Malware Analysis Report

2025-08-05 14:15

Sample ID 240306-c6ntnahb5z
Target http://Memuplay.com/download.html
Tags
cobaltstrike zgrat backdoor bootkit discovery evasion persistence rat spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://Memuplay.com/download.html was found to be: Known bad.

Malicious Activity Summary

cobaltstrike zgrat backdoor bootkit discovery evasion persistence rat spyware stealer trojan upx

Suspicious use of NtCreateProcessExOtherParentProcess

Cobalt Strike reflective loader

Detect ZGRat V1

Cobaltstrike

ZGRat

Downloads MZ/PE file

Drops file in Drivers directory

Uses Session Manager for persistence

Creates new service(s)

Sets service image path in registry

Stops running service(s)

Registers COM server for autorun

Windows security modification

Checks computer location settings

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Checks for any installed AV software in registry

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

AutoIT Executable

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Launches sc.exe

Program crash

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

NTFS ADS

Runs ping.exe

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Gathers network information

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 02:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 02:41

Reported

2024-03-06 03:27

Platform

win11-20240221-en

Max time kernel

1299s

Max time network

2669s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Memuplay.com/download.html

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 8324 created 8620 N/A C:\Program Files\AVG\Antivirus\avDump.exe C:\Program Files\AVG\Antivirus\wsc_proxy.exe

ZGRat

rat zgrat

Creates new service(s)

persistence

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\asw16d54f234d91becf.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\aswe504169e74b52513.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\aswa482c37b0190d987.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw1ecdb8c5c47f2571.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw0fc1d6ff56aa905a.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw389fa576bc9f6665.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw53a6556d7126d492.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\aswfb21629252d76c94.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\aswa4c4f926bfd00599.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\DRIVERS\SETF25D.tmp C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\asw8588d6155478a65f.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw0fc1d6ff56aa905a.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\aswcbc7b8cddc61009a.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\avgElam.sys C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw8588d6155478a65f.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw16d54f234d91becf.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\aswe284cc1ce89df185.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\drivers\aswe504169e74b52513.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\aswe284cc1ce89df185.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\avgSP.sys C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\aswcbc7b8cddc61009a.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw1ecdb8c5c47f2571.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw9d7b4a6796fe589c.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw5e3992b2aad88be1.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw5e3992b2aad88be1.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw53a6556d7126d492.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw4bb4f7babe7ef570.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\DRIVERS\SET33E3.tmp C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\drivers\aswa4c4f926bfd00599.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\asw4648273daa6cab1b.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETF25D.tmp C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\drivers\asw389fa576bc9f6665.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File created C:\Windows\system32\drivers\asw4bb4f7babe7ef570.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\Drivers\avg3AE0.tmp C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
File opened for modification C:\Windows\system32\drivers\aswa482c37b0190d987.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw9d7b4a6796fe589c.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\drivers\asw4648273daa6cab1b.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET33E3.tmp C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgArDisk\ImagePath = "system32\\drivers\\avgArDisk.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgSnx\ImagePath = "system32\\drivers\\avgSnx.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgKbd\ImagePath = "system32\\drivers\\avgKbd.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgVmm\ImagePath = "system32\\drivers\\avgVmm.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgRvrt\ImagePath = "system32\\drivers\\avgRvrt.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgVmm\ImagePath = "system32\\drivers\\avgVmm.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbIDSAgent\ImagePath = "\"C:\\Program Files\\AVG\\Antivirus\\aswidsagent.exe\"" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgSnx\ImagePath = "system32\\drivers\\avgSnx.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgRvrt\ImagePath = "system32\\drivers\\avgRvrt.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbidsh\ImagePath = "system32\\drivers\\avgbidsh.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgMonFlt\ImagePath = "system32\\drivers\\avgMonFlt.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgArPot\ImagePath = "system32\\drivers\\avgArPot.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgElam\ImagePath = "system32\\drivers\\avgElam.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgRdr\ImagePath = "system32\\drivers\\avgRdr2.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgStm\ImagePath = "system32\\drivers\\avgStm.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgNetHub\ImagePath = "system32\\drivers\\avgNetHub.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgRdr\ImagePath = "system32\\drivers\\avgRdr2.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgSP\ImagePath = "system32\\drivers\\avgSP.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbidsh\ImagePath = "system32\\drivers\\avgbidsh.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgKbd\ImagePath = "system32\\drivers\\avgKbd.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgNetHub\ImagePath = "system32\\drivers\\avgNetHub.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgSP\ImagePath = "system32\\drivers\\avgSP.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgArDisk\ImagePath = "system32\\drivers\\avgArDisk.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbuniv\ImagePath = "system32\\drivers\\avgbuniv.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AVG Antivirus\ImagePath = "\"C:\\Program Files\\AVG\\Antivirus\\AVGSvc.exe\" /runassvc" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgMonFlt\ImagePath = "system32\\drivers\\avgMonFlt.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgArPot\ImagePath = "system32\\drivers\\avgArPot.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgElam\ImagePath = "system32\\drivers\\avgElam.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbidsdriver\ImagePath = "system32\\drivers\\avgbidsdriver.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbuniv\ImagePath = "system32\\drivers\\avgbuniv.sys" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgbidsdriver\ImagePath = "system32\\drivers\\avgbidsdriver.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avgStm\ImagePath = "system32\\drivers\\avgStm.sys" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A

Stops running service(s)

evasion

Uses Session Manager for persistence

persistence
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000 C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000 C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Antivirus\AVGUI.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MemuService.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuRepair.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuc.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\avg_antivirus_free_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
N/A N/A C:\Windows\Temp\asw.b4116e42a348255e\avg_antivirus_free_online_setup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\Assistant_107.0.5045.36_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe N/A
N/A N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
N/A N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FB904E4E-D2C7-4C8D-8492-B620BB9896B1}\InprocServer32\ = "C:\\Program Files\\AVG\\Antivirus\\aswAMSI.dll" C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}\InProcServer32 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32\ = "\"C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuSVC.exe\"" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}\InProcServer32 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32 C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0bb3b78c-1807-4249-5ba5-ea42d66af0ba}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuProxyStub.dll" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C5422B3-D1E2-449E-A736-809C934C2F80}\InprocServer32\ThreadingModel = "Both" C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32 C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32\ = "\"C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuSVC.exe\"" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuC.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32\ThreadingModel = "Free" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32\ = "C:\\Program Files\\AVG\\Antivirus\\asOutExt.dll" C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0bb3b78c-1807-4249-5ba5-ea42d66af0ba}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuC.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}\InProcServer32\ReleaseName = "C:\\Program Files\\AVG\\Antivirus\\ashShell.dll" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0bb3b78c-1807-4249-5ba5-ea42d66af0ba}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuC.dll" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuC.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0bb3b78c-1807-4249-5ba5-ea42d66af0ba}\InprocServer32\ThreadingModel = "Both" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32\ThreadingModel = "Free" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuC.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b1a7a4f2-47b9-4a1e-82b2-07ccd5323c3a}\LocalServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3c02f46d-c9d2-4f11-a384-53f0cf91721a}\InprocServer32\ThreadingModel = "Free" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InProcServer32\ = "C:\\Program Files\\Microvirt\\MEmuHyperv\\MEmuProxyStub.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}\InprocServer32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{4FC75CA5-1654-5411-7CFB-1893D506BCF4} C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER\PROVIDER\AV\{4FC75CA5-1654-5411-7CFB-1893D506BCF4} C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGUI.exe = "\"C:\\Program Files\\AVG\\Antivirus\\AvLaunch.exe\" /gui" C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGUI.exe = "\"C:\\Program Files\\AVG\\Antivirus\\AvLaunch.exe\" /gui" C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast\properties C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\wsc_proxy.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Antivirus\SetupInf.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Common Files\AVG\Overseer\overseer.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Product_files\avg_antivirus_free_setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.b4116e42a348255e\avg_antivirus_free_online_setup.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Antivirus\AVGUI.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsScanner_v3.9.1.exe.log C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\DFx25AD.tmp\MEmuDrv.cat C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.inf C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.inf C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\config\systemprofile\.MemuHyperv\MEmuSVC.log C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.inf C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.cat C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.cat C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\.MemuHyperv C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
File created C:\Windows\system32\config\systemprofile\.MemuHyperv\MEmuSVC.log C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
File created C:\Windows\system32\icarus_rvrt.exe C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\aswcecefd98cf7db9b5.tmp C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File created C:\Windows\system32\aswcecefd98cf7db9b5.tmp C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.inf C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\DFx25AD.tmp\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File created C:\Windows\system32\asw4fec90733439637c.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\DRVSTORE\MEmuDrv_4C26FE707B8538A984DDA52017FA77FDC0515737\MEmuDrv.sys C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\icarus_rvrt.exe C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\asw4fec90733439637c.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\rsScanner_v3.9.1[1].exe C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
File opened for modification C:\Windows\system32\avgBoot.exe C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\DFx25AD.tmp\MEmuDrv.inf C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62 C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.901b3990.lzma C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmu\translations\qt_fa.qm C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\Microvirt\MEmuHyperv\NetLwfUninstall.exe C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Protection.Ransomware.dll C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmuHyperv\MEmuHyper.exe C:\Program Files\Microvirt\tempDir\7za.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmuHyperv\MEmuHPV.dll C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.Of4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File opened for modification C:\Program Files\Microvirt\tempDir\Setup.exe.setting.yy4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.html C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.zA4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmuHyperv\libwinpthread-1.dll C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\Microvirt\tempDir\Setup.exe.setting.ub2924 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.901b3990.lzma C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.901b3990.lzma C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.uD4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\defaultbrowser.luc C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\AVG\AvVps\db_swf.sig C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\AVG\AvVps\db_sl.nmp.ipending.3c0ce725 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\AVG\Antivirus\defs\24030504\asw5b46d153337290e5.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\locales\zh-CN.pak C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\AVG\AvVps\db_sl.sig.ipending.3c0ce725.lzma C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.Rh2924 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\Microvirt\MEmu\lang\MEmu_tl.qm C:\Program Files\Microvirt\tempDir\7za.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\locales\ta.pak C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\Microvirt\tempDir\Setup.exe.setting.BP4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\te.pak C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
File opened for modification C:\Program Files\Microvirt\tempDir\Setup.exe.setting.tr2924 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\aviary_client.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\Microvirt\MEmuHyperv\NetFltInstall.exe C:\Program Files\Microvirt\tempDir\7za.exe N/A
File opened for modification C:\Program Files\Microvirt\tempDir\Setup.exe.setting.sr2924 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\AVG\AvVps\db_o7c.dat.ipending.3c0ce725 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\AVG\Antivirus\defs\24030504\aswde12e41a4699dc33.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.xv4532 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmu\lang\MEmu_zh.qm C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\Microvirt\tempDir\Setup.exe.setting.RS2924 C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmu\mediaservice C:\Program Files\Microvirt\tempDir\7za.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus_ui.exe C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File created C:\Program Files\McAfee\Temp2008047649\browserhost.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\installdate.luc C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File opened for modification C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll C:\Program Files\Microvirt\tempDir\7za.exe N/A
File created C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.901b3990 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js C:\Program Files\McAfee\Temp2008047649\installer.exe N/A
File created C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.901b3990.lzma C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ELAMBKUP\asw59e9317cab299239.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
File opened for modification C:\Windows\TEMP C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe N/A
File opened for modification C:\Windows\TEMP C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification C:\Windows\TEMP C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification C:\Windows\ELAMBKUP\aswbfda0900475f0c54.tmp C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File created C:\Windows\ELAMBKUP\aswbfda0900475f0c54.tmp C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification C:\Windows\ELAMBKUP\avgElam.sys C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
File opened for modification C:\Windows\ELAMBKUP\asw59e9317cab299239.tmp C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files\AVG\Antivirus\AVGUI.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\wsc_proxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Microvirt\tempDir\Setup.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\wsc_proxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\AVG\Antivirus\afwServ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\AVG\Antivirus\SetupInf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\AVG\Antivirus\AvEmUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Validation\{3C5422B3-D1E2-449E-A736-809C934C2F80} C:\Program Files\AVG\Antivirus\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{3C5422B3-D1E2-449E-A736-809C934C2F80} C:\Program Files\AVG\Antivirus\x86\RegSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Validation C:\Program Files\AVG\Antivirus\RegSvr.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script Host C:\Windows\SysWOW64\cscript.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\SysWOW64\cscript.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{f4d803b4-9b2d-4377-bfe6-9702e881516a} C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8A}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4376693C-CF37-453B-9289-3B0F521CAF2A}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D984A7E-B855-40B8-AB0C-44D3515B452A} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8ADB7B0-057D-4391-B928-F14B06B710CA}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9B9E1CF-CB63-47A1-84FB-02C4894B89AA}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45587218-4289-ef4e-8e6a-e5b07816b63a}\ = "IUSBDeviceFilter" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{747E397E-69C8-45A0-88D9-F7F07096071A}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49B19D41-4A75-7BD5-C124-259ACBA3C41A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1} C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{334DF94A-7556-4CBC-8C04-043096B02D8A}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21637B0E-34B8-42D3-ACFB-7E96DAF77C2A}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24eef068-c380-4510-bc7c-19314a7352fa}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F99CD4D-BBD2-49BA-B24D-4B5B42FB4C31} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3785b3f7-7b5f-4000-8842-ad0cc6ab30ba}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1BCC6D5-7966-481D-AB0B-D0ED73E2813A}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D23A9CA3-42DA-C94B-8AEC-21968E08355A}\TypeLib\ = "{d7569351-1750-46f0-936e-bd127d5bc26a}" C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D3D5F1EE-BCB2-4905-A7AB-CC85448A742A}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EB668D2-495E-5A36-8890-29999B5F030A} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{179F8647-319C-4E7E-8150-C5837BD265FA}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MemuHyperv.Session C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F13F667D-3624-4AC5-99C1-3D982EBD8D9A}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{334df94a-7556-4cbc-8c04-043096b02d8a}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9B6E1AEE-35F3-4F4D-B5BB-ED0ECEFD853A}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01ADB2D6-AEDF-461C-BE2C-99E91BDAD8AA}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2547866-A0A1-4391-8B86-6952D82EFAAA}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D70F7915-DA7C-44C8-A7AC-9F1734904461}\ = "IAdditionsStateChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{67099191-32E7-4F6C-85EE-422304C71B9A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C5E945F-2354-4267-883F-2F417D21651A}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7844AA05-B02E-4CDD-A04F-ADE4A762E6BA}\ = "ISession" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92F21DC0-44DE-1653-B717-2EBF0CA9B66A}\ = "IGuestFile" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5915D179-83C7-4F2B-A323-9A97F46F4E2A}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9709db9b-3346-49d6-8f1c-41b0c4784ffa} C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CAC21692-7997-4595-A731-3A509DB604EA} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8A}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E758489-453A-6F98-9CB9-2DA2CB8EABBA}\ = "IVRDEServer" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DA}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFCA788C-4477-787D-60B2-3FA70E56FBBA}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39B4E759-1EC0-4C0F-857F-FBE2A737A25A}\NumMethods\ = "16" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{88394258-7006-40D4-B339-472EE380184A}\ = "IGuestKeyboardEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39B4E759-1EC0-4C0F-857F-FBE2A737A25A} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{327E3C00-EE61-462F-AED3-0DFF6CBF990A}\NumMethods\ = "16" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DA} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02326F63-BCB3-4481-96E0-30D1C2EE97FA}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{e062a915-3cf5-4c0a-bc90-9b8d4cc94d8a}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5748F794-48DF-438D-85EB-98FFD70D18CA}\NumMethods\ = "14" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9ACD33F-647D-45AC-8FE9-F49B3183BA3A}\NumMethods C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F7B8A22-C71F-4A36-8E5F-A77D01D7609A}\TypeLib C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b0a0904d-2f05-4d28-855f-488f96bad2ba}\TypeLib\Version = "1.3" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E758489-453A-6F98-9CB9-2DA2CB8EABBA}\ProxyStubClsid32 C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c365fb7b-4430-499f-92c8-8bed814a5671}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0A0904D-2F05-4D28-855F-488F96BAD2BA} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10F337FB-422E-E57E-661B-0998AC30917A}\ = "IMediumFormat" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6215d169-25dd-4719-ab34-c908701efb5a}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{dd3fc71d-26c0-4fe1-bf6f-67f633265bb1}\VersionIndependentProgID C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3ba329dc-659c-488b-835c-4eca7ae71c6a}\TypeLib\ = "{d7569351-1750-46f0-936e-bd127d5bc26a}" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48C7F4C0-C9D6-4742-957C-A6FD52E8C4AA}\ = "IBandwidthControl" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92ED7B1A-0D96-40ED-AE46-A564D484325A}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BA}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1336A0A-2546-4D99-8CFF-8EFB130CFA9A}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MemuHyperv.MemuHyperv\ = "MemuHyperv Class" C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44A}\ = "IKeyboardLedsChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31587F93-2D12-4D7C-BA6D-CE51D0D5B26A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 755226.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Product_files\rsStubActivator.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SYSTEM32\fltmc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: 35 N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A
Token: 35 N/A C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\AVG\Antivirus\AVGUI.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmuConsole.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A
N/A N/A C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
N/A N/A C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
N/A N/A C:\Program Files\AVG\Antivirus\AVGUI.exe N/A
N/A N/A C:\Program Files\Microvirt\MEmu\MEmu.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\Setup.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A
N/A N/A C:\Program Files\Microvirt\tempDir\7za.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3856 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3856 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Memuplay.com/download.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffc719e3cb8,0x7ffc719e3cc8,0x7ffc719e3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6524 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8

C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe

"C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe"

C:\Users\Admin\AppData\Local\Temp\Product_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\Product_files\rsStubActivator.exe" -ip:"dui=902427299e9ca68fbf4715bfe6cbe53c587a43c3&dit=20240306024554955&is_silent=true&oc=DOT_RAV_Cross_Tri_NCB&p=c52b&a=100&b=&se=true" -vp:"dui=902427299e9ca68fbf4715bfe6cbe53c587a43c3&dit=20240306024554955&oc=DOT_RAV_Cross_Tri_NCB&p=c52b&a=100&oip=26&ptl=7&dta=true" -dp:"dui=902427299e9ca68fbf4715bfe6cbe53c587a43c3&dit=20240306024554955&oc=DOT_RAV_Cross_Tri_NCB&p=c52b&a=100" -i -v -d

C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe

"C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe" /silent

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe

"C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe" /silent

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true saBsiVersion=4.1.1.818 CountryCode=GB /no_self_update

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2008047649\installer.exe

"C:\Program Files\McAfee\Temp2008047649\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\sc.exe

sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"

C:\Windows\SYSTEM32\sc.exe

sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"

C:\Windows\SYSTEM32\sc.exe

sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\Microvirt\tempDir\Setup.exe

"C:\Program Files\Microvirt\tempDir\Setup.exe" --insPath "C:\Program Files\Microvirt" --channel cd5e1e15 --noCheckMd5 --callbackProcessInfo --callbackExitCode /S

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\sc.exe

sc.exe start "McAfee WebAdvisor"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSB

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSBMon

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuUSBMon

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\tempDir\Setup.7z" "-oC:\Program Files\Microvirt"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\MEmuHyperv64.7z" "-oC:\Program Files\Microvirt\MEmuHyperv"

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\MEmuHyperv32.7z" "-oC:\Program Files\Microvirt\MEmuHyperv\x86" libcurl.dll libcrypto-1_1.dll libssl-1_1.dll msvcp100.dll msvcr100.dll msvcr120.dll MEmuC.dll MEmuHPV.dll MEmuProxyStub.dll MEmuREM.dll MEmuRT.dll

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe" driver install "C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf"

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" list runningvms

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /RegServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\system32\sc start MEmuSVC

C:\Program Files\Microvirt\MEmu\MemuService.exe

"C:\Program Files\Microvirt\MEmu\MemuService.exe"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\cscript.exe

cscript "C:\Windows\TEMP\HWVirt.vbs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" setproperty machinefolder "C:\Program Files\Microvirt\MEmu\MemuHyperv VMs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmu\MEmuRepair.exe

"C:\Program Files\Microvirt\MEmu\MEmuRepair.exe" --getVtStatus

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" setproperty machinefolder "C:\Program Files\Microvirt\MEmu\MemuHyperv VMs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" showmediuminfo "C:\Program Files\Microvirt\MEmu\image\96\MEmu96-2024021900027FFF-disk1.vmdk"

C:\Program Files\Microvirt\MEmu\MEmuc.exe

"C:\Program Files\Microvirt\MEmu\MEmuc.exe" create 96

C:\Program Files\Microvirt\MEmu\MEmuConsole.exe

"C:\Program Files\Microvirt\MEmu\MEmuConsole.exe" -b

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\cscript.exe

cscript "C:\Users\Admin\AppData\Local\Temp\HWVirt.vbs"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\system32\sc delete MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSB

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSBMon

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe" driver uninstall "C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuUSBMon

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4532 -ip 4532

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe

"C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe"

C:\Users\Admin\AppData\Local\Temp\Product_files\avg_antivirus_free_setup.exe

"C:\Users\Admin\AppData\Local\Temp\Product_files\avg_antivirus_free_setup.exe" /silent /ws /psh:M75AarNpXLBMEOAwRXhnAe7J9FeyvkGA3L4RM1ueOui83xuZn0ZZvZ30lwTpZHwQ7fzXrUFj6MRcdvIOtVGBpWH

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_c

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x2f8,0x2fc,0x300,0x2d4,0x304,0x6e72c398,0x6e72c3a8,0x6e72c3b4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe

"C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1956 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240306025338" --session-guid=2a15091f-a37f-44ca-916f-279b47ad5f91 --server-tracking-blob=ODdkMzFlZWU2MjkzYTViYzc4MTg4OTdiMWY4MjczZmQ0YmIwNmJmMWViMTc5OGU2MWE5Zjg2OGNiMzdlZTM5Nzp7ImNvdW50cnkiOiJJTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFpcyZ1dG1fbWVkaXVtPWFwYiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MjQwNjc0OS41OTA1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMi4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3X2MiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6Ijk4MjVlYmU2LTRhYTItNDRmOS1iYTM5LTRkMjNlNmE1MDVhNiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=5C04000000000000

