cb8

Download Submit
\Windows\Temp\asw.900e7ce9f8ba0b23\avg_antivirus_free_setup_x64.exe

Filesize
3.4MB

MD5
a326b7fcb268bb9f7da3a68cabeaa72d

SHA1
7c76accc0cfd7c92ada2365a3fbdde90a6bcecec

SHA256
e79a4051ff37c1d3a5a29335d7e3ac2584d9c5b34b82130f3930ff3fde2a3158

SHA512
abec7f0f8c211bc9a2b269838da657f03a395544f97967eebc155919a9b4102356d3250f47478be7fee49e8fcb4c1a66bdb6385384a73596a9a319d7c8c75262

Download Submit
memory/2208-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2208-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2208-1000-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2216-131-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-492-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2216-139-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-143-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-144-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-182-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2216-134-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2216-138-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-312-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-132-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-256-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2216-496-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-997-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2216-990-0x0000000003750000-0x0000000003890000-memory.dmp

Filesize
1.2MB

Download
memory/2216-183-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download