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x304,0x308,0x30c,0x2d4,0x310,0x6d7cc398,0x6d7cc3a8,0x6d7cc3b4

C:\Windows\Temp\asw.b4116e42a348255e\avg_antivirus_free_online_setup.exe

"C:\Windows\Temp\asw.b4116e42a348255e\avg_antivirus_free_online_setup.exe" /silent /ws /psh:M75AarNpXLBMEOAwRXhnAe7J9FeyvkGA3L4RM1ueOui83xuZn0ZZvZ30lwTpZHwQ7fzXrUFj6MRcdvIOtVGBpWH /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1a33bb11-9e1e-4a4e-b2de-9f37585de52c /edat_dir:C:\Windows\Temp\asw.b4116e42a348255e

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\icarus-info.xml /install /silent /ws /psh:M75AarNpXLBMEOAwRXhnAe7J9FeyvkGA3L4RM1ueOui83xuZn0ZZvZ30lwTpZHwQ7fzXrUFj6MRcdvIOtVGBpWH /cookie:mmm_irs_ppi_902_451_o /track-guid:1a33bb11-9e1e-4a4e-b2de-9f37585de52c /edat_dir:C:\Windows\Temp\asw.b4116e42a348255e

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\Assistant_107.0.5045.36_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\Assistant_107.0.5045.36_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.36 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x2d0ff4,0x2d1000,0x2d100c

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe /silent /ws /psh:M75AarNpXLBMEOAwRXhnAe7J9FeyvkGA3L4RM1ueOui83xuZn0ZZvZ30lwTpZHwQ7fzXrUFj6MRcdvIOtVGBpWH /cookie:mmm_irs_ppi_902_451_o /track-guid:1a33bb11-9e1e-4a4e-b2de-9f37585de52c /edat_dir:C:\Windows\Temp\asw.b4116e42a348255e /er_master:master_ep_6e2c3e45-6c0d-4f93-ac82-122c5acd463f /er_ui:ui_ep_a0d82e0c-8663-4547-9134-b8b491baaab3 /er_slave:avg-av-vps_slave_ep_2f1010e3-1fb6-4f8f-8cde-0a836cc7695e /slave:avg-av-vps

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe /silent /ws /psh:M75AarNpXLBMEOAwRXhnAe7J9FeyvkGA3L4RM1ueOui83xuZn0ZZvZ30lwTpZHwQ7fzXrUFj6MRcdvIOtVGBpWH /cookie:mmm_irs_ppi_902_451_o /track-guid:1a33bb11-9e1e-4a4e-b2de-9f37585de52c /edat_dir:C:\Windows\Temp\asw.b4116e42a348255e /er_master:master_ep_6e2c3e45-6c0d-4f93-ac82-122c5acd463f /er_ui:ui_ep_a0d82e0c-8663-4547-9134-b8b491baaab3 /er_slave:avg-av_slave_ep_4ab11204-3fb8-4694-8524-11ed69136002 /slave:avg-av

C:\Program Files\Microvirt\tempDir\Setup.exe

"C:\Program Files\Microvirt\tempDir\Setup.exe" --insPath "C:\Program Files\Microvirt" --channel cd5e1e15 --noCheckMd5 --callbackProcessInfo --callbackExitCode /S

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSB

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetFlt

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuUSBMon

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuDrv

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuUSBMon

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetFlt

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetLwf

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" query MEmuNetAdp

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\tempDir\Setup.7z" "-oC:\Program Files\Microvirt"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\MEmuHyperv64.7z" "-oC:\Program Files\Microvirt\MEmuHyperv"

C:\Program Files\Microvirt\tempDir\7za.exe

"C:\Program Files\Microvirt\tempDir\7za.exe" x -y -aoa "C:\Program Files\Microvirt\MEmuHyperv32.7z" "-oC:\Program Files\Microvirt\MEmuHyperv\x86" libcurl.dll libcrypto-1_1.dll libssl-1_1.dll msvcp100.dll msvcr100.dll msvcr120.dll MEmuC.dll MEmuHPV.dll MEmuProxyStub.dll MEmuREM.dll MEmuRT.dll

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe" driver install "C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf"

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" list runningvms

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /RegServer

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\sc.exe

C:\Windows\system32\sc start MEmuSVC

C:\Program Files\Microvirt\MEmu\MemuService.exe

"C:\Program Files\Microvirt\MEmu\MemuService.exe"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuSVC

C:\Windows\SysWOW64\cscript.exe

cscript "C:\Windows\TEMP\HWVirt.vbs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" setproperty machinefolder "C:\Program Files\Microvirt\MEmu\MemuHyperv VMs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmu\MEmuRepair.exe

"C:\Program Files\Microvirt\MEmu\MEmuRepair.exe" --getVtStatus

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" setproperty machinefolder "C:\Program Files\Microvirt\MEmu\MemuHyperv VMs"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuManage.exe" showmediuminfo "C:\Program Files\Microvirt\MEmu\image\96\MEmu96-2024021900027FFF-disk1.vmdk"

C:\Program Files\Microvirt\MEmu\MEmuc.exe

"C:\Program Files\Microvirt\MEmu\MEmuc.exe" create 96

C:\Program Files\Microvirt\MEmu\MEmuConsole.exe

"C:\Program Files\Microvirt\MEmu\MEmuConsole.exe" -b

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\cscript.exe

cscript "C:\Users\Admin\AppData\Local\Temp\HWVirt.vbs"

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:\Program Files\Microvirt\MEmu\MEmu.exe" adjustconfig MEmu

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Program Files\Microvirt\MEmu\screenrecord.exe

"C:\Program Files\Microvirt\MEmu\screenrecord.exe"

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:\Program Files\Microvirt\MEmu\MEmu.exe" install

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.memuplay.com/thanks/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc719e3cb8,0x7ffc719e3cc8,0x7ffc719e3cd8

C:\Program Files\Microvirt\MEmu\MEmuRepair.exe

"C:\Program Files\Microvirt\MEmu\MEmuRepair.exe" --getVtStatus

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:\Program Files\Microvirt\MEmu\MEmu.exe" MEmu

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2924 -ip 2924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 1940

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files\Microvirt\MEmu\MEmuRepair.exe

"C:\Program Files\Microvirt\MEmu\MEmuRepair.exe" --repairDrv

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe

"C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe" /prepare_definitions_folder

C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe

"C:\Program Files\ReasonLabs\Common\..\rsScanner_v3.9.1.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe"

C:\Windows\system32\choice.exe

choice /C Y /N /D Y /T 3

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:sw_avgNdis

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:avgNdisFlt /catalog:avgNdisFlt.cat

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /RegServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRdr2.cat

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgHwid.cat

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgVmm.cat

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRvrt.cat

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installer /reg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe" driver install "C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Windows\SysWOW64\sc.exe

C:\Windows\system32\sc start MEmuDrv

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll"

C:\Program Files\AVG\Antivirus\RegSvr.exe

"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\asOutExt.dll"

C:\Program Files\AVG\Antivirus\RegSvr.exe

"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\asOutExt.dll"

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /catinstall:"C:\Program Files\AVG\Antivirus\crts.cat" /basename:pkg_{af98c830-528a-46b9-a60e-2db5d9a76b77}.cat /crtid:E89476E7569FC7413EA11A4461D6E3E784B8B699

C:\Program Files\AVG\Antivirus\wsc_proxy.exe

"C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /svc /register /ppl_svc

C:\Program Files\AVG\Antivirus\avDump.exe

"C:\Program Files\AVG\Antivirus\avDump.exe" --pid 8620 --exception_ptr 000000D72052EAF0 --thread_id 7192 --dump_level 0 --handle_data 1 --dump_file "C:\ProgramData\AVG\Antivirus\log\unp310925943161817436x-manual.mdmp" --comment "Cause: VectoredExceptionHandler Exception: sd is not loaded" --min_interval 60

C:\Program Files\AVG\Antivirus\afwServ.exe

"C:\Program Files\AVG\Antivirus\afwServ.exe"

C:\Program Files\Common Files\AVG\Overseer\overseer.exe

"C:\Program Files\Common Files\AVG\Overseer\overseer.exe" /skip_uptime /skip_remediations

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" /silent_welcome

C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe

"C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe" /avg /get_latest_ga_client_id /get_latest_landingpageid_cookie /get_latest_pagedownloadid_cookie

C:\Program Files\AVG\Antivirus\afwServ.exe

"C:\Program Files\AVG\Antivirus\afwServ.exe"

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21503

C:\Program Files\AVG\Antivirus\afwServ.exe

"C:\Program Files\AVG\Antivirus\afwServ.exe"

C:\Program Files\Microvirt\MEmu\adb.exe

adb -L tcp:5037 fork-server server --reply-fd 608

C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe

"C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe" /repair:avg-av /silent /ii_reason:FwSvcRecovery

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe

"C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe" /silent /ii_reason:FwSvcRecovery /er_master:master_ep_694abcbc-98ab-458c-bdef-f7d9ec6fd274 /er_ui:ui_ep_519593e9-2443-4b28-9ef8-aa44ca48be6d /er_slave:avg-av_slave_ep_b209373e-7295-4058-9d0b-0dbf6890452e /slave:avg-av

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe

"C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus.exe" /silent /ii_reason:FwSvcRecovery /er_master:master_ep_694abcbc-98ab-458c-bdef-f7d9ec6fd274 /er_ui:ui_ep_519593e9-2443-4b28-9ef8-aa44ca48be6d /er_slave:avg-av-vps_slave_ep_607838fa-087e-4534-bd94-9de2b9f1d36a /slave:avg-av-vps

C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus_ui.exe

"C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus_ui.exe" /sbr /eid=8160a114-fcb7-4a00-a164-96305486c528

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe

"C:\Program Files\AVG\Antivirus\defs\24030504\engsup.exe" /prepare_definitions_folder

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:sw_avgNdis

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /netservice:avgNdisFlt /catalog:avgNdisFlt.cat

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRdr2.cat

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgHwid.cat

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgVmm.cat

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRvrt.cat

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /updater /reg

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installer /reg

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /updater

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

"C:\Program Files\AVG\Antivirus\AvEmUpdate.exe" /installer

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" /U "C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\AVG\Antivirus\RegSvr.exe

"C:\Program Files\AVG\Antivirus\RegSvr.exe" /U "C:\Program Files\AVG\Antivirus\aswAMSI.dll"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll"

C:\Program Files\AVG\Antivirus\RegSvr.exe

"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

"C:\Program Files\AVG\Antivirus\x86\RegSvr.exe" "C:\Program Files\AVG\Antivirus\x86\asOutExt.dll"

C:\Program Files\AVG\Antivirus\RegSvr.exe

"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\asOutExt.dll"

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /catinstall:"C:\Program Files\AVG\Antivirus\crts.cat" /basename:pkg_{af98c830-528a-46b9-a60e-2db5d9a76b77}.cat /crtid:E89476E7569FC7413EA11A4461D6E3E784B8B699

C:\Program Files\AVG\Antivirus\wsc_proxy.exe

"C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /svc /register /ppl_svc

C:\Program Files\AVG\Antivirus\avDump.exe

"C:\Program Files\AVG\Antivirus\avDump.exe" --pid 8756 --exception_ptr 000000A4510FECC0 --thread_id 9552 --dump_level 0 --handle_data 1 --dump_file "C:\ProgramData\AVG\Antivirus\log\unp310925943973022239x-manual.mdmp" --comment "Cause: VectoredExceptionHandler Exception: sd is not loaded" --min_interval 60

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\AVG\Antivirus\afwServ.exe

"C:\Program Files\AVG\Antivirus\afwServ.exe"

C:\Program Files\Common Files\AVG\Overseer\overseer.exe

"C:\Program Files\Common Files\AVG\Overseer\overseer.exe" /skip_uptime /skip_remediations

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" /nogui

C:\Program Files\AVG\Antivirus\AvDump.exe

"C:\Program Files\AVG\Antivirus\AvDump.exe" /unregister

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --field-trial-handle=6020,9611500244696370144,7412718404625734961,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" --type=gpu-process --field-trial-handle=6020,9611500244696370144,7412718404625734961,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --mojo-platform-channel-handle=5504 /prefetch:2

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=6020,9611500244696370144,7412718404625734961,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=en-US --service-sandbox-type=utility --no-sandbox --force-wave-audio --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files\AVG\Antivirus\AVGUI.exe

"C:\Program Files\AVG\Antivirus\AVGUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=6020,9611500244696370144,7412718404625734961,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=en-US --service-sandbox-type=none --no-sandbox --force-wave-audio --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --log-severity=disable --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36 Avastium (0.0.0) (Windows 10.0)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Admin\AppData\Roaming\AVG\Antivirus\log\cef_log.txt" --mojo-platform-channel-handle=8912 /prefetch:8

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Users\Admin\AppData\Local\Temp\3mcnxtrx.exe

"C:\Users\Admin\AppData\Local\Temp\3mcnxtrx.exe" /silent

C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\RAVVPN-installer.exe

"C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\RAVVPN-installer.exe" "C:\Users\Admin\AppData\Local\Temp\3mcnxtrx.exe" /silent

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\VPN\ui\VPN.exe

"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2160 --field-trial-handle=2164,i,17626255845680400740,10933000997039270896,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --mojo-platform-channel-handle=2552 --field-trial-handle=2164,i,17626255845680400740,10933000997039270896,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2672 --field-trial-handle=2164,i,17626255845680400740,10933000997039270896,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2132 --field-trial-handle=2140,i,9935025848473139704,10308369411136457519,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2220 --field-trial-handle=2140,i,9935025848473139704,10308369411136457519,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2768 --field-trial-handle=2140,i,9935025848473139704,10308369411136457519,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ypukoz0w.exe

"C:\Users\Admin\AppData\Local\Temp\ypukoz0w.exe" /silent

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3752 --field-trial-handle=2164,i,17626255845680400740,10933000997039270896,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3688 --field-trial-handle=2140,i,9935025848473139704,10308369411136457519,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\SaferWeb-installer.exe

"C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\SaferWeb-installer.exe" "C:\Users\Admin\AppData\Local\Temp\ypukoz0w.exe" /silent

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4860 /prefetch:8

\??\c:\windows\system32\rundll32.exe

"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\DNS\rsDwf.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -i -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe" -service install

C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe"

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe" -i -i

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe

"C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe"

C:\Program Files\Microvirt\MEmu\MEmuConsole.exe

"C:\Program Files\Microvirt\MEmu\MEmuConsole.exe"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" -Embedding

C:\Windows\SysWOW64\cscript.exe

cscript "C:\Users\Admin\AppData\Local\Temp\HWVirt.vbs"

C:\Program Files\Microvirt\MEmu\MEmuConsole.exe

"C:\Program Files\Microvirt\MEmu\MEmuConsole.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files\Microvirt\MEmu\adb.exe

adb start-server

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

\??\c:\program files\reasonlabs\DNS\ui\DNS.exe

"c:\program files\reasonlabs\DNS\ui\DNS.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\DNS\ui\app.asar" --engine-path="c:\program files\reasonlabs\DNS" --minimized --focused --first-run

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2236 --field-trial-handle=2240,i,516226891062793770,6133089977446693734,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --mojo-platform-channel-handle=2340 --field-trial-handle=2240,i,516226891062793770,6133089977446693734,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --app-user-model-id=com.reasonlabs.dns --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2508 --field-trial-handle=2240,i,516226891062793770,6133089977446693734,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21503

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 1940 -ip 1940

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 4372

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4100 --field-trial-handle=2164,i,17626255845680400740,10933000997039270896,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2844 --field-trial-handle=2140,i,9935025848473139704,10308369411136457519,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu_1

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files\Microvirt\MEmu\7za.exe

"C:\Program Files\Microvirt\MEmu\7za.exe" x -y -aoa "C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova" "-oC:\Program Files\Microvirt\MEmu\image\76"

C:\Program Files\Microvirt\MEmu\MEmuRepair.exe

"C:\Program Files\Microvirt\MEmu\MEmuRepair.exe" --repairDrv

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe" /RegServer

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\Microvirt\MEmuHyperv\MEmuProxyStub.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s /u "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3768 --field-trial-handle=2240,i,516226891062793770,6133089977446693734,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" /s "C:\Program Files\Microvirt\MEmuHyperv\x86\MEmuProxyStub.dll"

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe

"C:\Program Files\Microvirt\MEmuHyperv\MEmuDrvInst.exe" driver install "C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf"

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Windows\SysWOW64\sc.exe

C:\Windows\system32\sc start MEmuDrv

C:\Windows\SysWOW64\sc.exe

C:\Windows\System32\sc query MEmuDrv

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21513

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1624 -ip 1624

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 7408

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu_1

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu_1

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu_2

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21513

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21523

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 9024 -ip 9024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 4372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 11064 -ip 11064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 2596

C:\Program Files\Microvirt\MEmu\MEmu.exe

"C:/Program Files/Microvirt/MEmu/MEmu.exe" MEmu_2

C:\Windows\SysWOW64\cmd.exe

cmd /c chcp 65001 && ping www.baidu.com -n 5

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\PING.EXE

ping www.baidu.com -n 5

C:\Windows\SysWOW64\cmd.exe

cmd /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files\Microvirt\MEmu\adb.exe

adb disconnect 127.0.0.1:21523

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 9072 -ip 9072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 11516

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18406087360121156400,10048595104795442089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 memuplay.com udp
GB 79.133.176.194:80 memuplay.com tcp
GB 79.133.176.194:80 memuplay.com tcp
GB 79.133.176.194:80 memuplay.com tcp
GB 79.133.176.194:80 memuplay.com tcp
GB 79.133.176.194:80 memuplay.com tcp
GB 79.133.176.194:80 memuplay.com tcp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 13.33.52.87:443 www.memuplay.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 18.172.88.80:443 dl.memuplay.com tcp
GB 18.172.88.80:443 dl.memuplay.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 173.194.76.155:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 173.194.76.155:443 stats.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 172.217.16.230:443 static.doubleclick.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 104.166.160.229:80 stat.microvirt.com tcp
GB 104.166.160.229:80 stat.microvirt.com tcp
US 8.8.8.8:53 www.microvirt.com udp
GB 104.166.160.229:80 www.microvirt.com tcp
US 8.8.8.8:53 229.160.166.104.in-addr.arpa udp
GB 18.172.88.33:80 dl.memuplay.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
US 8.8.8.8:53 33.88.172.18.in-addr.arpa udp
GB 13.224.78.20:443 d2o3w12poh7bs1.cloudfront.net tcp
GB 18.165.158.55:443 duqlj0vjz2j4g.cloudfront.net tcp
GB 18.165.158.55:443 duqlj0vjz2j4g.cloudfront.net tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 55.158.165.18.in-addr.arpa udp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
US 8.8.8.8:53 www.memuplay.com udp
US 13.33.52.86:80 www.memuplay.com tcp
US 8.8.8.8:53 86.52.33.13.in-addr.arpa udp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 18.172.88.33:80 dl.memuplay.com tcp
GB 18.165.158.55:443 duqlj0vjz2j4g.cloudfront.net tcp
US 172.67.9.68:443 shield.reasonsecurity.com tcp
GB 18.172.88.33:80 dl.memuplay.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 54.185.10.165:443 analytics.apis.mcafee.com tcp
US 172.67.9.68:443 shield.reasonsecurity.com tcp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 54.185.10.165:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 88.221.135.208:443 sadownload.mcafee.com tcp
US 3.228.243.233:443 track.analytics-data.io tcp
US 3.228.243.233:443 track.analytics-data.io tcp
US 3.228.243.233:443 track.analytics-data.io tcp
US 3.228.243.233:443 track.analytics-data.io tcp
GB 3.162.20.105:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 105.20.162.3.in-addr.arpa udp
US 3.228.243.233:443 track.analytics-data.io tcp
US 3.228.243.233:443 track.analytics-data.io tcp
GB 3.162.20.112:443 electron-shell.reasonsecurity.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
US 52.201.49.182:443 track.analytics-data.io tcp
US 8.8.8.8:53 182.49.201.52.in-addr.arpa udp
US 52.201.49.182:443 track.analytics-data.io tcp
GB 104.84.78.57:443 home.mcafee.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 35.161.98.193:443 analytics.apis.mcafee.com tcp
US 54.185.10.165:443 analytics.apis.mcafee.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 35.161.98.193:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 228.160.166.104.in-addr.arpa udp
US 54.185.10.165:443 analytics.apis.mcafee.com tcp
US 52.201.49.182:443 track.analytics-data.io tcp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 52.201.49.182:443 track.analytics-data.io tcp
GB 54.230.10.39:443 cdn.reasonsecurity.com tcp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 52.201.49.182:443 track.analytics-data.io tcp
US 52.201.49.182:443 track.analytics-data.io tcp
US 52.201.49.182:443 track.analytics-data.io tcp
US 52.201.49.182:443 track.analytics-data.io tcp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 88.221.135.208:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 www.microvirt.com udp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
US 8.8.8.8:53 stat.microvirt.com udp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.229:80 stat.microvirt.com tcp
GB 104.166.160.229:80 stat.microvirt.com tcp
GB 104.166.160.229:80 stat.microvirt.com tcp
GB 104.166.160.229:443 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 8.8.8.8:53 www.memuplay.com udp
US 8.8.8.8:53 www.memuplay.com udp
US 13.33.52.87:443 www.memuplay.com tcp
US 8.8.8.8:53 memuplay.com udp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
BE 173.194.76.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 157.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
GB 104.166.160.229:80 stat.microvirt.com tcp
US 8.8.8.8:53 www.microvirt.com udp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
US 8.8.8.8:53 dl.memuplay.com udp
GB 18.172.88.87:80 dl.memuplay.com tcp
US 8.8.8.8:53 d2o3w12poh7bs1.cloudfront.net udp
GB 13.224.78.16:443 d2o3w12poh7bs1.cloudfront.net tcp
US 8.8.8.8:53 16.78.224.13.in-addr.arpa udp
GB 18.165.158.157:443 duqlj0vjz2j4g.cloudfront.net tcp
GB 18.165.158.157:443 duqlj0vjz2j4g.cloudfront.net tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 18.165.158.55:443 duqlj0vjz2j4g.cloudfront.net tcp
US 13.33.52.86:80 www.memuplay.com tcp
GB 18.165.158.55:443 duqlj0vjz2j4g.cloudfront.net tcp
GB 104.166.160.229:80 www.microvirt.com tcp
GB 18.172.88.87:80 dl.memuplay.com tcp
GB 18.172.88.87:80 dl.memuplay.com tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
GB 172.217.16.238:80 www.google-analytics.com tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 8.8.8.8:53 23.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 223.223.117.34.in-addr.arpa udp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 123.182.26.185.in-addr.arpa udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
NL 82.145.216.15:443 features.opera-api2.com tcp
NL 82.145.216.23:443 download.opera.com tcp
US 8.8.8.8:53 download3.operacdn.com udp
US 8.8.8.8:53 15.216.145.82.in-addr.arpa udp
GB 95.101.143.243:443 download3.operacdn.com tcp
US 8.8.8.8:53 23.216.145.82.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 243.143.101.95.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 28.176.160.34.in-addr.arpa udp
US 8.8.8.8:53 honzik.avcdn.net udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 honzik.avcdn.net udp
US 8.8.8.8:53 honzik.avcdn.net udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
GB 23.44.233.23:443 honzik.avcdn.net tcp
NL 82.145.216.23:443 download.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.160.176.28:443 shepherd.avcdn.net tcp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 8.8.8.8:53 stat.microvirt.com udp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 www.microvirt.com udp
GB 104.166.160.228:80 www.microvirt.com tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 honzik.avcdn.net udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 8.8.8.8:53 stat.microvirt.com udp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:443 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 13.33.52.122:80 www.memuplay.com tcp
US 13.33.52.122:80 www.memuplay.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 13.33.52.122:80 www.memuplay.com tcp
US 8.8.8.8:53 kr.memuplay.com udp
US 13.33.52.122:80 www.memuplay.com tcp
GB 142.250.187.194:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 www.facebook.com udp
US 13.33.52.122:80 www.memuplay.com tcp
US 13.33.52.122:80 www.memuplay.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
BE 173.194.76.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.76.194.173.in-addr.arpa udp
GB 172.217.16.230:443 static.doubleclick.net udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 13.33.52.122:80 www.memuplay.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
GB 104.166.160.228:80 stat.microvirt.com tcp
US 8.8.8.8:53 www.baidu.com udp
GB 104.166.160.229:443 hstat.microvirt.com tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 3.162.20.44:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.229:443 hstat.microvirt.com tcp
US 8.8.8.8:53 44.20.162.3.in-addr.arpa udp
GB 54.230.10.67:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 44.143.84.52.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
GB 88.221.134.49:80 emupdate.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
GB 88.221.134.74:80 emupdate.bav.avcdn.net tcp
GB 88.221.134.74:443 emupdate.bav.avcdn.net tcp
US 8.8.8.8:53 74.134.221.88.in-addr.arpa udp
GB 23.44.233.23:80 honzik.avcdn.net tcp
US 8.8.8.8:53 s-overseer.avcdn.net udp
GB 88.221.134.74:443 s-overseer.avcdn.net tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
GB 13.224.81.120:80 cnx.conceptsheartranch.com tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 34.117.223.223:80 v7event.stats.avast.com tcp
GB 172.217.16.238:80 www.google-analytics.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 104.166.160.229:443 hstat.microvirt.com tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 honzik.avcdn.net udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 8.8.8.8:53 honzik.avcdn.net udp
GB 23.44.233.23:443 honzik.avcdn.net tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
GB 88.221.135.201:80 emupdate.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
GB 88.221.134.74:80 emupdate.bav.avcdn.net tcp
GB 88.221.134.74:443 emupdate.bav.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.149.149.62:80 ip-info.ff.avast.com tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
GB 88.221.135.201:80 emupdate.avcdn.net tcp
GB 88.221.134.74:80 emupdate.bav.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
GB 88.221.134.74:443 emupdate.bav.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 s-overseer.avcdn.net udp
GB 88.221.135.75:443 s-overseer.avcdn.net tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 analytics.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 8.8.8.8:53 shield.reasonsecurity.com udp
US 104.22.1.235:443 shield.reasonsecurity.com tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
GB 3.162.20.105:443 update.reasonsecurity.com tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
GB 54.230.10.121:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.225.132.106:443 config.reasonsecurity.com tcp
GB 92.123.241.137:80 www.microsoft.com tcp
US 52.2.74.121:443 track.analytics-data.io tcp
US 52.2.74.121:443 track.analytics-data.io tcp
US 3.225.132.106:443 config.reasonsecurity.com tcp
US 52.2.74.121:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
GB 92.123.241.137:80 www.microsoft.com tcp
US 52.43.110.0:443 mc6.reasonsecurity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
GB 88.221.134.73:80 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 3.162.20.105:443 update.reasonsecurity.com tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
GB 54.230.10.67:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 3.232.141.53:443 track.analytics-data.io tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 sf.symcd.com udp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 152.199.19.74:80 ocsp.thawte.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 www.microvirt.com udp
GB 104.166.160.228:443 www.microvirt.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 52.2.74.121:443 track.analytics-data.io tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 config.reasonsecurity.com udp
US 52.22.96.217:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 217.96.22.52.in-addr.arpa udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 3.225.132.106:443 safer-web.reasonsecurity.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 52.2.74.121:443 track.analytics-data.io tcp
US 52.22.96.217:443 safer-web.reasonsecurity.com tcp
US 52.2.74.121:443 track.analytics-data.io tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
GB 92.123.241.137:80 www.microsoft.com tcp
US 52.86.58.76:443 track.analytics-data.io tcp
US 8.8.8.8:53 76.58.86.52.in-addr.arpa udp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.229:443 www.microvirt.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 18.172.88.33:443 dl.memuplay.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.229:443 hstat.microvirt.com tcp
US 152.199.19.74:80 sf.symcd.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 104.166.160.229:443 www.microvirt.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 www.baidu.com udp
GB 104.166.160.228:80 www.microvirt.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.229:443 hstat.microvirt.com tcp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.228:443 www.microvirt.com tcp
GB 104.166.160.228:443 www.microvirt.com tcp
US 172.67.9.68:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 www.baidu.com udp
GB 104.166.160.228:80 www.microvirt.com tcp
GB 104.166.160.228:80 www.microvirt.com tcp
US 104.22.1.235:80 apie.reasonsecurity.com tcp
US 8.8.8.8:53 hstat.microvirt.com udp
GB 104.166.160.228:443 hstat.microvirt.com tcp
GB 104.166.160.229:443 hstat.microvirt.com tcp
GB 2.18.66.179:443 tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
US 54.90.161.31:443 track.analytics-data.io tcp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
N/A 127.0.0.1:51382 tcp
N/A 127.0.0.1:51578 tcp
N/A 127.0.0.1:58141 tcp
N/A 127.0.0.1:5037 tcp
N/A 127.0.0.1:58232 tcp
N/A 127.0.0.1:58234 tcp
N/A 127.0.0.1:5555 tcp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:5037 tcp
N/A 127.0.0.1:5557 tcp
N/A 127.0.0.1:5559 tcp
N/A 127.0.0.1:5561 tcp
N/A 127.0.0.1:5563 tcp
N/A 127.0.0.1:5565 tcp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:5567 tcp
N/A 127.0.0.1:5569 tcp
N/A 127.0.0.1:5571 tcp
N/A 127.0.0.1:5573 tcp
N/A 127.0.0.1:5575 tcp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:5577 tcp
N/A 127.0.0.1:5579 tcp
N/A 127.0.0.1:5581 tcp
N/A 127.0.0.1:5583 tcp
N/A 127.0.0.1:5585 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f2dc80f5403feb8461b7ffa09890d6a0
SHA1 d5b61e6d672e7e71571e0132e21cead181da8805
SHA256 eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a
SHA512 5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c48e8b68231fb5b2d7f1188b930bc0e
SHA1 1822aef5da8fdd47626fb91afcf79a2be175a325
SHA256 c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944
SHA512 2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dcd8a8ba05b8569a2052c3c98569a7d
SHA1 d2f4b20edec4639a1004e222fea649604f1c85f5
SHA256 f11440f65a2388f235701a4a209d435495408460905c237f64a6b64023016fd0
SHA512 f60f5b3eb0504e4098a55690e4f66b9af05eb8a0aa88fa0a81dc69b8cef1f57c62c0d73be8b55fd5a27d912251ff93cbb34cc7f53f08c9a3aefd036a59148172

C:\Users\Admin\Downloads\Unconfirmed 755226.crdownload

MD5 9e64f7c8ccb1cf6bfbc30c05763c86cf
SHA1 0e9db312f8ba35bcfb931eb19d9057dec1e556b7
SHA256 bee46514c5292d088ae0eb7a2a7ffd126cee25372db0857681f9508757b0c124
SHA512 4b5b48cd212ff3856d12579709d3be28eb96c1e7b094acb978415e68cc41acee2bcf939f78102423c3f8925431a7f8080b2d7a05ac66ffeb4f84686f8c66239b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16ff6435e19702db749fbadc6e7e6d0c
SHA1 4f4f6eae0473c643fa00db1032216faf7be15646
SHA256 132655cce37dff08f0fbbe62560288574868ed8950db24ae913f9325fac66e58
SHA512 06626f5673367bb7bd53f3e109c801e18233fd607099e75cd3c4c7de9e76424407eb9cda0bb7f905253d029babf3038ec39855e9ca47e18cf0110aa395878566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e57102794ec7327395050bf694d1d5da
SHA1 853d1568e2b9c30ccc10aefbba70e9c38f9c9765
SHA256 71afecd5dd8f57c3baf8c673b3cb222377ed3cefa4fb36358272576f731118f4
SHA512 ed9f56f7f3b343323e924b2bed73a8c4fdcc0419d12434feca18e92f896613a76c108312fa56c174f37e859afd4970242f29180492d4e727332fc468278c2945

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dee5281945ea674011b1cb62a410a9ff
SHA1 931ae91e2738504fecda0b273d8915f9acaed1fe
SHA256 4dbc7c46a76ab9fc2c8af0ea18aaa8159a13cb7f556630b67303ea641a4c69e9
SHA512 07e3ef70e74dfb83d23d52e4d314444cf911a3f90e33150ef8b6d6d24fa936f67bf950b5781a394f22abdfc62df3adf84041a5444495b92e364a6dc9a2bc1aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b2108bae3d1467d7a302475d32ee7eb
SHA1 6b79d1baa4115f64e5c64ec3dca1d1fd9fa6441b
SHA256 7010c56fda9adde2c831402b71a1ad74c527bbf655da523eeabc3dd392c40e2b
SHA512 d17dcf3f6067ca0911ef32196ef63e857bc868fdf866d6e182c7947366dccccb8d594c6370beed8963f42162b6e6b7b28c04de8f1b339c75c561982fa03932f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab58857f1eb6f6ebe7894044284d7d37
SHA1 91ba1f283642bb7f0fafde3dfb775f7a9285e9cb
SHA256 b6b123abeb4f5e965babc19e41917e1c3e1399088ca2f79681f7f041ac1aba85
SHA512 a1d31159cfad74de2b902e5532f0db440b786567ecabf956e2a6aaf566185295db98e0c2099d4e5f711073c0aa3e08205168cce8456f019e7c13be948cb798f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d9c4d567c34403468d8d8690af26d73
SHA1 cd217721b15e57d9e0e6eaa3210537ddab199097
SHA256 022923ce910a15d84753a031ed846e9172ad04758b9ba7974853d9ba35709a16
SHA512 a824eb3cc95f6a2d6506074325416d0fb784c4f16941236a6aa55004286fb75daf7787562b78588f81a9230c5267060a94db7594390ba0fc559b55cc89deb4ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e4c94a947faf063701576ba0cb37eb4b
SHA1 fcba5bff0fab0ca686763b24f8bf26c59a419924
SHA256 b63bca77a43f805442c008684d26ae199003d874ac9a16ebe9edf1e113689d09
SHA512 11c549a54d339b341508e1e12dd91d0febe6625a6bc4eae14d9a43f28e4057a784249b4b964dc53fdc95594e1fb88ebcd8b9febe2f9f1e5491703660f00f7787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3643cd6c5326ecbee31b1387ce73a8df
SHA1 c81542613a7dace2ef6c40c54e4386d584d68cc1
SHA256 b7cc7aa7b142e17225fdebb1a43966a83e7cbe351df2855a28578f38388b7d20
SHA512 5dcf450b60939375ac3da2a8f68a6d23ac9f455cefd599ae21d05ef501f65d47fb48deeeeff73bc9a0aeb360ddb9c954d4c9c6da607d5d086077470bf9588dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c8ad967b20d8471c4c524d8c2dfc4bf
SHA1 45540484504d6b62d4e4d25c4dc452c218e54bfd
SHA256 b353f44428d653cb3e64a165fd82c014d3293bf2c5fec131620310576a2fa554
SHA512 ea4cc178beb4a19df223842ce086f534695eb225343b346c6e9927283f2fd566bf5f40e884b906858a4a1ea751a07edcf05756ae1be30fda86166aab83107142

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aaed692d864f8cc0b7e2cbb1fb8f5933
SHA1 c8c41fd9ec3a381a0b44cdbf8365023b923ffa5c
SHA256 3ace4d8bfeeff076973d1dfe1ccafe897359af61f76dcbb1a884f35cf9199d1b
SHA512 cc453c8ee4be341ae3fed6df9220958a34020cdb25c1199d1730c6cf4a54a86b8af96be332298ae0395144ee315c4c16360019e6e494b78a3d7bea80b3863aa8

C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 459b9c22289508efa1b8ae87b2087d00
SHA1 f532788fd74cfb04716efb057632d38b77ef03d4
SHA256 b7e596e00aab14980853f693b40c49511313da792d8e194e9845a27b1e81d03d
SHA512 da079aae5cd0440c1859a02d51559380f1ac69c7746b099ab6de4b918ee3f38e046eb12e67b46100b70f79c8039e24d335d6be8454fd7de189436c4a917cb374

C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe

MD5 ac4e00bd609bcb32fe47dd3adde4e351
SHA1 2dc2fd81f5c626dfa6ceb8c150eadf97c1870d1a
SHA256 e66eb395e7ccd26f9cf95a95daa8537e25ddcf4e013cbdd31c761737ade91fb7
SHA512 d7b1a9fe415cb39373b92321b755e7a22602d2b28ba17444633e892896a8c2e1b71a40fdcb2d556acc4b9392c9bfc5d05168bc2ebcdc473cd6e3f663d2a410b3

C:\Users\Admin\Downloads\MEmu-setup-abroad-sdk-mv.exe

MD5 9c490821484ffb809c7d6e9dc093f2be
SHA1 5c90f42015080efc2c5d7dad8a2c87c72dab644e
SHA256 82073dec43d46700ff7d565832d27a91eb00a6f2855b9278a8163baa0eccfb3c
SHA512 7caac29a12ad4660634f16a94911d11c16c21b52c2006a74d19ac1fd981e1ac6eb146fe47a523c3383af3d46a60a26c9316afe3e84239447965127cdccab435b

C:\Users\Admin\AppData\Local\Temp\mds\mds.dll

MD5 48f07e86c6d50f527d7fd5026a3fbe5c
SHA1 64184c950bc0622df2c8e7707d37fae566ee5722
SHA256 b1317206a12f105e28338fea33c5d1a66df07fb35586bb4e1727555bec90e71b
SHA512 9172b41d51643349cb0d755d1f90ffbe15cb7bd4ed80700d91c73f4afba17055f0488fd1d5858dea2843d545fd4752751d081dcf2117204cafe0f6fc3cf30c5d

memory/4532-367-0x0000000005160000-0x0000000005170000-memory.dmp

memory/4532-371-0x00000000065C0000-0x00000000065FE000-memory.dmp

memory/4532-372-0x00000000741E0000-0x000000007421E000-memory.dmp

memory/4532-373-0x0000000073930000-0x00000000740E1000-memory.dmp

memory/4532-374-0x0000000008D70000-0x0000000009316000-memory.dmp

memory/4532-375-0x0000000005BF0000-0x0000000005C82000-memory.dmp

memory/4532-376-0x0000000005120000-0x0000000005164000-memory.dmp

memory/4532-377-0x0000000009520000-0x00000000095BC000-memory.dmp

memory/4532-378-0x00000000095C0000-0x0000000009626000-memory.dmp

memory/4532-379-0x0000000009B60000-0x000000000A08C000-memory.dmp

memory/4532-380-0x0000000004300000-0x000000000430A000-memory.dmp

memory/4532-390-0x0000000005160000-0x0000000005170000-memory.dmp

memory/4532-391-0x0000000005160000-0x0000000005170000-memory.dmp

memory/4532-392-0x0000000005160000-0x0000000005170000-memory.dmp

C:\Program Files\Microvirt\tempDir\Setup.exe.setting.Uh4532

MD5 801b1fa51779beb1fac50661a1677385
SHA1 5ab58879723acbc04a549219e679cbfc592065e2
SHA256 154bc9e69af46049000fac95e36127dfd69e737eedd2e444864e77dc1464a90f
SHA512 d30fe438c537b981d713a5059dd7eae707d0ad63d6853ac2b98356b1ce66b9c4ea3d1f428af946e397a59653772ef6435473cfa80339084410e9b3cf8ac6ac77

memory/4532-404-0x0000000073930000-0x00000000740E1000-memory.dmp

C:\Program Files\Microvirt\tempDir\Setup.exe.setting.lock

MD5 a43d1322a235a049d8895e5ada67b57f
SHA1 1b6ed0122747c100d885f9723a228e5c52907ff9
SHA256 0c57636b5a118e3b8259f4169a11ef6dec43681f5c7f711033e53d86c9b3aa99
SHA512 571e58e12abd9a7fa8e324780dba86a35a5680b548cd92449ac25c87a62e40bfa005ebd749c1fe89813f5f02ec4597ebab79a74352711ce76aa0042036632171

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 2e51cc5cc221b4e1a3edaa129dea3fbd
SHA1 cc2dda41529af16d8ded6918b17c3bafd0151ca1
SHA256 ad1a96593cad208cfcc0e8607c2f83a90ae13edb8734f463e7b125e23cd37554
SHA512 8640d55592e13c5782fdd385a1a7955caf3b9ca255797941588aa7c0496e5d19580441062ffed8c14e5f71063eadd0b582b2976e0084f232e181410b201732c0

C:\Users\Admin\AppData\Local\Temp\Product_files\rsStubActivator.exe

MD5 06113a0ff8cf385cc8377b55f9fcd66f
SHA1 d6ab094434d5df10b0542ba15fda396bd70b676f
SHA256 ce436087eb6aad19d3f675e4625165d76dba967df7d3f1a42388bfafb566dcd7
SHA512 a28162949efda3318d1bb3ccb25408baf696c36050cdfb9cd490ac00200a59235234e9c006c8e564aa0858b7d8d40183fdfb1fcb3018eae9457e3072f06242b5

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 277ae1aedcb941a1f40b0b16e146a3b9
SHA1 7ad4bcc2948c2ba7a6984bf2426b7a7f93e03d6c
SHA256 4c9a255b21e69feb967608e1e20cd278a5ae081784b35ae91310d221d34d6f3e
SHA512 33c365644df86bf30a7760882bab551e835513f2e85d493e400da9954b99b10d611c7854bb9accc0bf2f35290dac7f6b464c70b19b975130fc25be3c38f5187e

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 4ced2bff189868da5cd6960dd65d9d75
SHA1 8297d24f14cbd07453755368b06d3b4e70bbd124
SHA256 79fd05739c3dcaad0910c151a7a44d06b57a2f5c99ccf23482f0096b0c0811f0
SHA512 f8e73c9e276d8ee7fcc148f4ce1d99a14d0567027a8d9486f030cdd9ed2777be0495dfc6d03337cba09b95244275f32a783a3d5af43738b28b064e5dd85c2e74

memory/2224-529-0x000001B310460000-0x000001B310468000-memory.dmp

memory/2224-535-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/2224-541-0x000001B32ADA0000-0x000001B32B2C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe

MD5 e6cacd004b153a2f056d4cf8e3963535
SHA1 fdcd8291ab1dca8eab71fd7f9086c02de1b66763
SHA256 4c77c7aa4ab7e9b16163ca8bbfea85c850a50caac43cb9e4425ed959f0e28a7b
SHA512 ad4762240eb830b461cd39bac0c7455fd5832158e8f335dd92cbd38c3ee85c4fc56e7bb6b3b2e82b4a8375d9f73a09fe8526728bed3496fe0230811d94e397ca

C:\Users\Admin\AppData\Local\Temp\Product_files\saBSI.exe

MD5 a630e4d1c1196dbab8aa1e386504b3b7
SHA1 d7391167298c07cb5bb59ea005e26dfe7e6b9c38
SHA256 da72013becb4a6cc5dd9159a70b8ed587a673b1f7feda21f3668b3c2e140f355
SHA512 0a7dbb994aa22ec5c488449da3afd19a849326a41ac5dfe0b5682d9732cd8a988c88d3cde5c5b4ebb4c16ba4b3915dbec07b35cd2d867a54d03e9d2b0efb4e81

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 df952b47c9671c555c9d33e63d889983
SHA1 1f654975ca48cedafd8f60e61d13b20d259986aa
SHA256 c6e965bbd03943ae223ee2c9e76f85481909a0a82a2a651388456fc773e90da3
SHA512 5efb49dd14b219263e82ac76a5af9167023c38e708a61bfa0d2c4647b11e5c8f082bcb34f488b522882673aef437f6536fee5b386ccd7d0427ac488ed81467c6

memory/2224-613-0x000001B32A9D0000-0x000001B32A9E0000-memory.dmp

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 80a495bd7658204cbab5a860fb44f180
SHA1 6687e89a8593747e2ce4813ee943f88d1f94ac06
SHA256 505332c2879a027381a249d3ce58e4baef8d4d7fbcf305e9c3bb39ab7a1dd6cc
SHA512 db7b9ae2c42f2bf44e8cf84ea8fa3a9f305cf4b3d593fb4f618821cf142485e2df17e33d95f393377122ae12b700499e78f4ab8012915e33896c71724a953b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 eb36ee2bd95b01111b2616ce2f8aa199
SHA1 11940570392cd285bd5781a527d978bd9c52d5c4
SHA256 a6117a7901da4706af9ff774fb1bf0e03d0fc8240ba05bcee3eac6ddf1277dfe
SHA512 c1fd582cd624f76deaa47c9b38eeba6834155b9f743b08e110a3dcc35cdeefc83c21e045bc85b6bb98ca434447de5821d8e9af36a6483cf0ce72d6b010abd1f9

C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe

MD5 981f44ca11e76e9ff4cd6a7bc8df198f
SHA1 948404c34a35f4ef24e78e755ef670f4fe9d6957
SHA256 e7f42f64abdd1ba8d4340acad5c3bc8a5d2996a4fe66739e462eedf2cf17f1c6
SHA512 ee1ea9e2b4ca730ff39df8e8e57d84d25a0ae91c9dc6ba1c9f19c91208962097ccf18433fb166f65a2c7e03c8fea3d9bc347834b68a4fc9e2a9ff170394d1603

C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe

MD5 22a69fa3a2a871a3dd795c2552debdc0
SHA1 5eeac1d86bcaf2b1d260570fd7eb523811e3ed3d
SHA256 30daecddb97fd7db98a735ee5d7b58c37647cd9dc117906c817cd78a4db53e67
SHA512 4e24294f2893cc678ba2b3aa7748c27816a93096307dc3fc261ade9418f8c1ea5f463779c8022327a263ced7bd14365fb0d24aaad4c7fb1976e29d3dba5a0291

memory/4532-678-0x0000000005160000-0x0000000005170000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nshD1F8.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\ziwtl1f4.exe

MD5 715145a2c5f42c7bf6cc96b081d65622
SHA1 91256fbba9aa7590d76092d646529e840b300217
SHA256 ad808880d5b45d36799cb51512fe616f71e3adae77461f75ef7ad1ebae871c39
SHA512 40f434797ef6900e1662e565df2d260ac9e3890bb2a50489ccfe1424654e82ecbef7f028518efcd10f0012d7450c196c8095e82883f558e035634b9cc239b28d

memory/4988-745-0x00000209610F0000-0x0000020961178000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe

MD5 ba78c301170615a51033d265add78c28
SHA1 8d2bb8b5ad0673548930bb23ae5162e49e44a5b9
SHA256 1c3624d2317dc10523c906b6c89ba0ab831c17c9e136ba1ef0cca19f040f9de8
SHA512 d13dbfaaf655fdf7d8f315ab2acb3716192439b58e1f6daba719b752f66308afdceefde9cc7c85be7fdf483022d947fec78dc2537c87722496aa8eba6eb0eefc

memory/4988-751-0x00000209615C0000-0x0000020961600000-memory.dmp

memory/4532-752-0x0000000005160000-0x0000000005170000-memory.dmp

memory/4988-753-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\rsStubLib.dll

MD5 90463c3b41b8011fbb84ddf7c3840df3
SHA1 5344b2170a07d043d54ab8c8e30b02d3f6bc94ca
SHA256 8eed3ad97d6a97e759023bb7284fa0ab2c1726fc56de32f9f63071c5910deee0
SHA512 8c390068dfe62e9cfdc9017d9108a8e67f894dff171e7c98280317382ef68a16e8670e15f3847344385642776bf1589c5857e47fe7ef61b9845662997ab15c27

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\RAVEndPointProtection-installer.exe

MD5 41a3c2a1777527a41ddd747072ee3efd
SHA1 44b70207d0883ec1848c3c65c57d8c14fd70e2c3
SHA256 8592bae7b6806e5b30a80892004a7b79f645a16c0f1b85b4b8df809bdb6cf365
SHA512 14df28cc7769cf78b24ab331bd63da896131a2f0fbb29b10199016aef935d376493e937874eb94faf52b06a98e1678a5cf2c2d0d442c31297a9c0996205ed869

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

MD5 74d1ccf54ad2989601defa3ffda99647
SHA1 fec7346f0af8d2ca9427e3e4e3faa522e86732e5
SHA256 02ae98e74e93c824f8460c80204387f2b335fad588122bfb6d3523c6ae7c3120
SHA512 c67676bdfb2bcf5318db9eeb07cb97fa1511129de95b706cfb825bb2c8bb3466f19f3469fa27ca08d6e06549b51f6ba12d39bf6f8da42698f63bdb48654176d0

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

MD5 55e095ff9cecfe2cae9619880f6a447f
SHA1 7c8ab9c63852a437a100c870e814655dd5690978
SHA256 84a96a9a0ba2f17011c2242b3c0b929028f39211e8b0ede25d93323c0ff592a1
SHA512 b004e7eca837352d9854ce5d8cf9eae51f47386d33518d4ee49fdef0ad79935d8bbaf398ec06b7be6728298c48fe2e4e0d6e58f305d5d62abca9a202145a9d0b

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\rsLogger.dll

MD5 83ad54079827e94479963ba4465a85d7
SHA1 d33efd0f5e59d1ef30c59d74772b4c43162dc6b7
SHA256 ec0a8c14a12fdf8d637408f55e6346da1c64efdd00cc8921f423b1a2c63d3312
SHA512 c294fb8ac2a90c6125f8674ca06593b73b884523737692af3ccaa920851fc283a43c9e2dc928884f97b08fc8974919ec603d1afb5c178acd0c2ebd6746a737e1

memory/4988-775-0x0000020961610000-0x0000020961640000-memory.dmp

memory/4988-777-0x0000020962FC0000-0x0000020962FD0000-memory.dmp

memory/4988-778-0x00000209615B0000-0x00000209615B1000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

MD5 6f905fe1d8cbdb6b3ab84873f4fcfe53
SHA1 53b33140a97ee97405ba4d7c23d949494dab436d
SHA256 9b56a900811e8277a87c8630fa69ddb543741e08c55a1be5bcc8fa86c136fede
SHA512 7e5ef16f31ba83cbe168a4e7e0ba33569cdf67e7237ee13e2ad0dafeae71292ee241d6cbde8d6790b9e9d6d3b618be76d4965b07372ed04782a1c57868bb7ece

memory/4988-787-0x000002097B700000-0x000002097B73A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\rsJSON.dll

MD5 f8978087767d0006680c2ec43bda6f34
SHA1 755f1357795cb833f0f271c7c87109e719aa4f32
SHA256 221bb12d3f9b2aa40ee21d2d141a8d12e893a8eabc97a04d159aa46aecfa5d3e
SHA512 54f48c6f94659c88d947a366691fbaef3258ed9d63858e64ae007c6f8782f90ede5c9ab423328062c746bc4ba1e8d30887c97015a5e3e52a432a9caa02bb6955

memory/4988-792-0x0000020961580000-0x0000020961581000-memory.dmp

memory/4988-794-0x000002097B740000-0x000002097B76A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\rsAtom.dll

MD5 9deba7281d8eceefd760874434bd4e91
SHA1 553e6c86efdda04beacee98bcee48a0b0dba6e75
SHA256 02a42d2403f0a61c3a52138c407b41883fa27d9128ecc885cf1d35e4edd6d6b9
SHA512 7a82fbac4ade3a9a29cb877cc716bc8f51b821b533f31f5e0979f0e9aca365b0353e93cc5352a21fbd29df8fc0f9a2025351453032942d580b532ab16acaa306

memory/4988-796-0x0000020961590000-0x0000020961591000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\uninstall.ico

MD5 af1c23b1e641e56b3de26f5f643eb7d9
SHA1 6c23deb9b7b0c930533fdbeea0863173d99cf323
SHA256 0d3a05e1b06403f2130a6e827b1982d2af0495cdd42deb180ca0ce4f20db5058
SHA512 0c503ec7e83a5bfd59ec8ccc80f6c54412263afd24835b8b4272a79c440a0c106875b5c3b9a521a937f0615eb4f112d1d6826948ad5fb6fd173c5c51cb7168f4

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\Microsoft.Win32.TaskScheduler.dll

MD5 a09decc59b2c2f715563bb035ee4241e
SHA1 c84f5e2e0f71feef437cf173afeb13fe525a0fea
SHA256 6b8f51508240af3b07a8d0b2dc873cedc3d5d9cb25e57ea1d55626742d1f9149
SHA512 1992c8e1f7e37a58bbf486f76d1320da8e1757d6296c8a7631f35ba2e376de215c65000612364c91508aa3ddf72841f6b823fa60a2b29415a07c74c2e830212b

memory/4988-868-0x000002097B910000-0x000002097B968000-memory.dmp

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 ded746a9d2d7b7afcb3abe1a24dd3163
SHA1 a074c9e981491ff566cd45b912e743bd1266c4ae
SHA256 c113072678d5fa03b02d750a5911848ab0e247c4b28cf7b152a858c4b24901b3
SHA512 2c273bf79988df13f9da4019f8071cf3b4480ecd814d3df44b83958f52f49bb668dd2f568293c29ef3545018fea15c9d5902ef88e0ecfebaf60458333fcaa91b

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 f42537378f1d0f2c4f6b27bbec2bcbed
SHA1 33656c6e08985ab7320b30c42ad71f05aaf20e64
SHA256 26f0b1fd67944d97dc2bad0e5c7f9bcf71a2a27428e5512ce814bbcb73b7333c
SHA512 0e567ca13e31c9d3eba0d09fc988d2060826a7a5112a107a1703e6ee910c80f71eb000d2f0333f35648dd50f1906fe8fbb420b955ef6edd818fb846368fe3d0a

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 4f97c21946a4280ae37c1691089b201d
SHA1 65ffdf55bfd9aca574496f515262a289173cac8b
SHA256 8270c98444d240ad4fb9af1f5f07fb2f937689d1c4f345c86b6f19f490cb3b57
SHA512 faea331bca42794fe612daa2983190126c178a171694f48877bd3666f8ff55c64287bd0b372fe75d95731f3ecce9a97859ce9ea937e299995af9c07def2d9576

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 e68be01a870a77c549a63ff2774b17da
SHA1 1402655a5ccb0a9fae3db6877aaa6d285a204df1
SHA256 012e5b3058a46f32a05bdb65d72b48c236c10ff46231f3af60a906ff4898368b
SHA512 8c366f88610ee81ecb43fa7de06c6b12bd823ad0bb495ec149ee80b9d0815e33508eeac31d14c2f774a640cc23879f49b28dd8e1fb560bbf9e588bde24e5415b

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 00f4bbe95c3c5fcddd6d88adf54f3b38
SHA1 10de5be3e8d300234e101aa01d20e5990884aaa9
SHA256 ffeba930aa13189aace11c646b0af79f6ae7cc8a0ff6f6797d6a0d174a0695d1
SHA512 feb9c2b0cd1935e7d1e314209fd1e236a7b9c4a8facbd80824bd85c8d3a4c3afa04c48a697663f3a3297e1c2fbe41c295a3736f1fcc9ea423b4554f4eed52368

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 ae3a9bcaf0d6eb22f617e06bb9e1cc73
SHA1 5027c4ffa41c72220d9bcc8ff66fc8eacf02f83b
SHA256 e89d332662b0c241e3b84b1652d40505b692b8291dfd9a5e9ad5dc8ad8993729
SHA512 d76a65138272ce9c269e9f08d7a1b610d21bc6c29a83396edb4305af429e2de683b019d0c23fca2d1b9ba9865ec2e64d57ef9b494912318f752d6463c5311708

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 8a6ffdc380af4350b9161661d9269229
SHA1 488be1e6d72201a11eeb90584c2b4fc49d1e59a9
SHA256 5ad2cf9ba1af149e6a14d55530425f90267378e914520be6f80068acf9221ffb
SHA512 949457153035b945a28cbd81073f2128417708db2857f9158223ac79628426a1ea793cccd740092eb64f8a3e1e9aed9fa93e5e96712fcf2450d1023de5fa6c61

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 0729b5dea8cad1bb43b9937fc8f4b749
SHA1 ce290fb0a560a1bd40a17d072bdb59e51d698e81
SHA256 7258234b5ca1ed725a9ee2c4145ca500c073e939e8e22d6eba0b7e906c3fd502
SHA512 d94015f857c7a680f1d7cee70a4385d911d9441d03fea3c04f530d579a6c95410bccc58cb5d2a3d9d5bf2e3756dbc95d34a224156f767e8ed97806d60bd7607f

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 529c112aa8fb8ed173f9c2fb8821ec31
SHA1 27a38ca51566b5cb2b7ad8d92f909fddeff97819
SHA256 6e6edb7621eeb0a0536ba9ce630c1d48597563674649efa76227cd2f749fb252
SHA512 ee2d7d29c0bf91fd73705018f30b2457aa3a1eaf65c83889e5c5cb62b9e8ec676d9f05d34d67f5fa5e5bfcbb8c855d1686e393dda77bfcd778eed5646ce3add5

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 422eefacba17f5bc33ea5caf0e9b438d
SHA1 3b1b239db51c07eaa1b84fe7bd556c70c50d4e90
SHA256 fcc51b78c06c29834c870773267eb2cf17da7e775a4d150a408d70d33e2d1ee4
SHA512 a5165bf487fb420330bb12721e52f859959826a6b3c9a74c8cedb7852626f5e762df3cf00d923c3fb2ba8625ebf62b6a5b5ce6aa4fe4dfcc66aaa3b5342d218b

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 c0f41dfb8e758c76aa0941640880b803
SHA1 3c29f01aea6fabdf003f2a49429a0ad6c769378b
SHA256 728fdc8760453c21e957444b9a727293ec2cb656d109f147a7be95898d816df3
SHA512 24792056e89ec8f67ceea099907b20f62a78327b4723f7317391604d96a489e85a2984a9500b991c466892c6f2b9ef5b3bc21f90b83672b2455c35d39b7b5eb3

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

MD5 e2fa0ffaca8f6f2166b28d1483625a96
SHA1 c5ef3b868fb014b53f0a6143837022def094437f
SHA256 6d1786decf53c479c5e4fb98e632475a120f4049efa231e22bbc3a90aed68a50
SHA512 53da9d41b13b2af46de731e42ba67386e6376e2e63e976193d33bb317887377f941a662f9620b31c686eb93ae0130fabf3a9781b18a61c0caeba150ef686d26a

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

MD5 45245032a1c3552c854350901952260c
SHA1 66405a07727cda0f1185410212cc33020d954adc
SHA256 fc3477b12ccc707d2346cfc4b164244462100bbabfa46902e3b5bb191cfb306d
SHA512 ee0004b0d1830d27eaa8c84ec06a8a0481796b97a33a85b30f46cd4fedf4f1fceda17671027e17f3ff2dd4266abb0c05517375e2d524e4f2a3a963936e78b5de

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 2657bc3e1e58d55ac3efb0a69713ce85
SHA1 239f444d2561c25ac148d0406139d5c4103ee5fd
SHA256 33a8e29334f0ad06fa71a7d944ed80506831be815bfefdeda72d493aa957578f
SHA512 0af6db6e57c1c7e1d684d25bbd7d8c3d919308a6339f15b4698966717a7c9377c9402afd8cbd96ed366c5bed21211b09e5d25fe672e94f962c713d635882df0f

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 2cce80faa0bd598804cda83d190ca66c
SHA1 cae449440e426026feb9eb69ac151fe20925d941
SHA256 284ed284086c2b5cad556f37eeb41902869068b0e521b92608af06dedbea168c
SHA512 87a96d888010f4df479d436567e7756f1317e8b0c12b172368f107b3e176b6177aeaef569de2465f26d31d45ff66be785ab45edcb4bd8b14f6e422b83dea38c3

C:\Program Files\McAfee\Temp2008047649\installer.exe

MD5 d272a549b32dcca886504de96cbf6ff5
SHA1 2695caad8b931dfeee38c0b29ce29e569ca3f449
SHA256 75011979f16e5f38aabe2e9c5e29bcd23256dd4e57f0ade6fab938235430afd4
SHA512 ba304f35313077d57950234d275572b81c7de2e8efbe57c31469b1fcfaf0f6530a0fb4c76ff6f66884f7cdeaea5a9ff6ecb2cc64ba031dcd11c805c4a6d8f465

C:\Program Files\McAfee\Temp2008047649\installer.exe

MD5 d849fdf4b337bcd81aa09ba7697922cc
SHA1 4c963fa48eedd6d9cd119e759b89eddcf17a6043
SHA256 fcdac77592b9d190fa0d27537477815813f709901d6b9349787f4218fc5af969
SHA512 a407376db82d40c659b20046cae70dfb23a32e71918f82c5e6104290f6ccd2e53ec3e626bcf6feacee0aa2dcab124f3e090f09ea9b9c0236929668ea6f04edad

C:\Program Files\McAfee\Temp2008047649\analyticsmanager.cab

MD5 024e451ca64f06c7054c5ff1d63289a8
SHA1 5c9a65800a072bc20ed6e660551e87b183ebfb53
SHA256 e63bfdce9db4bbf3be28051615c81b1f5f5e1af5b512af5a48c3a8b7e882213d
SHA512 f311ce7c193f8afe11a12d35726e5a2953049641363ce73b0caedf740e337f8bfbc08785f69bf93a6d5b092851c7012372086319bb86fbcbe2722cfbeed790eb

C:\Program Files\McAfee\Temp2008047649\analyticstelemetry.cab

MD5 f4f1873a7f68239272ecb3a92f1a128a
SHA1 288f5295325dc3986269b07f901aa186736bfa79
SHA256 3829fea320ad3c1aea101d47de31f93411114c2b4473fc75d11a809bdf1906c6
SHA512 4e195d038a83e8d7a0a52f9809c4ab2ece1f934220e0aaf143716bc35e8a8d682b101a42d218f00646a282bdf87cec73ef4211662ef56ca5caea691521fd8000

C:\Program Files\McAfee\Temp2008047649\browserhost.cab

MD5 0c693c6f86339af4e5373bf2882733ef
SHA1 e1b19d022b2e7abc4912979208e926cc53e0e990
SHA256 3dffaab4c4d8ca047a24e5eaf50bfcc2eb649e8eac7d292adfca4683b687b071
SHA512 fddfda39c795614779a93deb2f3579eb7df3dbe597ca5da50648c44f7a5d6aa26661de85c18f3cab9cb9b03fd677779572819e2b274a19934c010b7a108d7307

memory/4428-2181-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

C:\Program Files\McAfee\Temp2008047649\browserplugin.cab

MD5 905b239c4394599729ab761beb87e1e2
SHA1 03eed0d9ae7ff068d195b1b126ed732514fb8454
SHA256 1dc511c476b2a972a681e0d8cf455ab90d3decc5338601dbaf55072c9aae5f64
SHA512 051e2b7b37d19c0de2d0756e6a09e10ddd923a87044626638a24656661642b183679e61a790b3e9fa252c72baa7d08950a9b0e5e7dc765f0df727058f66749a3

C:\Program Files\McAfee\Temp2008047649\downloadscan.cab

MD5 ad1c2b03251588b956d4182b737956e3
SHA1 5d68b3bac68447a3335b225de41d5b8b25f9f633
SHA256 54f1aed64492e4fa8a501fc024f23865cb3b5524ec19f77009cb77dc56f99eee
SHA512 51a4bdcb837d566912be237d608c124daee6e2229890f22e3a3963ca83646a741d38ef551d782504505a5d4440c5904354a8da67690b80d92ad7e8c49e5dfbf5

C:\Program Files\McAfee\Temp2008047649\eventmanager.cab

MD5 48aaa4b6e80a339dace8a078e76c195d
SHA1 117b42d976eb73061a014d56a7a88cd7f9b3461d
SHA256 a20d1a0f6c5ba37e3c013bace451ad45840011d58ca58db1cb74601aa243b782
SHA512 f709bd7d48eed0099a2dbbd9aeb0d7b6dda5788f554e55c2411b6b6ead353f780a9bec9f8236eba7a81f33e465f96a62de43b269c70dc5d079eb82d581c41103

C:\Program Files\McAfee\Temp2008047649\l10n.cab

MD5 b23e03cf417f3d8bce8d8daab1e3fec0
SHA1 0328887b63a0839904f3b72f7e7509863aad9174
SHA256 a78e486f718fb6d80b7dda1e6ffc7fb8375ed401a8c59461b33ec9e8c7a09042
SHA512 c285d53d4f1552e9706f0a314908e048a2d97da47ce51017449b8a0e3eaeed9b15d44b02a6104c1aca0d0f2ee55b1e30add182c8be9bfce616fdea1445873ee5

C:\Program Files\McAfee\Temp2008047649\logicmodule.cab

MD5 ae779ea0e926ea59b69b6dce1e8fda09
SHA1 ffad9614bfc1e8dbaf64b96ca519ae19b48202d7
SHA256 2bb1b6806c6a4abe29a505252bf0a6ad25a532ed79d38a74ec721a1b5cff8387
SHA512 851d26b509c660bbe74e00dacc1c3190ec4302839a06daf64064b01c670af62468a96c0e9adeb4ecca540b133bfbf65b4ccdbe87428e241584474df9cfa1c3fb

C:\Program Files\McAfee\Temp2008047649\mfw-nps.cab

MD5 754ec5710b8d2b0d08c2d4e49aeadaec
SHA1 088f9c3baf8c91b3677435c517930b0e33b008ae
SHA256 9778ed9ea19854a4312579c2e595d16f6c5c5645e4e8b91debe7fb582cf78573
SHA512 38db5777d535003cccaef7bebc2a87837a097b4eb725458e0f8b70fbd8854811981af66365bcb5bc3afa1f1f305af365b49926540d167c5001fcc4192e3bbba0

C:\Program Files\McAfee\Temp2008047649\mfw-webadvisor.cab

MD5 4d56a925b39d2aa9bbc2a415be2e1235
SHA1 9fb6ddd87d9586995099fb0c1423553d409e1ad0
SHA256 aaf18dbdef0d5362d2f2789b0dce5e1e91d0fd1fd4d8fef6f88acaf38ecbdf4b
SHA512 d9f670b661cd83988f8092f638fd76474288a7a0ca27d819046e99d9db042e9bfe323676e485c29b3f4a2970a2f7f6aa2a84171997380e3325266373a6c6dbcd

C:\Program Files\McAfee\Temp2008047649\mfw.cab

MD5 a64bb575ff72e6c81d3358d07325fe46
SHA1 03d49603bbb7a5b3d4b96453d20845f794bdb1b0
SHA256 bc48b292f67082e8515149ba81d3064359c09f5c646a7ee8e113940a6b812afd
SHA512 acf2a01d119e518a0de8dd419dd32e270b92a0c89d90428eaf6899d18959a1ea58891ff7ad95ccba14248b0d6a07d6e6f8d25ef7bd5889eb2e19eb0700267cf6

C:\Program Files\McAfee\Temp2008047649\mfw-mwb.cab

MD5 bfc0cadcba91d927561d76bcf8b151c6
SHA1 1fb6ae9629aebcdd54308f72dd8bc43da29dfa5a
SHA256 3c83f0a109a619d1a95633d3832140b4988b787fb78ed11a7ec47f680577deed
SHA512 704278c3b0381a7080ef1cdb8641592a4b2715039388f582121750391989b625790dd307508f1b1e01b04cc11950350aa7b285a980455755b968e547a4d774dc

C:\Program Files\McAfee\Temp2008047649\lookupmanager.cab

MD5 bd6e10cc0f2590433b8457175355def1
SHA1 0a2cff3e11dc8d7204f4ddad42f8230ea0f528f8
SHA256 39a27008c2e6e0f0ae58bd415abfe2c4c74c45b8d0ca506d05786e3e9b3d27e4
SHA512 46b90c72e7401d29c4a321bb9e067cf6cc976d04f5ecba1d797ce538cc310ee389b9f298988d1de4ea4fa0c8834a45b9e1bcbb3881496b4d8e62fc2489cff656

C:\Program Files\McAfee\Temp2008047649\logicscripts.cab

MD5 d55a19592f1160fed1f7f7ddff36cf21
SHA1 e19a058fa52f3c8635517ce7646fad181a28c015
SHA256 4549a4c73c3ca3898ee8443e28795effd85cddc87d57ac38c5087c53c14f056c
SHA512 70758593cd42aa8be9874cf196e229bb2824e28ef748f9e704c550dae57417299db66fb4965fd2afaa59a6d12d0b9477873bf449c2f2ae1d6e413c95ef77abcb

memory/4428-2194-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-2197-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-2196-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-2195-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-2203-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2228-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2249-0x00007FF7DE480000-0x00007FF7DE490000-memory.dmp

memory/4428-2242-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2236-0x00007FF79C8F0000-0x00007FF79C900000-memory.dmp

memory/4428-2234-0x00007FF7DE480000-0x00007FF7DE490000-memory.dmp

memory/4428-2233-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2214-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2290-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2288-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2327-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2321-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2360-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2346-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2361-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2362-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2368-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2390-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2388-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2412-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2436-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-2443-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2475-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2499-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2531-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2523-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2510-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2495-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2527-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2548-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2551-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2611-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2691-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2799-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2945-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-2668-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2601-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-2539-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/2224-3069-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/4428-3071-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-3072-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-3073-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-3076-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/2224-3075-0x000001B32A9D0000-0x000001B32A9E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5a2a871c9d94c21b39545c2fee97694a
SHA1 577dabf5201a6e6dd0fee0e303b20aeec388a394
SHA256 f8595fad0b0f5df093ca4f463e39f8c441b6de322be1f2a0629d3bd9a8ca74bd
SHA512 11e7b08a694ff508548190302691dad45c9914d8558a664ae5906351ea82710ce6f447877fb558e2fd625df19add964e9ee6e33144181d0c6fc607098940d517

memory/4428-3093-0x00007FF7840E0000-0x00007FF7840F0000-memory.dmp

memory/4428-3092-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-3091-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4428-3096-0x00007FF79C8F0000-0x00007FF79C900000-memory.dmp

memory/4428-3094-0x00007FF7DE480000-0x00007FF7DE490000-memory.dmp

memory/4428-3097-0x00007FF7E3C70000-0x00007FF7E3C80000-memory.dmp

memory/4428-3098-0x00007FF7D4E60000-0x00007FF7D4E70000-memory.dmp

memory/4428-3099-0x00007FF78DA60000-0x00007FF78DA70000-memory.dmp

memory/4428-3105-0x00007FF78DA60000-0x00007FF78DA70000-memory.dmp

memory/4428-3106-0x00007FF7D4E60000-0x00007FF7D4E70000-memory.dmp

memory/4428-3104-0x00007FF7E3C70000-0x00007FF7E3C80000-memory.dmp

memory/4428-3102-0x00007FF79C8F0000-0x00007FF79C900000-memory.dmp

memory/4428-3112-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-3111-0x00007FF7E7270000-0x00007FF7E7280000-memory.dmp

memory/4428-3123-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4428-3119-0x00007FF7D0BB0000-0x00007FF7D0BC0000-memory.dmp

memory/4988-3137-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/4428-3144-0x00007FF7E86B0000-0x00007FF7E86C0000-memory.dmp

memory/4988-3310-0x0000020962FC0000-0x0000020962FD0000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 bfc365e54bb1679e989ebab45bfa4764
SHA1 26d3914aa39ef7d1c3ef41da41ec37940615fb9e
SHA256 cc57700160b669033a19b04f0882d6a2f805a350257d5451a29f57be30ca058e
SHA512 a041b5eff40cb4a6649c71611dd7f258ca921323622211f1d1570fe436724d2eced47234a5d4562f37a1ec6dc5a14a0359233789b665592d77552caea6c138a6

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 eb105c0885ee2e4b9e2734f6f7284019
SHA1 327479f7820d19e6c236dc11f8707efd0d6bf6e2
SHA256 350bf925609830e683e5007dbe8feb4000a0c32a2b991798dc6b84608a2a8e89
SHA512 7e6805c2aabb1b1b8768eaf2c816dadbe78878249ea66eb89dd595fd9119ed0f8926213aa51028337fd1674aee532de301877458b5c7d9c0a2271c32a48ac611

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 b29ab669fdba3d529bb7c8a36e8a6e6c
SHA1 fda659a8f18714f57f44c76a5e862f22b3fef10b
SHA256 523c598938b1be2a2a7027173c1d71ddbfdf17f0ba6d60ec3bd0d2754cb4e2f9
SHA512 7fc6d450c196fdb918605c148a62bed0a5b4cbfa42de21a3148cd42e996abe2d290cee72eb60e83a29506ffb432dbf10001a436ea061b73f526ee807d593d0e2

C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

MD5 9b07e889526c4393162cac508b45ba11
SHA1 1f9142912f87d0db5abed63ac8df4c80844544d6
SHA256 2b2d21848b387954aadbce9c0098534ba2077c32efcea5c8506ff22e51efc514
SHA512 a98a565e51d68a8ce2a81c982f5757e5eb3f5a7238e1338d6339a3ae1ae448546063bb580209262d5bf4a472d32f52f37dc0f1500d2d72156adbea324aa62ff5

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 f222bfda4f5ae8d084435a3e7b404092
SHA1 2062e365633e9e146033e0f277bbdfa5f0d67fa0
SHA256 4672accefe7dcfed2d76c2d394f789f9da6f7f74c51574213d5382a06d37f827
SHA512 f6d826d52c538bf5a12ec2de64fd42e0b48feef7e4f2b84de7d69d3bf0850a760d0c37edea138cfdbf9b34fb3e36ab9b81a4edaf9e0354c9f61900f004533e31

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 f542fd8ffc0eb4b8363723f0c89f46b4
SHA1 3221281248d1393e870495d054a4b5eeda849af2
SHA256 3d1b8423957cbb66dba318365898aac210e72129355b66f568911665c8a2b399
SHA512 0f543a2437c7fe23d2de77af2378ff704ce14b50405046068476b64a36d68607c1fd9e5c1fa4e3ad14f229957f4164145595fa51d24929c281fabab5c8001f04

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 5f4fef9e807e7ae2191993d72afcf952
SHA1 0a3b697c6e3f6b24f4f852376106563d8c7458c1
SHA256 6a9cb077a6e48c3d36b7d00228325144718028fb5c53fc444a867a76ca59c944
SHA512 30ffb455b4baa0cde1757ec5231fb1b00471a89165d854220fc904cc1c81db73aaeed3b477ffd00cb8034a4fc7f277ed75fa077655a76124fbf38f24bfe603d8

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 9f9e796889ca6e6d70e2ada0ab8b8e0b
SHA1 4e35f724402184d1af4f3d5178bbac8b71894b62
SHA256 3297ff740c97a18b48c91a0abf06608e718e152e70997c979f3f90081e4a542c
SHA512 94821ec7b4f7f7ddc05963f2a40268200aea1c91e1ee7e9bee8ebdebbef78f55272f3bca8a58d4445afd64517c9aea43dac9ced2d1aeba39f0983f9129099b93

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 fb2063efc4dfbe06bc68b7e9aeb2d1b3
SHA1 ebdc76243c3a4873b286c7167e08ce76fc9d4c02
SHA256 cd9ebd081606b98bbcd6809cdb79e916fad92ad457c18f650aeffa9b2830a3d0
SHA512 230dabf61dfc38e88cf5ce8e4c347cba62ffd813c61663e38001d9a6828c28ac6bb752a75cd1b69d4baf65389709a0155bb3f4c394548d1cba586a59059f3af5

C:\Users\Admin\AppData\Local\Microvirt\setup\MEmuSetup.log

MD5 ae9b0fcce220e948a3ca5602ef610132
SHA1 d88e19470947e5f33685c06b303bd786492f0af4
SHA256 f6be98d4cc70477ffca6b886d6820ae20267d4b6a36dbde575087787d78b8e89
SHA512 6a2d0a529abd037130f4fe288896ae850cb51cfc4a3c9609ececa0c0e98a592127930ef4528e40ccc1b3a0f1ded0d0d3116a6ebafea9c98d5a23d990537b18b9

C:\Users\Admin\AppData\Local\Microvirt\setup\MEmuSetup.log

MD5 cfec3fa9ffb54b5f402ab596d8ba31b2
SHA1 e2ef1f721b24d8bff5fbe07035861671294e818c
SHA256 73440f0e5ab81f456b61e5a2687b0c2b1e04917b8eb11c070928c78b73961575
SHA512 3abbf716d595f22a93c0e85854d464943e5137f37d2bee33cc2d9af401e71e02b8c5418f6e42ee1a710580c8af8335a6c5ef438f059350f1901290809a1ab841

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 8694aa678a00932d833643ac4041ab92
SHA1 2516edbee25f7a6d15c2e4254d64dcb0c107256c
SHA256 5ca7b98f37f9635579ce9062ab306073f177c19576bfc5ab7374594311b5b642
SHA512 1f9cbdb2bcd61b91d1a8b9b4bd31d488b82cc4aab029ae07be30504035bd2e506c2a561ef193f20daf3f7f4012e0783cb054e16dd4b25b140c92804184edd4eb

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 b2bc84c7f22fbbd48c4d59ad8a87683c
SHA1 704e5f1b42c3d83511cabb145acb8548f4c13a82
SHA256 fe907d58442674223fa7ac18aa22cc85ccf05c1ec3ca94ff16aa7e2d66be78dc
SHA512 bf4f1424b12bdac2ef8abc4d05c4412d4a16165a1a182a605b25684fbe2bf3a74c721839c8056feb9e1629e64c86b49084b0184fa6aad8688bf2c5120a7a6d49

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 42ab9162a54792090371ac622fea33f8
SHA1 11f813af10c8fd74e5b008441acbae8297dcd3e8
SHA256 673dd457d2491d8c287e5daa30bde6f02bf750dcbe4adfbb1545238febaafd7e
SHA512 a59186d8e6e86642874ecef14e106a005fa2ae1991ec05d0463ca87a10b2b3c2cb3d2209f6c90f2030e90acb1c84d840968ed1e11553a55b2459464559795c47

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 742dc70831677696196ccf4283223d79
SHA1 c7cae427d6d275bd00143719501c8dd4985c28fd
SHA256 eed898b2f50635f422c44f458dee623646a95b02bb094a56895ce619d6242b5f
SHA512 803e1d297a51d731ec43fc4c1d5f39c211f9b604666cbcf2d4026854b1284a8f613c9e63d23ed282d91d90ebbaba2fbce99c595418c4305b47e827dc77f4bca5

memory/4988-4365-0x000002097BE40000-0x000002097BE90000-memory.dmp

memory/4988-5132-0x000002097BDD0000-0x000002097BDD1000-memory.dmp

memory/4988-5138-0x000002097BED0000-0x000002097BF0A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\b7f2fc5e\3f999899_706fda01\rsJSON.DLL

MD5 ce14e736829de499dc07c1e9b8776b16
SHA1 c9df711e795b8fcc08ef995d39912ad005bc9aa7
SHA256 856fdc16ff4df4a456adf22770e073b42d5fcac3f78a2f6aae49cd4e326c7e7a
SHA512 e3b157f247a1fda97a62a12faf15ecc697f05260d8e74469c0f8f7ecd49f88fe74728dcbea02beacd5b8f49e05bfc3e4c7cd9c74c722bad10601d7bb7e13fb9f

memory/4988-5150-0x000002097BE90000-0x000002097BE91000-memory.dmp

memory/4988-5154-0x000002097BED0000-0x000002097BF00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\236256a1\abbe9899_706fda01\rsLogger.DLL

MD5 bf4a75c09ddf053c269869b8e616671f
SHA1 82f1876c0b540b6fb94a81c507036eb2d8fa7a14
SHA256 ba3a994789bcd305225e95755e4514fd360bf05a56d6afb0d2adecff373c187f
SHA512 f0a41013cba8dbe8e6ecfbe1577af79addb06889a78332ea4527c1493b9f2d6aead1207e68b6641569c6fc0cd9c15baa47529d07eaaf2f7061651916a25300db

memory/4988-5162-0x000002097BDE0000-0x000002097BDE1000-memory.dmp

memory/4988-5179-0x000002097BF80000-0x000002097BFAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\ab56418e\7e7c9299_706fda01\rsAtom.DLL

MD5 9ade3f8bea9671e3de8afad7f16c69f1
SHA1 2bc9c23fad1179ba7ac6c214aa6066542c1ae90f
SHA256 8767a19995f75ae4a277d4e10c8df87b3a145013a4ef55a171695053397951e4
SHA512 55ec170861a6763c12b623bc635c4bf758c53df8bfaf8da8be9bcf6d67f3dc0d8be7bdf6d78ac8f450d09dfaf67f06da199820e69a43c89ae4661e673e9cc783

memory/4988-5187-0x000002097BDF0000-0x000002097BDF1000-memory.dmp

memory/4988-5188-0x0000020962FC0000-0x0000020962FD0000-memory.dmp

memory/4988-5196-0x000002097C060000-0x000002097C08E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 b20aebcc0b58363d7d17674aa4e3327e
SHA1 15c3d26ab5358a653466b777064b7253ace93b1b
SHA256 baeea8d8d958865a33b0972df722e0381f1c6066aa6b15c369244145a431a95e
SHA512 d91342c2a59f914742d928265b8bb7bc933bf1bba52330403bcd396a2ee716782a04f5b7737f13ff9b3e0ef4c63991fea68cc9e10b8cd3799bba0d5b9150127f

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\e1215014\760f9999_706fda01\rsServiceController.DLL

MD5 7162c851646205b1b49de20b95e371db
SHA1 ce35bc17323a24156686e7668704e7515bc8df43
SHA256 e7f08f8c63710eaf7202941e44ade7e2da9c682a0dec04f7b2405dc37f6d5c8d
SHA512 d675e9f8864c8245be7d19e807df3a9c644287e1083c74baa9dc393c3f2f2610263b90dee855966a06e15a7c8ab372fc02eb06670daa9b989653e2bfeead5f6b

memory/4988-5202-0x000002097BEE0000-0x000002097BEE1000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 71d227dd11865303ef9cf2470e2a1ca9
SHA1 ddf17b914accf313c1e27154e7d02dd3977f1b20
SHA256 97bc83cc936149228646323c3cdcbe5628398889af6ed4fa0774a49a86970a13
SHA512 ef397cba4c2a1f48b07f7ec9e3052c2eeefada83ba43650a237e19bd36319a2bd68dc4f501cef6658e9b9e0d742148e972c2c625ac22633f0101cf5c654eb486

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 f170c64b9b35aeb6a82d85c228199b3f
SHA1 e0cb4be0b9b341851cac8c32e1503b0670f06e37
SHA256 af77db2b8105ebeeadd15e9ad6412fece18928306c440b563cc275b2fdeb90e5
SHA512 3c4f57460f00ca47ffb736a08598bf46bc1c96cbf8efa86d5f7aaa5ecf6823b862e18fed6b3322c17926b72e9147812f2165beb558b61babf03ffe9f9c8e44fc

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 f2fe784f48c1bc09f016d43464e67b18
SHA1 2f74cd1090304701e9b301d48713ee4bcedc6363
SHA256 aa409148e9cb07e3ff3452379edfdf4bbc23b1a9f404da81e2038e4ab7dac622
SHA512 c9c2ae647e02a4331ff54c4cc3a05a69294848979eb1efc3a72fac61d2a417351af1176f864b068969b55b0a3d8f25959f5cd03616123b1fc228ee32efb859ef

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 870b7b9c823da19b6f52c831c58419f0
SHA1 61683993c5e9b4239cc8a07498c2a0aa86c69060
SHA256 998d9861619545b7339f2c1bd2d32e3b421353bdfa19f02a4bff6fa6cc3929b9
SHA512 fa77f2b3449be5cce36159d6a90859e5d25862986ad5beafe32a862011f82547ef46438c0f64e3f6aa7247d7938ecf0c0b5ee6fb37519b33276d1291406009fe

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/5408-5327-0x000002669BCF0000-0x000002669BD1E000-memory.dmp

memory/5408-5328-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/5408-5329-0x00000266B63B0000-0x00000266B63C0000-memory.dmp

memory/5408-5330-0x000002669C120000-0x000002669C121000-memory.dmp

memory/5408-5341-0x000002669BCF0000-0x000002669BD1E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 1264314190d1e81276dde796c5a3537c
SHA1 ab1c69efd9358b161ec31d7701d26c39ee708d57
SHA256 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5
SHA512 a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9

memory/5408-5437-0x000002669C320000-0x000002669C332000-memory.dmp

memory/5408-5438-0x000002669DAE0000-0x000002669DB1C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/5408-5549-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/5248-5560-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

memory/4988-5786-0x0000020962FC0000-0x0000020962FD0000-memory.dmp

memory/5248-5797-0x000001EA60380000-0x000001EA606E6000-memory.dmp

memory/5248-5798-0x000001EA47910000-0x000001EA47920000-memory.dmp

memory/5248-5804-0x000001EA47240000-0x000001EA47241000-memory.dmp

memory/5248-5810-0x000001EA60190000-0x000001EA6030C000-memory.dmp

memory/5248-5811-0x000001EA47720000-0x000001EA4773A000-memory.dmp

memory/5248-5812-0x000001EA47740000-0x000001EA47762000-memory.dmp

memory/5248-5824-0x00007FFC5CCB0000-0x00007FFC5D772000-memory.dmp

C:\Windows\System32\DRVSTORE\MEMUDR~1\MEmuDrv.sys

MD5 39ff928d8ec49a318b40761dd7c1cdf3
SHA1 5c20cb15caa4704b7a5bfadd12885646aca50fce
SHA256 9e18ed94739ae711585e397a8ea2f7e1b05e00bd23f57fbb7606c4498192c5e0
SHA512 04a3198da7dd33e6d960de8474814b7220c6d9f0378e495683fd38a5bdfe15179daedf24bf3038e78a775c20ced87bc05d64aee9202f08924e017b4d0d724524

C:\Users\Admin\.MemuHyperv\MemuHyperv.xml

MD5 e8948501d2e2781d539a982240c0e682
SHA1 340717f9da7ef76aa75c50e09d349de3ea6f6221
SHA256 20cb5203adf2b9027362efc88c7c9585ce68ebea96cd0db7f2ea2e13172abcf3
SHA512 f05a201a1e8b53c8410989cc0f1d597ca71f6f5fe725b50670544af9285e1dd7cc0d50f8f1732d194a5c86c58bfba59ff2310b71fecf71ebe1cced1e181cc0c2

C:\Program Files\Microvirt\MEmu\config.ini.lock

MD5 71b02e12b00afe071742aa46f47ad855
SHA1 f12c3faa9a85b72416307f61e077cd4961bd979a
SHA256 eba6aba2340998bfc73caeb524baf80270525f5597535a9d219ad93c22f2636d
SHA512 ae6001c6da203805453a928b5b4e7b032d6a242fa31bbe340fb86bbc04c2c1adf528f3e61db835f8d15c5dc5d991b1707f7c606a35c128d6b47d9ce08b73f2d1

C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu\MEmu.memu

MD5 22f4f9db9554f9661bf6cc279fa8fef0
SHA1 31b5a73d35293961f727332f2a3256d49374ccf3
SHA256 90c7ab4c07339858009dd6d482cd0b29ab120941fc9faea29ac09d857e976f57
SHA512 d79bb13c71cdbd025533945ecc199427b6789f0a91e088bdbfac9d766d918161e63c0f9991a31f10e24a7fc59f4cccae074b01373ff2322fbfef793c9805ba0d

C:\Users\Admin\.MemuHyperv\MemuHyperv.xml-prev

MD5 da3ca0cc21df495071489fe541e4e239
SHA1 f1c1b304d4fd5e0e89c67162b5b79385efad20a8
SHA256 f6ee2878ce12a6d90a57c526c148f8baef242b61625b2343decfcc9c0fb2f04f
SHA512 b1512afc45d6201951420187649f8e8551be32e96876f423f2b48051f8e95c4bf0466aee80081b47c76051efbfddf292316c93ae514932f0f59677cac157aa95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34827ce49fd001d70ae3b7e203557e54
SHA1 a3bbf8db2b6e2269502a301c752620a70aa16954
SHA256 859386a9e4c163bbad64816cbc2b647b8df48159c9180456a7c6864ef7d94609
SHA512 18c25ad43b8401469a4e7c23c16071b23560438d6b134160e664488fe3b6f67d9c7fa063b40ce50c6d35b9917ada6e57426b3fe23a89244e5e4761e0ddd5c68a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0828d7e6576b41bf5215157a6c4186a2
SHA1 633f93db46fe43480a1d4eab5bf3eee734bd5709
SHA256 f97856d474cccf555be1ddeb3d9d4dc17f76ff88b67e10600d90e174eedf75e7
SHA512 5178065726879ad85a63cb2bb1ae91102adb1d713c15766b11f29eadea4825f8a471dfe3fb1d1d6d7b3073c4056312f035265fa86c1e9d2bd0f08377fe218b3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe61920e.TMP

MD5 1c8c2e728bf75ae58636e435587419cd
SHA1 12605cd94fcbdfe033c3b4fa3371535b5ce94ac7
SHA256 b6d7137682627c1c6e2344673878dd501e12a78ef4550b193582ac6593f04023
SHA512 8b3f71836ac88040a44323388ad6108e2fece0f16a1e0a9b54c1e67dbc7e58794fba533bc19ff722a1587fabe250af33477e39dd595f508e6db85779c812b99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5430300b97791f1777a0be7113639d47
SHA1 31187ed52771fef9e1eebff7eb8c9be149bc36f1
SHA256 97eb3f9ae28b8f431e84bb0ceddb9ad9f10dc2817e0ce58a7bb16a0e873ba71d
SHA512 f74679a0d4e2a8c5b6f7b920cefecaebd417e3cffe0a4e726371ebbf673f5ae194d34692e2c7f1dc9f927666b80f8eb50c85311c93ad8e01469716701f71f31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b8930b23c1ea5b10502c6a844df9bb4
SHA1 13a24a808e6dce64240b829d7e46f7696a8418f6
SHA256 5e0d0a42001a7759740f011bb0f5b25d2e20f49bcebba18df90777eb24724fea
SHA512 778d7bb503cfc425cead030fdc5009ae1d2d21870c128b239925142892ae88fd8cb760f8ae491da5266bf83a9e8e670b1cf1e9cc7014254c22fd1aeaea095c79

C:\Program Files\Microvirt\tempDir\Setup.exe.setting.lock

MD5 ae98973052697abb628ee426c69c22f9
SHA1 8deac92ef0ef03315169392edc80855b6dc04626
SHA256 02f9d4021bf80de4ea4f7e7886a0186183b30f32e89db4e95db7c6c235e616a0
SHA512 d3315675292b88319b6726332b42e4114b9fa243dcce8e957fc706bd144f31ec22ffb2afecf77b52d278c9739ac78718b52cc95e2326540e046b384caac6a5bb

C:\Users\Admin\AppData\Local\Temp\Product_files\OperaSetup.exe

MD5 9e72834b5d485917ae5e2721bb6614ea
SHA1 9602bff165414bd13aba117cdf02bd52de1eca44
SHA256 abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646
SHA512 477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403060253384936736.dll

MD5 82414db031e4044734174e7f6f66c546
SHA1 8928944be18c5d06c9e4c472273ab1501fe329c2
SHA256 2b0fa46b4f72c25d99f739f37e8d19187e508e5d3be21b346eafc4fce2b02f37
SHA512 84b94de42486885accb9bfa42a3f4d409279a9c97bbf8aec1bb660ffc85a79523c9652b5625bf93cf88f9ce33b11addc1414997c8ac25ab0f01d0a5a6d5c1e89

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 d9ec75eb44c4c1b5c7cbdd717e28c123
SHA1 86405fc4fa53b3801f4c2fde8f5b7e010e331f01
SHA256 66c29a015a556baef9a3ef3ad9abf3790d482a6580833d092611ab346e48a6ea
SHA512 0c6c147d925f2f67377870760bccd82c331a2aa48cc1ca352a27f4e97ae4785fd7b8b04761c0e8e404b3eb7893044336472cbc29b9c8aa0a85c0a584b55d59aa

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 e6f4ee8acf5979478db29b2af4a17dce
SHA1 9417d8311e116ed46504c46b68f1c9a1f9730003
SHA256 12a19bac016437ab7b9865fd7ba7745f4fefe21a8ee4f86f03f053f1f92ee6f9
SHA512 ae978ee232f1db0fa88f438c2e921accdd5e782237be2e5d3e9b8a6e16dd6325fd8cbd19645eb2fb136c85fe85e33a0ae664bbf94638bfee3602b49f1c97454b

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 587c8d1784fc969e73a5389ff42c0f51
SHA1 d34acd2f353c5225b3065894dc9375113467876b
SHA256 d9908cb5365fd70201777f76e7a0482cf594f7336cc079771c8316635c79200e
SHA512 f82822389772cbf2090e0ed37746d7451860b8f3d3a1f9c10f74e7e9362c4f7c24bc9e87d0f57c0a1e8dbea168224faa0f2aaaf9c076acb1a56a3a5d62d81f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 806fc9a9a5f2748067b161767d098ecd
SHA1 7d94e7de6cc187ca65fa1d8a0bdde0b55677f559
SHA256 9e448f6252ef840f04e62ffa6c0694bb6e018d6b3b7f89b7a8f96f445871d332
SHA512 0eb3fab287de13137a1359abaea3150cc45f0b7403dbf5a57fa8444046b496cf7876aeae774bbca61917f7a57585da8939ae4db7a0df0de84acdc78d9af1f216

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 3007960a409386bdf3aba2223764aa6b
SHA1 0e230b17d7bd34fbd0f07d92143aa117d9faa306
SHA256 7d09ca3a2dda2294074e5674cabd92e6b046fbdb780b51969cd6b59e3bf52270
SHA512 5864154240e9bedb12fc2b4830317fd270dd307439ff64d7562e3bfe9532343f9c33d19bc91f7c1cbbba72f50877d33dba7a4763f6c8dde45ffc872bed1b9de0

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 4461966d994f64f20e83558837c8080c
SHA1 414886ade2d218fb46c4e2c61f2925f1e1d8900c
SHA256 80bcbb0ee598a6c6e4e56076f1fe786ac3b4e8f5d565f912f1045ae873dc0497
SHA512 18b225e3cf243a3d149a750061e9759de0f1011731c7a86f61d48887a9e1772135c1454504b1d368370b3d6707175b2f9f68e226318e239beaed4cf33699dad6

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 858c8e640c8ac1c71dc06fc636a2c92a
SHA1 aa1da979663b1619717f01214f307e78aca26281
SHA256 c76b47ff1eb73365d5d917de4756c52755240f096ae2a46e86c47eeeb8304ec1
SHA512 81609f4e45922603891abe9659c39be5d572c7e12a20610e77b9e8e4184c3b3b5c50ed672dfd6747a7727d0222218349046f722bdf0c0a4f3c9b836a596f0908

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 91a51477db83a7590681c66cf57c79ba
SHA1 96409e1c5d11e3765bfbe3d86f8cf95226512e35
SHA256 52f1fbf0caea11035d9df51a356f255992b9c1cb9b01d030013afb987f645b20
SHA512 df1f9a9689dfcb76df5c417be7456851ef0d26833c9ccb36c9387972548f1bde96f4dc9bcb2f4afeebfbd910851bb1ffce4d8fc23650d67f20c194de73ca8a01

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\common\icarus_mod.dll

MD5 da7572f95d810d8dd348ed416110b382
SHA1 a759be599d7eef7ea1f1901580b870ff07d1e2d2
SHA256 e9ccfb51e92287902f3547be17d483ff4c495e6cba4051c4c6689424b4fc2ffa
SHA512 c1e407198ffe4a28e27dd7b58e0a18890cf1e4ac5ab97a0e155d1dc221be438cc8e1d9f337aad013e6aaaa5326e3877f4a9d3c7bbef174403b1ebc1dcc883599

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 fd0a100a4382fdf68450b04d8e8c2921
SHA1 b32f49295b2747de6d1babeb126e6bfec9718990
SHA256 84a72206dff80b33c3aa8e45323a38fdbb34fbd849d26c23626920e5d0b93459
SHA512 838301ecbc9e1cc47351e14e4e292e60ba90ed206a0191047d2c74d5b68ce57ad829a6dd8c54869ffc3763852a7ca99cce490d35c435a5e1d4191fec55349607

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 8af0c73f24a255443edc451831557533
SHA1 7b9e5fd5510b21bf83658530b7aa7175a7beabb1
SHA256 aa21a5a8fd24cc508b2cda11fe2bae5685b75113d4f11f90431029450b34aa9a
SHA512 c657403f63d8c60d9e44e854b5d20a84cb3d660c6dc1ed4b6f2f7a95094c1b9042764241e5923a7e973f4226ed864e0f2ec8759bc0539c9e279d903d9e80514a

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\opera_package

MD5 2664e58db7387c1f74dc286cfbd94b3a
SHA1 5df1c5a63481e241f156230b08bd89b28b9e2c61
SHA256 b3dd982ba371148896bc455caef7d9578cc385e9e6459893b1ea22eeb8315c4e
SHA512 b3da3ac1e35299d4e66002d3aa95683f2bbf5a3320e488059a7e6a1a1b891848c85b9416bf51e28014587617030234489c04d27a25f227f454f5e5df14c25d75

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus.exe

MD5 f5d366fe931b3178772c9c7a90f5f372
SHA1 76a26ce766ef6156e2e8ec576cd7f1272a1f5378
SHA256 588c234215b3585975a666357b86c3487cc9dedf702289a092545875db2b6a0a
SHA512 d5b60da10c60912a0cbfa133178fda8a8c5597fbe149f33fa1db431d17cb52509561fc8d995522768effed1900bbff35cb7c6f8d881269ec1eb375c53184961c

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\dump_process.exe

MD5 6ba0cb60ba641aa7ec8d957d97c20ee8
SHA1 5189d263807ee87697cc8cbd46aa76e2eef47a8f
SHA256 cf1b7eebc66b894eb223af97ac6d0de2c5c33fcc688d6edf83e6b59c4f4e1ae5
SHA512 8da6fe979c1a5e240a22dfc444f785a8b7a7ff7f088fc289d78f9d3601769a8d9602c0396e1639e8062c338bcf5ebe99ed8bd25c6c459939cded84bec6ebcc37

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\setupui.cont

MD5 8ebb6f27037bf67f42d92be9ac525b07
SHA1 bd864f114c4edacee876bc5fdb64e322815d3e98
SHA256 a24dee8c717a97565cb93f2c39301b5e06a5b22b544b3632c298c799a173cb92
SHA512 44e1a9effd225be6e6ed640a30281264f3b3c6b40228f5fb32b1961b0861c603b2fa4f7bcd4bb71c33c65c41887699b6c555261e594a4d2f1f46d6e3ee133d6e

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\product-def.xml

MD5 89bf926a553fd44af7ab6c68ce6af877
SHA1 4afcf8374156147f61b2936f2375040a9422ac3b
SHA256 0a2df5105aac708385d65d4211e3e7e13932e3a90f69e070a03aba2a53ea6503
SHA512 0ff5a95a9add06c3afbfb481335aa721d5df5c3449844864786d00c63517c2fec469ec390a63d2626aed65bffa330b11cd7164b86bba2ceba26e3f3afcf785d6

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\bug_report.exe

MD5 ad86569719edf2083d3a2171f9b214f4
SHA1 a6014398208f1858314a561a13b5d8c40970a2dd
SHA256 26537491e3fe65d2a4685f81ca6dc103cbe330556ea6fe38fceb9675ccf14fac
SHA512 b2a1d111d69a698a45fc02e4a39a81549cb0c6281203a410a98d66db044eea408dfc501fd823834e3b3fb17edafcfa15ce8ae78206bd988bbaf5b52081d77814

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av\icarus_ui.exe

MD5 19bb249146490dce3611808a91f65cab
SHA1 73b66a9fa48f02d7da7d39f6f22d3b20f53f6b7e
SHA256 7c36cca6216d7f9bbd728208d2f87a6dabaa58c2bdb3b6705bbf23bc073067d4
SHA512 8501b69bd6ecf2bc9e6a83afec9f1fa6416d0b826aa31c6ef34043c96cd0d8b05fd21854048f21b8c8791de0fb243fe78fdd99a0ff8d67c65bf1516b469f7f8d

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403060253381\additional_file0.tmp

MD5 888a1d2585634dfbb79100dccf91a163
SHA1 ee02a1d550ed49d2e9c0696b00c47cdf8c6c7fa1
SHA256 2ef1a349f5bdcb26762edba2d69f7f8415d49172c7ca9bdefde451de2b7d1549
SHA512 494b4dece1df6eca9f068ce453f2f0c7da4231d66e16c7515b108c1f747b76041ce4505ef2131072a7d7d60dc92b9684acd8d58d25de74a4a41d27c3bd83ad0b

C:\Windows\Temp\asw-81c369e1-9420-4be3-b761-105b6fc53ac1\avg-av-vps\icarus.exe

MD5 dd8bf0da6789c48835287e8de18e6351
SHA1 36d84a54f2e4643bae773ff8902435e908349185
SHA256 f808d9f240bebdc26900c355c411604279dbd12012aaf99590f8f4adb35492aa
SHA512 9d8a4e5a1f5254f544dc4806824bb63e0f606e739653a47a8468a314d798961b4bafb066289ee08f75a033f6af6c420a3932aca5686e493444829f2f0018c35f

C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

MD5 6afb8ca7292eddf8c664436151935926
SHA1 cbe04294e74150e1763ac7802251f68c6191daa4
SHA256 c9fd9300fb549ff58c3b4684f9e49668f9612cc5be6b3da2e13dad84c26473bc
SHA512 45174272093c504923bd89c0542b18dd61436740e08fb13d8999d1881c9935d8901c7c397f4dc6ecf8aeefbbc44c8dcb2a4967c0b0d26c3f1e5dcf801888b960

C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

MD5 22417b5d5eb168147f2c237d658a7163
SHA1 6ae67daf07c0a187f397923ecba497e5ab01ed58
SHA256 f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1
SHA512 392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8

C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

MD5 c043a3beb23cc43cb3e9acae2ad9d8b4
SHA1 f8a300a14643d9d2ef708839d882fa8fae274f73
SHA256 3df024f72a0bcdd90a7c140591e224492481eb7f32a940bfb9af1cdb6472af9e
SHA512 e5baa81e296b7f06360ed20d9484a137ca49c0505d2c94947b978b09b277f13184e540098e21daad0a72d8ddd831a57d6ac0e67c0aa860d87a051b55c3c9fff2

C:\Program Files\Microvirt\tempDir\Setup.exe.setting

MD5 45e0b34e3979dee6d7776ff6807d19f9
SHA1 7bafac0236369a9a10af3ccdb12a57d878f19bb6
SHA256 71835fad3673b94370c6d69225d0e5fd190ed9cc94cc5ec4c6faf09eb4b18853
SHA512 12e2a436d4a0e8c7774fd04d1ec9e08d959e02d58ccf216fa07cae758772e741644318169c0056c458820df2d1e0ca62955b642451198bb28efad5be2732ea94

C:\Program Files\Microvirt\tempDir\Setup.exe

MD5 665e0a23f5dccf56236e91828f29d86d
SHA1 8cf731431943c6af2a93bff109209d02fa34a5c4
SHA256 1cf9d0f2b13729d877496db7a3a99e836ff097b3674ac2e76ce50f09762b3ddf
SHA512 a0df15d83136f9fb5dff1079c8a06aa98c4e74b42e2321b1fa2ab8f9b25d86065c3a60e3287e974a2e31b99519c4f7e6e2a65effd8a4cb622215424be42576b4

C:\Program Files\Microvirt\tempDir\7za.exe

MD5 b9425918e9f7b8affb9952ed02e01285
SHA1 ff8c9a13df26035911b57edd8bbe28b2f6b07b72
SHA256 8a5e4cce83ca7c08945348bfb13395109656079e99bc6445b62c4daae16faa5d
SHA512 c25695517910f30424dc23e5f6f6f2a8c94b471dd69b77798c148f1520d313dcf43985cee507427c5d3aef2f12ab103a598450239668fde1c7b245e156bd501f

C:\Program Files\Microvirt\MEmu\image\96\MEmu96-2024021900027FFF-disk2.vmdk

MD5 220c26aa25770d99b1d937e26cde06c3
SHA1 b58076321221d788b8b68377d6b4f2bd8e9bf243
SHA256 25fff9ebac53ae051823dc3bfb1e1ce8f3709197f8227269f6a1ed410a954b48
SHA512 dcf87275c3c218aa8ea86c413c4b91b1a07f9ccef96d0e64ce7f87c50bea773342a67bdd297c6cbb3fb114d2941d82960011be26e4991c6d6d93175da3d090c3

C:\Program Files\Microvirt\MEmu\adbdrv\adb_usb.ini

MD5 9b924764cda9a9844ed2983eb20d34ea
SHA1 7ca4f57bff7b01607445003973fa66a9290aee6a
SHA256 2a6f11b34cee17017b878105cb0bcbdd81f716a9bee4c9e6180f4605d0fa760a
SHA512 abd36ff8efcc464a47387c300e0010ef4a4cf4b08aa4ee96c58709de0d06ec79950b530ae75b3176e7c92744f846b2cffb0efe90e2a37cb787f06a9fb2bedb49

C:\Program Files\Microvirt\MEmuHyperv\netflt\MEmuNetFltM.inf

MD5 86d90bd0fa1a4f2916393c840c769fd1
SHA1 42763f4a3e4ade6c61b26841ade0e112d0064b86
SHA256 62c8615a687501e0c1ba7dcab4286ccfc75d13856c10279c9ea842de82207815
SHA512 bc2d4fd2022781f6d3775ca35024cbfa9229f80117aaf26e25b2cf6e16bda6bbb77a0841e4fe937bb75f0db34aa575508cd37e33fe6839afdb6e8237dee1a6de

C:\Program Files\Microvirt\MEmuHyperv\netflt\MEmuNetFlt.inf

MD5 70d631ff14df487bc00a426e68d69ce9
SHA1 27bd20e46fd485ce2375c9e7943ca3efc9c5e7e8
SHA256 31caa31a88ccf2ff2c73dab3509d0c86c85c1a3b5992681233886229dd618064
SHA512 00d939bf37780f855786f4d2ccfc26e935dcd61449d0273494d2279ca1b17d1bcc67e9d6bec5a8b2ae425a967115273fd34324a3cd5d909cfbf9e5caa2e2f889

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.inf

MD5 31e339fc8ea86121fc71f18784af2e43
SHA1 d1e37eb4461be3c6c3472f6f2e80037319f5a116
SHA256 64dc9215de7e9108421de7536bbca1fb7f636695f896b69d1f911c6974a204fe
SHA512 66fa3b2d3f2f7dfcdbf5ecd482982bdd1ed265f30733c89dd7db68b1e4a62b59b5834ac8962868c6e17d631c42210cf492544e116e99cf77576bb956a16204a9

C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.cat

MD5 09408a0fd8554a300b105d49d861c625
SHA1 4c26fe707b8538a984dda52017fa77fdc0515737
SHA256 d732d01262c3ef064dd11982c547259eda5640970c2c1a8a4cc6c324345504b7
SHA512 f9227a31ef2f547dd2215da8b606b7ff8c3d19bacf236a6bf19307bea9d94ef83adf99a16cce67670fb1d1b3cbc0d2e45bc512b2c3773f443bf36a2d856e871f

C:\Program Files\Microvirt\MEmuHyperv\.MemuHyperv\MemuHyperv.xml

MD5 63743ca583b7faf45887fc08d7def444
SHA1 fd8d3b07a67201b7bb05ecafcbc947af5f49e9df
SHA256 91eee85b56b8c1822d6202f6d68d94a7b321722b30bbe04d0d78ca647db1a73c
SHA512 fdef8671eae76f57ccff042ed568768f0c6d53c937e1c5670b8ef07154edbd6e36cd1310928e5039cf9cd517fbfe2f62cb4c6ffd4d3b846f8f05df0c336979ec

C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.901b3990

MD5 6e1bee35bf6729409c10f58f82e49b44
SHA1 34fe93c9c5b62b161d9d3af6f493d5a5873f3e11
SHA256 c701e91f134cecc9ec7662d1fbc69ea9e26610536ca3efdd034b7bf1418dd8e7
SHA512 3985e49c2e5d609c1eb1295d16a0827ac8ad3b000d9cafcff6b8ca2a3bce75f972799d484cd9339e9e30c802350790dee1be6e33144a02ce47dc21ed842ed05b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6722e5821a6024a0988e3afa22b1d91
SHA1 b408c7ef64c081edb35cce5b9ad94b7ed5dd1d7d
SHA256 beab22d9af21cf646ca79e61b87882a87a2f9674c5f623c65b7558d88ef03d51
SHA512 69267a5df152d5699b0fec566b23e7eb7102e5b9d37ad6acfffded8e303fc7e903db13126f411b546ca4eda6926f601777f76b68332bf56f15fcd84881edc9f1

C:\Windows\System32\icarus_rvrt.exe

MD5 97f5d0caaa1988c95bf38385d2cf260e
SHA1 255099f6e976837a0c3eb43a57599789a6330e85
SHA256 73ee549578ded906711189edcef0eedbc9db7ccbd30cf7776bd1f7dd9e034339
SHA512 ad099c25868c12246ed3d4ee54cef4df49d5276a5696ca72efa64869367e262a57c8ff1fb947ad2f70caef1d618849dbab2ec6161c25758d9f96733a7534b18f

C:\Program Files\AVG\Antivirus\setup\config.def

MD5 a1908f743c3c52cb888a86aa7797157f
SHA1 65dd74fb2ee362860837b117aa5dc173fda4f9dc
SHA256 0e1c5ea281bc102ffd503b917cc8b6246a95ef83b3f905a163bba219e8e8be47
SHA512 b6341f3f56a3015d013ef260245d291cdba81afa6abafd78ca6e5ac8bde5f9aba3576b74809c6feef4d77e43fbca3eaf6b5d930ade71f153d50e136922768bb0

C:\Program Files\AVG\Antivirus\BrowserCleanup.ini

MD5 4957ed73d5e5e303e351c8f8b7b53e1c
SHA1 e61238f49e44237c56d4d5b41aeb150160880b74
SHA256 59727f7a256b7a70971f2e62b43b0a923937f85689fc3aa4ae50e4fbfbf83499
SHA512 db4854667285bb1cd8d07ab189607ec5bc489afb2d0a5b5a3388f91cefd012feca689787452901e0eb1de6e8792e69c0097c38b89bba0d977d0b29e5e5ef2feb

C:\Program Files\AVG\Antivirus\libwaresource.dll

MD5 f8e8c636a682a00a9b4ea62751a9ec52
SHA1 d990c6c8ea7b1d3bd718605a2f6f008d38729809
SHA256 45e52651de5c1b1fa309298010732fd3f0b4dbd2e8d9aa51a34f3ca3aa10a916
SHA512 87168571f0bcdf28901cc7284b5c26e3e53e2900aa0fbb8fe0939002dfb5f8126e1ffcf3204f5aa46a7b9247d601b1dd449504997a405436a374653d69f7178d

C:\ProgramData\AVG\Antivirus\fw\rules.xml.ipending.901b3990

MD5 2fc4e6e0dc7816f855189f4018d1c935
SHA1 141f4aaa087369ea2b872e21b292f44afa611e71
SHA256 5aa5a5d5a9061a50c93893f88ca06a53d78550640c417759a44341a11be915be
SHA512 6f3b2ffc4260ab36b1e02206c9cddcbb8d9520619436157947179031b18585c0ccc57fced9860198fbbd74e8781c84b23d5f0b38b5dcffcbab731e1a60cfbede

C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe

MD5 9ddf907ace1c29b44ac5362c92511fb1
SHA1 54eceed3bc876320291af22b33166786d87c90b8
SHA256 85e75c4cf103a2d6da2e072dbed9fb5a5c080dabf944ea9546d042508ac9569c
SHA512 11766f3b6c4e8049f8ba1b9fc5e6e6b5c3d6317f06433610164a488bdb3550c24d33d0c08855f3d2446a7315e682439b4053e6a7cd48caa5ba5f5d5e854c28bd

C:\ProgramData\AVG\Antivirus\profile.wprp

MD5 ad6bb231d6ca341d585caa0881bbc680
SHA1 249d7ed96bd7368985770fc91243ffc27a6787e8
SHA256 362c8627a8cde159dc2b52d1c3315c4499dafc8a5a6781acb373307453584785
SHA512 70c0943d74381c9b00b59cf28297211905a983c3c5b0203d71d9f28a1367c01d821f329aee1fef6d2b04f2ad6552e32d5c7f7eb8ec053691d2d1f6b21940694e

C:\Program Files\AVG\Antivirus\aswPropertyAv.dll

MD5 70e471947359ba0d0158f2fca06d453c
SHA1 2e6fa6ff848faa86387b43856723869c459f806f
SHA256 650dec4b0882b04e255854edf94e4a6d9356321273535103973d7a35f4a14cb4
SHA512 90df62ba19c25dfeb866dd6f5e5eae2b0cf034b7b6cf33ed432e693c61f15c22b2ba28fdd11a3de1b429ddc36890f708c56ed63c6339498359c866f2fd39b54e

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll

MD5 7f0ef1cf592d04b082b65f75584652cd
SHA1 f7b9a2851a66a6a8eb509f2541b6ccc3b551f2fa
SHA256 9f496e181b1c862c7a7d03c09d9b0a5361535c98acbb1a9d50a27bcfb0a2bcc5
SHA512 30d2d695773e7bfd67de8691c40e571b3b91858e72eab3d78c84902b359108e9988247bf81689ab15fef6ed0a9ef62031f1937c6e7ce4ce8e1a34970ba23e727

C:\ProgramData\AVG\Antivirus\HtmlData\image001.png

MD5 c69e876c8bc4f3bca56ba333eaae7a71
SHA1 d00ac516dadf10b6a9fbaa8b6fd7f7800511d36e
SHA256 d1e88cc6880e3667b06b2d006f5fb8516f28467dd1153453c1bf954571fc4f00
SHA512 3453ec35e83ed63f2e88326c1a3f4ee23a6b979d272243131c37bb06ce8d2467585e311a3c01198f3384d852ee9fe525434f8a6eb58b7698c0c8c56b7a8f3b40

C:\ProgramData\AVG\Antivirus\HtmlData\Blocked.htm

MD5 94aa8569ec9b33e05f3088b136dda05a
SHA1 2e7779731351517e2e6df18b313e5df28079160b
SHA256 179fcd4c70b0e5958c56387c7849e4b49e695a284b75471a15a8e6c8637eeefd
SHA512 52cc30da7dc6e6ae7266bf171e4e9c9e16c0d8bf72abda793a0f03e2889eda6171044ed65960fd2c40251b135015a0fa62132c76cf16065ef6fa47476b6d8ff2

C:\Program Files\AVG\Antivirus\asOutExt.dll

MD5 882f9f4f0116db132d93bef408b21ba0
SHA1 edbb4a7e56f1985ec9b9f9e9113bccc31ac2137c
SHA256 47230f2d52ae5d838995159d599c0defd25892afbc839e7772af90cce1227ffa
SHA512 4072d8ddde6172f98089373ba64df89576f9108203245d1b30367d40b6dda91cba864755fef1ba652458d95d0b338a91bdf3311d3369c2ce372ef31acfd922ac

C:\Program Files\AVG\Antivirus\x86\asOutExt.dll

MD5 80a48d2c415e29845ace357e52462219
SHA1 f40ad6fc553c8b23430e08cee4a06817cbfa9f70
SHA256 1fa5dc0eaa217c575a5578270220a4d5134dcc4eaf4fab6fe8130905bf52bad8
SHA512 03fd69504f6b27574eb0996583096d501ebe7685bd6b0a1c214233634c805e6616370966e393b4114e378705cb6e468161c829ac2c4fc73a50e9206fac888746

C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js

MD5 fa038a163192f67fb84a54fbb5f088f4
SHA1 d0c21634d35727e1e0cbc71900d3c4c96be6c911
SHA256 1fa2180c94e29f8558dc69029daf9d0875a56458d850c7ed1e8a1c3d733f59e2
SHA512 bc7132c841b2f0604a008c5d093deaf32d2721e16ff2466b95eaebb13ac08751201112cb5ca2c58e507ff1edff2a5fce9b8bfc0e47a608d6132646ba37997b0c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js

MD5 80b9b5c78d14e5f6b56e97b5fd670e9c
SHA1 d1d54ec2d949d0bf6d2bffdcbb883566e466002f
SHA256 1c9be9792dd0d27c14badb42712e239ce80859f4d2fd4bf749add86adee698f5
SHA512 01024cf74fe7a8d2d547c92c128f4fe4c8d06b091e51987784500b2a6cab9651983b064d06806c73915be46cd8b11a3582dbc39692adc3e3497139f5796a8b0a

C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json

MD5 a63d91d1301f7364ff2f1cf7da17f142
SHA1 1439ab6c3e3ca99c61a2c26181fbf684b674e962
SHA256 3f7e1d2af53bfa77a049100ce1794e77fc9872d4270cac2aeb8cc7159783eb6a
SHA512 1ad964bd2e72220b1b492e51eabe9ce84bacc7ea92056772c8f42da17ee822676224fc59e12af890d3e3a704c81e96179533fcfe15397bf1276c00b83a2428e9

C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js

MD5 eed69b14243a8c9e45937afcb21a4722
SHA1 032397420965fb12340c4a92ae3ca18fe5f21d99
SHA256 d0a9ee73f2b4e9d45721d5a83d02f0458397bf73ec1438855e59527455511a31
SHA512 a2f202179e7c5557c7f41db43a2074d49dd0aa9082d1d0e9409ae6a70dfed554b632fa9bd575d273cf4739c0b2fb7fc5d64c70a688adb9eaf5f8b989eccd8283

C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js

MD5 f9d271e63d05c789b155269052378819
SHA1 e1432df526b595edf4d05ac9bc13bb173d236736
SHA256 7be357d0d6ea1870edbb47ad6a3f8e7e935302fe36289dbe88a38eb5a3c4744c
SHA512 7c33ea13dfcb5bdea0f0febf94288e25f020a161ee2bae093cf76a9c67fdd36ebec3585a3c7e01e326e044f718d2c3d4fe9051a445fec662d0136a48b2ac1ec8

C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js

MD5 358e8a0de7c60821a81f88aad43ed560
SHA1 76c67baef63e91183c18c06d9a5b7583d33fd5d4
SHA256 2375ae9c4e21153905f73a8f0b267a622f59e625c43a76a36aed84e26f297d8d
SHA512 0564c63a14efce0620b22b28fef4fa9b4a623679da1c9f8222c6693cf0085bd7c81864d4d737d61a80799a41f41475fb143e8766976da2e1c902fc3a1fdec84c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg

MD5 7490b7798417364db18a28945a941db6
SHA1 ee2468aead06205e8aaf986ba9d428627fb4a713
SHA256 3dd397ac6148d654f8e4469234d8c71ef9a9192eb21ae6da4b9aa214b70f8127
SHA512 3362170f92fec1e24d05de0f72fa39c120ff9f48e67ad03981e9ba1eddcaed366228159ee622af3726646c4d74a7bd88d36f4515af47213f9e0e6207c89a8bd5

C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js

MD5 87d6886672d48520affcf3ce08a7d5a2
SHA1 9589cc205fc63be95f49e8f8f9d91d74636ffbec
SHA256 824917e93555e56e62347cb64eab253ab818cd655fc7a862ed2aefb57d584bc4
SHA512 9f09c14e5404b10cf8c70d218b98c1192e6c0d6b32da63ef26833af73ffc3e0121ac753b03651b0c1af4110f7365aaf3a3e13a7c4f070870b1dfcc3dbf7cd820

C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg

MD5 163da75a5577390dafc98fb812d3708f
SHA1 96c4f7b106342118de5e5eafcb52b0f0c54109f4
SHA256 63a99ad998acf45b07e6519627fe5eb22816332be0276bee2f71579c00ac2eaa
SHA512 7287f4e80433ced61bd1d663e15b13a0753540b815b6ff2f511402a68b30a87984f7c7f1b2d69ef6da810d5fbc658ede9016e4f694bd513d2a72754145841934

C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js

MD5 ed8618e79212648e38049fd783c82840
SHA1 464d5714f0f10b13c444104053970ffe75eb2e9f
SHA256 007762461a57c12414c5cc19d01136f55fdbfb5a205d98e831f6b3f997e54122
SHA512 0d10837948701cfdebfce64e8ac5b957b16a885e62883ea1bc317bdbbdc1a821c63dcb77a8ac5dd4a85df7b5c8bbc8081959d3625e7142cf8dfc0ff9b84e8313

C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js

MD5 8a28da02b95ed5772efe0ed15ef51e5d
SHA1 e9e435e44d80a80fcec3f051fab1c4a50610cc06
SHA256 76ecadc70d774cefe272cd0ba4d82681ae930e2818699bd722dfb888c0b47006
SHA512 ffc5dc1f7437bb0bd1a6e1594482cb6c1afe94046c0804ada58977d90939d32b7b4575b9ead9b43889fafeab5cd39cc3245bf03d27cf6df39ec7233df65d5370

C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js

MD5 536dc437d8f260765b2738894675022d
SHA1 f233595f6ddc86813ac2b6b726cbbc08c0720a42
SHA256 c2af34351b5b41304e86db21c901e809c78bd693d786d66db9cba4a557cc52dd
SHA512 9b3cf3d4da5749abdac87f58746d15d23e550d7025f233e7eaa816763837b59ce51e41509fa79993360cfaf395f67c45459178137d4337ddd216eb1b2a15f9f6

C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js

MD5 c50ca26735ad4b016ce1c956331bbefa
SHA1 7cbabb38478b6bef0e56029cb8995cfff6452948
SHA256 ec4911fe14649030f84f3e84d8987f38beda4258ba05f0230cc01f63e6410b3c
SHA512 0d821d592ba522e8ca73789c045ab5a46208825a606a89a43ef8f9ade58a54d764085e846442179bd58e826ac3ca2e5923047435068ad87b7f438a697e05577e

C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js

MD5 507a85d30aa24f0c5a2487f30d375d82
SHA1 6be6cf38f9274f68617386d9408e36e98ad20289
SHA256 c74d49aae04c175cd7edbb20c66d3cd3c1e821db3595acacb189c07b538d00a5
SHA512 7af5c1ed0737ebb285952bdb4e815f91c159cb0caa39b1290703c1c1f900668a97ec1074e809de3a965a8b6b299457f88becf1ee2aa7e902955842c9b5d95a5c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js

MD5 ca3db0ffa0bb5800f4ef75149cd4f0ba
SHA1 be76b2e4b21e54de701b38dfbd549c0e3a002bae
SHA256 669e318bdf60175ef3ba96914c2164edf9f7813a8b1a9af74c719e2d22af3289
SHA512 e312438fe9708ac16642f16462b49175a14ccaf77dcb99a1257c1987d571fc845fd9dcc67a23d2632c8243f414d345cf205115bbdb3b1b257ac1d08b8c10264f

C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js

MD5 dc18f2a48327773f07d49491f0e3afc3
SHA1 1c2c4b9c43ffc2264b52e708fdf8c9e75b99d0c1
SHA256 c6c3863eb3e25873ada40122bf07291072a9984cef646425bfb3f2cb8a0e8a0b
SHA512 a72757ac8f55d0043c0026f1a4fe52ce5f151dba9b9206d3b4b2224bfcbedc7d0e0775b198b9c9f5029a8316e708c1720dd0cc8079aeeb314029ceebfb3b010e

C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js

MD5 fa152fa454bcfb9132b65ab70f358152
SHA1 36fdba2172e66239c9410e86bdf3f43c24321ce7
SHA256 f9230cd5236d5a862f0506796ce6da99750285425e35d0d299490d70aa4d5265
SHA512 f51d5d004b3a527b6551e73483181bee60bcc3ea4442c37535fa68ec75f1acfe38727bf0232e072171faea732a0672f856488ec154774f2d1e2c7500330edc4c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js

MD5 75362b6f1a083c011129d538f9fc5fd0
SHA1 9492ff7e14755d4e0fe753358afd6b7c53d83239
SHA256 c187bc41295ebc6434651c4c6b23c858ac99a7e2093672cc614b0837bb7dc186
SHA512 f69699dce37c87feaca505c86d3c4e8c9d45303b403b8d764575cbb64eb42d9ad26de95f9b3a0da495518132252d8fafb76ef610d8be3c1647e531d728377924

C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js

MD5 2cb38d40a8277f4bca1f61772d7b4832
SHA1 350e5eef1ddf21550f8aaad667bb8ac654bdd1f6
SHA256 3990c22e7b55313e553e1f69d7a6ef0eca2b0959f77c594aa7bbbbffe57c86e9
SHA512 ce9c5dfeacebd90b1a99a29c072070651631972db2ec44f6a9dfed0dcf380c7ec971f767576ebd5a099f1b4f1db2bcb0365c6850e004aab763a6238370427c54

C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js

MD5 41837f6c9ffd93c544f1f64f69ef41ff
SHA1 c3fb5b5941ab67356ecc8ae5faa25a024eb6cf8a
SHA256 a2d137afec293004ef5cfa43f5d2c71f16c5bf14ce579d72e57634a00c8c25dc
SHA512 fceab8ee60dbc1afc8ab3d00acbe63ad50446e3878f89cb6a4a8252cc1497a191da2326f5af32f7c715d7181d16d759a7f951a0d0531e8bfffdb3c7acd73d7d0

C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js

MD5 e6567330c4b87d18454a8d3049156778
SHA1 9ce6832892d1c212a2cd89a8047f1ff82e9a6487
SHA256 ed2fa7bf6692c80371f517f9696321f1c0602927fecaf4030ce7c342f69e6b64
SHA512 0dd152fc4498cb5608ea2fe1442e9e9bce06683ab5cfd30d13c32d3581501f39054aadf294c27111ac6ecffb4be359cbef7b3262e7846e63250f3474596292cd

C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js

MD5 a7d6369a44b01d945195d61b7cddf102
SHA1 b6969dd38d70a64c8f74e2e88ddc4e20b10a9bf0
SHA256 fe506288a710315737bd37584adb7e502d18821ac17fccbe93007690d1f9c52e
SHA512 27db07d37d2d29c43914a6c704cb5a8e96ca1cd29f55ba939b220a64ee0b9d5679bb9e18b6a5d79b7602982125eaebfe5501b30404666b5ee131dbd1940b8c0a

C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js

MD5 b64be59b0def4ee5ccdad7ccb5398e5f
SHA1 5c6c57669b7c59b34ee26b7346a8dddd0f69cf10
SHA256 a964c26d3b569617c77cc16c0ff5246353076a57618722a23dcd0a27e71045a2
SHA512 b0802102d6e50456bdd478a27f3fc602584ad6bf30ebb246c506c7192d2951a28987084b2bebcfdd97e1bf6ebb9b700140ba143c264139d536f6d0bd65c3ee37

C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js

MD5 f350b94f996dbea91cf614c0bdfd6ef8
SHA1 4f7d35349d696f7725a1aac49cd3d9c9965a8049
SHA256 5ce2fde34c7587a332114929df8584aa60096ca17c31805e9b17a79aecb75daa
SHA512 5363c303ed4f805b2323e52a99d9fe292ebb5dfb28ebedf8b049d6b97f2eac9b4932cb53b4cdf088653c3678cda554ee6baa87fefafce24ee44126cad9c4f45e

C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html

MD5 74047eedc155440e5d55b4a8932f82fb
SHA1 a50d46ed4025ebeb44588c2a7c85e62dcd9bb16f
SHA256 b4812c1f202e598d3d26c3f08ef960ffa9e533f658865d1e1765df565b253058
SHA512 a37b6f1b7c5d2ddb03775982466c734d1e759d07f38a693b72f65dd29f6585be221229b92341eec0eca171cfdf81a60ac5197951856e3d9bf69348e7825ef849

C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm

MD5 a593f86141b8a293372fffedacef35ec
SHA1 2f2c7d717a02b41d449975e0a95ebde71b93f1d4
SHA256 2e8f5b2746b08a673b2807423f9a9b0548b42eba499989a45b39661a8b540554
SHA512 a457cf8aabd28875dae9226943627e35e29aecbcad7ab95de2266e0f9970b04801c4cd83834aeda49b298f198fde0219c648712b8d8ee333e9fe17324dd1657e

C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg

MD5 5d21827de75ec11edbd54e38f153f288
SHA1 b85da53e3f8f5ed450c167381f00c807969444ca
SHA256 e851d3c62177df95503f1615e8a07b9d61ca9250784e2d00e0a325d76563dbc5
SHA512 d75ab0e9043a2fd06f14834cde7578f014fa4266a4ac05804943bd1b2880da37b56c00f4803b90aeeeec692ea40032f55d5ae4d5b9ece9cbaef3d3d0edae9a63

C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js

MD5 67d202ad0130ae568152a22e69562f04
SHA1 51dc225a26aa89335fa8549362da6690952a7379
SHA256 116d59c5c191b624521f94ed6c08b3d23216e1480e800cb9174a6a6724402363
SHA512 50d19559b1bc9c2102da5fbd5454c95297dcf31c7c6c49ad06467768cafed0146f122164997507242bc3b94d8119ab8d0bda958da46d74fb260a52ce21b52770

C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js

MD5 6bb13f4e9d9b95394b2640525a2cabe3
SHA1 6224ae884e0c0d04c3e01538b226f4f95b45104c
SHA256 2e36b7de12f15a8f06efb855b146998c32c60ffeb60a9b80ce860877c7ff4421
SHA512 80337ed9ab9b56d2fdf029a8ee35a975e912b8ae0fe87cbde97443b24a19a5bfccf505bb4adb110a5a1782ffb90953f20ddba06c5d5d93f92d208e6f2cc15a21

C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js

MD5 f66382bfeea6734f0aea8a609718347f
SHA1 daaf3de835ea8b9f0407b5121682d482b9a6e9db
SHA256 ef2f07fec6e25c259add4a877be15834b1d838a3897832a3dbbff90bb848dbb4
SHA512 e4fda0b94140a3f37393e137dcfbe41476bf763fae2471b58bb5212aa9bdd2bafd22ac80c37bcf5e7beb7fba0db7d3d739208e7902c81ef6e3450a381dd6580e

C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js

MD5 82511659bf3881edeb98db7879c441ec
SHA1 db29b8dd67e5d450066c044f75056f5f9f3a8947
SHA256 64b51a282be9a70b30143f51f505aada8f6abc398cc252e92443fdb7049af957
SHA512 f4e6f651c20873f461237b5cbb5333f8a8a392c9505490d815c4a454b9e291a01060ffe6d64974bf0adde422b2988594df79cd745e3c14f61a63bee402deb0e2

C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js

MD5 64e8fce883700e1df20d0d6bbb95939c
SHA1 1fff6c80c030627a474969643ffcb2e640df2759
SHA256 07dfdc0148a2db78fc689eba30fb68576893ca3ef2b28e48c9d04ea141c301ff
SHA512 a46600915061619dcfee12491a3b84930ccc6fbc453493d669980801827be601d95f796247f3fb66c05a4b8b925c1cf631cc3b33c2054ba83d26cb7d7a132951

C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js

MD5 1ac9d26b6fcbfbb76631080a9dff9702
SHA1 b79601e87bbe9a89302e15e5a9dafc6ec02b5dc0
SHA256 81c36f711e6ab63c2bda2f98ae3641abc42a636b71a293b6a8e2082a93de7820
SHA512 2e1612e8cbfc6623c427ab4227f8ae919a0457458f43acd4a6e89a98d737f6d159491a2f498ff5708a628a5a70871648c1dc85fc9cb12ee5c6bca59b461d997a

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html

MD5 358a247b989c2e44c8e800ebb551d97c
SHA1 6752292e14325009221e8d89a1344cd29662d890
SHA256 f38cf58c36eded53f87dcc10ff9ce67b30c5d6d74a14b6ab8c2cf44167df7f72
SHA512 b4b0323e5c9641aea8d5084c01d553d19a8277b34e71adfaf359d219a6579ca63b6f9be8e79abcd4a6e981b66cbda1dda32e8c87b9b41de9b50803d1e3f5464c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json

MD5 cafb9c7fc9aba63917dfc2349f792479
SHA1 1732f063f7e779480abb9bf9a5ab6a7ca61ca1fe
SHA256 bebcee43aa864c5e538db7dfe03389200a24c8d3139004e5a9710971e64e2c58
SHA512 4df61f491b3229799fb41cf9caeb2a1040c06a68c4a724cd2fc343cff85a46292e1281ccca49110c4fdb746a88b8a1d893ec353f008f42ddf564196384e85cba

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css

MD5 909b7ac005998e60a58fe73c4589028a
SHA1 00ed1f83be5399c73f3e8d96f57398aa77d673c1
SHA256 7951edbda1a50250d8d3732ef3e1c6e4e6d86dffb1b86bffcc49431ea2b6ba90
SHA512 787f78c27e2882e3df4a4f01000eda40ad6f90afbda19ef62af7949dae6fe0598a67a17b0ed27f17028a5ae5ef670b23a97c514a8f2be71b0aea967eda6410a9

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css

MD5 ac7ef533135d66b6fc6cac2d7b16c28e
SHA1 31e6817d3f562192e62598535f6ba704e3ebe376
SHA256 e3218d77c2513bf3a4b156f066da1f182be589f052c1459d662653c4371c0ba2
SHA512 d0d8c3aabd6581db43cdeef00322ece2c0fdcf277d76dc2d1bd1126e1fa62ed3b761ea04c46d153e3fde52cb4c507caad4c0487a10bba36b0048295d691d72bc

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js

MD5 e2abc1d72c3e6384d317eb15661aa56d
SHA1 8b0bba9c9fdd0b910fbb5b69ecc1af71749d23f8
SHA256 953867ff484925622db20805cfe30c259361f491741ebbb674a491be9a750621
SHA512 6c51a888d7f31c4f0ee8f37daf5a3c64f0a9e4e263c6e0e21ab44a0b519d1d6be3eba7ab97f8668cf0dc1808c220cd8a1d16206e2ce34468b333711b65f08fb8

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css

MD5 b4c7df772820637839ab4e57c9592dd2
SHA1 b7edbc2e4e97c73f2f164d9dd21041613950cd7d
SHA256 f4ba2c6c40cca3baecbfada9d289760acee9f1d9a663d12d0682a9dc94dd4f4c
SHA512 7f20b171a827902cfbf92946376d39c10d227df33dfb6239b9f6270f9756b2444a2cc2dba99da6157089f46266fdf92b0e17a8cd05d74b729135fc3a71634ef8

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css

MD5 13dc513855eccf2ab6a66a87f611fd21
SHA1 ea5bbe3a00c835f6e1cc48cd135ab3692d3b55f1
SHA256 74040dcc8e80fdb83d3234a6446e6eeb78c1cd9771629feb37e8d578f7c368ee
SHA512 02677f10f8c437f4c2ccae0c955bb8212b395cfbfd0a5dc59700637c590260cade12142609e64c77ed4459f12e557269e9fea66d6d43e111962623f783f6699d

C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css

MD5 26fa2d1c7d0d190361c339595faa0eff
SHA1 9ac83a45085e6ce98ace757691039bda1ad64086
SHA256 58d6671d3078ce6137ead5869219bf190167068db808f9fbc60a7b03f6bdede7
SHA512 4c360470b590b173a8dfe20f822eff432467153823cea8cff19aeb71b27e43c280fe3acae6b7be6fff686f464a66c9d9bf5ad09abc3d4382d4eda14a4767eb4d

C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js

MD5 2252e4df85f076eb53b6c53a98adb4f5
SHA1 8949875f7be552b9c416087f542eab196128939b
SHA256 916acfcd0e25421228787621fd3fbb28693f28ce51cdaa3100c0d8272f8a6fc7
SHA512 3deaf9c05dfbacf7744b981cb0a199b809479d631f7af27608a8d888341a939ff5bf7633414bed9d15aa5fdea41059cd04813888061f5205afd4bc87404244c4

C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js

MD5 57235b47ff4b286c747620daae7ee01d
SHA1 6dbd9b6c416f90d7bca5079871ab34487a171c88
SHA256 cc0601a513de5e289873f030f0134828c5e48c1aa9503d74b08a9de6d207fbbe
SHA512 5a9e518aa9a141166cb12898a805ef7c630c4773e2a49f91536954b2f3dbf40b8f604cd51b54f1f1c3b148643d1ff9c4262b2b38e21e30a244bcfa72c0292164

C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js

MD5 befc45d789b88636691412e0f6a1aa84
SHA1 781376df2c995fdcac6660b4d3be3c6e47745728
SHA256 1b16025e610ad9c52be12b145c411b762e3c8006ef17ff2b5d841a0200b2949a
SHA512 8cf184f02d2890b571b6391ef6c916e7cbf1efab581756602e1ab379dfc1970822632244757802b45251d544e961863b7a67d8851c27736ae179cbdcc8f930d0

C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js

MD5 036386e83980ee5c0e5fede29f60c2c1
SHA1 3f4929c1cac4ae8c845362e48a1871af340bccd5
SHA256 863b469e1a99e7557dffb4cde3792f9d00591325a3f8db31c454801d229ca83c
SHA512 d4dbf68d60ff090c51c8c1e9848af1fe99d1b8b60f3cc27b23e5e77c9a156cd9ddd00ad6458705be0628d08d31a950067c83e2998a8f74fbade78c55f8ef282c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js

MD5 86b7d596aa2ac63469b72e83e3114334
SHA1 527341a76ade0fc0e613f919d2e5440dda4eb862
SHA256 309858973d35e03fa5da025295b6090ce0eb51eb927600fe5dfd383c3512e363
SHA512 cebb03adffa6e98248ddd94c076626750cd202210d34ea0f381f3f5df2612d47dd0a6e485a3241bcff8709c27c82c2df8809b6925b1db33c18b6338745879181

C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js

MD5 d40582ebcde97ae81bfb4522b7b43140
SHA1 7aceb553fbfc003ab94c7a87505098c380b90dbb
SHA256 991eda4ba479e33b35927e347fd2c065582e7be77bedb40bb097c462edff67c9
SHA512 f69eea4ec6c5cd3e737463e5adea0114ffd01719e7d7356d7944655ef86cc08d827172e9f00f6741297fd37aa351b39e388c2ac6808ea752b632e512e1ec17c9

C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js

MD5 576645ce2e23d7921732e8a1a3386d71
SHA1 644d9bf0a245a3bebef9fb5ff97b4f0610545cb7
SHA256 841e0b499b3195cb65643fffdb7f1e289c556c4bd39b196229caa9857eca9c83
SHA512 15bb3a85c1b464982f367f0ebde1bb79e267880678fdf8b6c1a507df9a2f6bf1245ed588066a425a4ac61a0ab309ff20575cc079c0c21e63f6b813046f2c8a81

C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js

MD5 50395f26419b3d294a9b7a42953f243b
SHA1 7ea6309eee3223a1b320fb7fa4bca82ef5ba00c2
SHA256 4acc0ca2566dc6f00adf32568a2fb91eb0cf2b0d2c7b03687ff0ba0aa29d854e
SHA512 aebb38dbf944faf5d3f7df186eafa77f3854fc3f46ea13751aa1e7ac6169425605acc7baed930ca9f387b1f5e0f3531f975b58f34792362df2233b6d7ce57092

C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg

MD5 dd771017a31b4b6b88cba564b6b4c86e
SHA1 63f12d6e8d2fad5bd8e3b210cc20cc5fce8da930
SHA256 bd6a50e8b30dccf4575c91596b2b85875b236fd2b1b8fd1de5fc714f0b673804
SHA512 6958f2aca7a95f28f181febd9b09ae60e6c4f336d30155433cc506fd1147dbc43125bafc39e7f4cc06c68f90566fc957c92a3ed540d4ca830a8e11e7df2c5969

C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js

MD5 caa18b3a0528aeccf8d4dad3395321e4
SHA1 7b87716e73b22dc92fde26d67f736bf40e302b83
SHA256 8bbcd149f95f3f5080c28834664fdd96018bbf63c630339f4a50d3c3e92ecc38
SHA512 bc34cd841a500bd8fff145f9fd109967729c36a5a018015ebdc87c6dc713d143abb7b19c2b57e8a164ad7bdf1ee122349df260532affc9105d2624d7724673f1

C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js

MD5 66a8ffe254a0f0213517e9167cc800ac
SHA1 b7c7105e77be3a5a48d2421d3f4b7a4db649bca6
SHA256 7b7c037d000bd0bfc28592fdb75a03a96f870a639823c29b60e2c9fab7e0eb05
SHA512 2c47be64f8c6fba72acf092f78b84d7483122b11ab547d2e0ecae33eb225a82a751669540afd66671d385c11dc1588af496ba1bf7d49c1fae431507934b24d27

C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js

MD5 e0752b550ef6aa0b1b09dbb5a6a770b6
SHA1 479bf393fe9f95006920419f6cebae4886890fde
SHA256 741c5f87e90e3af2d0a131b37f5044882e69b5c19cf6502db705dab5d79295f4
SHA512 c3be6818919942a7faabfa36c0e79bd5ee8a10dc6203c6bb9e5f017c5b19f5bd2758e033c500d1ccab66f18e5378b22cc95fc2244f1c9b74b01a4bcffcce0bbe

C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js

MD5 543617906867d97e82aa47091a552ce9
SHA1 848a61f1118e77fa8a70f429f3b368ce95b9f793
SHA256 4eb359ef75963ddd9bc793446ec879b0af09313d34dac4a9aca5bfc7c54fcb74
SHA512 168a36d59590b3d001211ca9f336f6ea60b6796c03089186dfadd606487ecb1d342315141aaf251f991d473e39156606ef6a240c3a1321be47be4689802cdde6

C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js

MD5 2606a8a24a1c0641b8c50c0ceb86e0f5
SHA1 70eac643a05bc077b5936909decf0a7dbe4ecc21
SHA256 568ec6dee154e6b2552d867521c5385e4fbb31e6bc77d33878fb5a4bf1befa23
SHA512 4b065b01fb77ea1c3de17aad64762f695840ea78fc624ab0cc43578672837fd74015497faa558865ee0b69310992aa35de5acb8e2bc99c075b900f29c71de546

C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html

MD5 91ce39a264c74f8638112282be9664ab
SHA1 9bddd0eb43fd64ea04ae383e4232819cc537514f
SHA256 4fe75e1f04a9cff36d45b3f8879e65d5aefbac61e20534936ad72c5c7d94392c
SHA512 c1b9084b91da6be8be560620af801f89e6000fcf8c72206a8838eeddd78bfe3c33aaf111076aa26371daaf1ed5f750d7b505ea9554f1345cbc0ab8316dbed9d1

C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js

MD5 33cb670cf361dcd432e5a2cc4be24be2
SHA1 cb38b3c93c8b461def1405feb316fc96b52dedbe
SHA256 c9813d44dc4c3db500c1463112b28390c5a5625472145695a2505560a4ac0d61
SHA512 ada48d69efbcd7278baceb48bc961267a40c0e1381809a906c1ca930b5ce8b312ee580693e1e9e14f6c09886b8288f035e25cefeae81093b110cc72ce650402d

C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg

MD5 a3b4b5563b0714a5f86b6558ee703d9f
SHA1 d21280d0c8b593257a7ca10f41c73e49f7424b5a
SHA256 4a2c37cbecf92e6bf0ff463759fb5034391091edd58508a44616883ea524d50b
SHA512 3aec734a34f580beec9b33cfa5b94bf979aa73abeaedadf8d03e82ce98dfa7cb0b4fb987df15e1707c9b14b458233ab28f471d3c786253937af7b0484580794c

C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js

MD5 fe716e33b668a364e8015faa2d588ff5
SHA1 a00abc7f96a75f71be031dd04504b82045247cc5
SHA256 adc840ae3f95914eac2204708ef170edb8a6b2c2e038bf4bd6d333319a4753dd
SHA512 8f1ce675517b3e1c5f608e168335f41db1bc8c85c7fb77e98a966f8ec31e57425a63a33f373f84ec27a1a303642e3b894e207295b4490c8302360519f7175fe8

C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js

MD5 8c4b17d524aae55a759c46434e9c3dee
SHA1 349f696502437ea325552e58072265e901c11ecb
SHA256 91ad9488b0db1bf2a9d9e9879b282dd570f2f963815ee6ce93b7f3f863d72321
SHA512 f1cef657df7b41687c509219495a47e6f6c083f5a121418ad236c69b424da68c1495776bd4b5615d05ec77796fe365dfbd9ae9d78544a891dd3adf896ca2cb97

C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin

MD5 652a0ec5b9d98955bffbcba3ee8eb3a4
SHA1 2d7c8d85b0059df2b429e40f03da604c72761c22
SHA256 13f67a42aaafb7c1f6dadf60387b2769c8344299607b074870dbd6837ef7b2ed
SHA512 1a8968de3874006c0dd56e417ee381191bd275eedfbb83d665ab84997824a532ab44f8e32880ab740a7e15034b8ea53da4312729adfc2c213b795be594558e8b

C:\Program Files\AVG\Antivirus\snapshot_blob.bin

MD5 4bfac8501c72cdd860ea754d1d580cc8
SHA1 1afb2418f3f31e924519eab2b172ceb41dbe15c2
SHA256 67062dee20934c4d297aaf1dd96d97a7bee8bca5c9e3cf3c6a18cae60e6ab191
SHA512 d622736ee5ebe22dd48ccd81916a400f4ed519bdddab1fa9b466e5b7012cb15601a63cb0ba5bd897ccf33aaba917e7338a0cb4339000e5f002d266396fd22511

C:\Program Files\AVG\Antivirus\libGLESv2.dll

MD5 703e182964db236aceba49baf6aaf0e7
SHA1 bd00bb20b004a4264f7668c66d8c5f9025fc500a
SHA256 7ceba657ead3c837b0096106d97e74599dac06a29237f5ed6f32a68cdfc22858
SHA512 9249211d589c8e8b1cf53b6703a44ef9e4cbf45a599d116eea88e535cd219afc01d601351ee0e6c816a186b55d85d924599c95fe2428d8aee3c8548549b12466

C:\Program Files\AVG\Antivirus\libEGL.dll

MD5 2060cdb437dcdfff0c5a2a581980ad2e
SHA1 a9498ac53f77feadce4524b7bb47018d5e7b96a9
SHA256 de26ad77d4f163eb7d659e50bcc7227da271ba959e6969ccfd20ae2b54db38cf
SHA512 78157004423eaf6a6d7772132fccf1ee80367046e9535c4c3758e1ccf7900d1445f68320a448138a83c3a16b305217c179f415284133c737b1b5d53240f46b83

C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll

MD5 f192b3b5ee05bdb0afe890a09f69abdd
SHA1 b2194d97f7a25348eeb714552c89a29a75165613
SHA256 901c70df9b9714b22d264375bf5c91ef469edafc25c6762e7b0112bea6f07378
SHA512 9ab70152cf0e3214d539a59b135f95485fd770d0c5693469045a8e3e70e48b5d1f7c2dc690b2f7eb9094cf2377199624890f2f0789b2abf81393cb2b5765780b

C:\Program Files\AVG\Antivirus\libcef.dll

MD5 a02d492bf9d7e9e6f5c57d022d76bc4e
SHA1 4820fb535fbec4e3e4a9d604cfd07c4caf1ae09a
SHA256 f0de7fa74ed70f5e5bf26f16599ce764640f0fe104617e19c09acac0c4795151
SHA512 b6b28caa4b39e116d9eb4232a6807b8f9a802b00eed03bf730db4557a032fbd7d91a44fa5a9636edeb2e45bf52b8db0bea9153182850f9ee53af2ca429dddbe9

C:\Program Files\AVG\Antivirus\chrome_elf.dll

MD5 39a3d833e0e786905fc8b3bf153989a5
SHA1 716c1968740c69d9e5639a72aaac709eb2e0024e
SHA256 d0447e595d85098fecc0e0bfa51c93506f9e218ed10d0a916ee0bfef511ac0df
SHA512 85896f4a58a66317ee67319e1d68269aba84fa81e8a5833f88b55a52f705f6516a27a50afb55baa4735a9736c01d90ab2a2ff71869dc8f5524ea6d2a6e297ab4

C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll

MD5 a7e8c182da0331fe22b69da756bb8387
SHA1 e018f3693b6bbd281cf894f37039bb8ae8e09b0d
SHA256 26b30de37e4a069b39863290fe2bb59b61aa6e54662b7f9557173ccdd4ff0dab
SHA512 b92de4b3c547256e20b758aaa93c320f9f404800d009a56697cf2f08d634918d46525e7df2ff85f69d663a1e7fbf1b4532d1d48f65880b2e58cae03eb0c7de01

C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll

MD5 227af943a451da44e1920791a84a7975
SHA1 e7ca54eb3eb82e47cc692a2874802ae246d9eb62
SHA256 c86ee36ea5f2052c968bfea4c69b60f533639cf3601e7d4015d5c3b5e06f57cd
SHA512 9f1868aee4164611e05b35c62a6a58c0636f1270f32da0f73cc64fcbf6731580b631d236998881293260a18d5355dd2dbb2ec9812c5410ba2ba84e24d6237e27

C:\Program Files\AVG\Antivirus\locales\zh-TW.pak

MD5 c41412769245d56fbd7d1f114f238700
SHA1 ff3ec93946677884128267d2d84869e5c6b63afe
SHA256 70ea00381aa8ae93ce9f64ae29ad3de0263ee5991861120c8df7603bac540b84
SHA512 13ca3d0fd0b4158f2bb751791870bc0a2199af3c39e66c1f971b2cfd6d536d9642ecab82bbe814908020330eb351b4a045e0958a22bdaec330e161b8a3f6087a

C:\Program Files\AVG\Antivirus\locales\zh-CN.pak

MD5 56c3b32e97f3c52cebe29937806a5325
SHA1 25f4295535a90c26fb9bc476bc915d5805803db7
SHA256 70070d44c9e5ec62c57b574837423f849ed363c0167e8019afd49a93c74c7e3a
SHA512 207bf51c44900e25d7d2d5a128e11b11f972490221d7c3f8a28b77d0921860f059dc92ab96f687da4a7fa6defc87a1896b1fdbbff31a9bf45dd2864cb78c1cbf

C:\Program Files\AVG\Antivirus\locales\vi.pak

MD5 c31f5ba58a8a0b114e1061c7c2a8f43e
SHA1 beeb19c5164c2ca5bd63a60c0499262ce8467d75
SHA256 66468ec740624dc5ca9988e2aea145bbe915333db3327653f130ec4a426baf17
SHA512 784f0426e303639e7174bea1ffe83973bfaaf18c7d61544cd4ee92e417442b085f6a5065593d608326ec8bb7374efe1c44c5c6d15811ef2449baa5597b502cbb

C:\Program Files\AVG\Antivirus\locales\uk.pak

MD5 49aaf394d0376e4bf0639fd928f0008b
SHA1 ecfb3e22c86323f5571c502f020ddda2d2c680e3
SHA256 23752a372251b782f35f6fca4a17dc260159eca4620ddb610f5ff7720d496a18
SHA512 e414936a5b36926f9bb4f01c7271c38d6d868c1c0341585b5c73e848928d0a03b5849ae088f964df1d77478a739edd938680b98bf75f10f0a23944843eb2607c

C:\Program Files\AVG\Antivirus\locales\tr.pak

MD5 d32db9a61c2f11de5df3fe64153a48ec
SHA1 9d9c5731e0c17600ba62ff1bb9a833602e4eeacf
SHA256 f25ff7a18aebd6ecaf56c2b125aaa22a1699fe2ee9cc6f190f6525d824992f11
SHA512 43c939ab2fa18bf7009ed3594de3bcfe0455797aaa2747841957678f31410a4b368c5f5fec684d9ee1487bb40bfd8395edabb97312d97be317653df9cfb58a61

C:\Program Files\AVG\Antivirus\locales\th.pak

MD5 0b8590d79fddc502679b69005576584a
SHA1 37c6907483849773784652835ff5184ad88107ae
SHA256 a06797086a3ae1bd42bd93fdfb239a787d521cbabdda56a0c15aa255def81e5c
SHA512 c9f9ae0c139b9866e568246701473d01fd8d190024411c63859574c004befc59b8e2477a3ab9ab48b92f425744ee5e523d0f05625605dbce95d3449acb201ea0

C:\Program Files\AVG\Antivirus\locales\te.pak

MD5 facf3ab50cf9fd9a08f951a3cf3d42b1
SHA1 44f9874dc0bf80907ba5f1189350ef741f168cbb
SHA256 3e19980886a66ca92ea762b86ab44fac8e71fb16fbf4dd13864840923c9bfd19
SHA512 1a32a1f82d92f2db9556a50b05329415d995a3038fad7e21e82526b976e75bf171367eefad6dfab2ebf388862c5f0154de2c7772f6ac617577e61ea1a99bc7f6

C:\Program Files\AVG\Antivirus\locales\ta.pak

MD5 35b454a9361898f148f056d02e1adbd9
SHA1 c3b0dc8dffda8ceecd0f43d3b6845e5c2e031284
SHA256 7f047181c386fceb204184cf02d1ad1859e5293db04122c5c6585ce7bda8da0f
SHA512 11d18f6d5ad0cb7ce3b9a4cf7aecd5ffd2fd8a72a65ce48afe034f7b11269cbc109f1fdb9448021218b31cfd64f52c53875cb3f0cee5ce2243938f449ccd7201

C:\Program Files\AVG\Antivirus\locales\sw.pak

MD5 8c427fc5a5eda451f60c0e4e6a2c6034
SHA1 752eab30cfb87e90ce5cd887786e115f15a8a178
SHA256 178590c5a7fcf0d41d93724de8aa04f4bad7b9cec119a54a4115f96f9219ef3c
SHA512 e09599a47f5f5a2295fc13cf0ad0aa45006852eec5956092677b212a5cdb6a787349a12f78c2af0529329b51a87fe0cd614e8b452b2a049af7ba51b893f1c7ae

C:\Program Files\AVG\Antivirus\locales\sv.pak

MD5 335c90be59afb384203afbe08a9d5d48
SHA1 30e945993e943e1e6840b8020bd78a845dc3b745
SHA256 eca3cbaceb77840c7d861b559ee3ceadafa9f7777856112c9bd30b5a8d517b9b
SHA512 5bbfc5404f330b047365b2fb73403f5598c696eee0659fe987c0fbacab5a949f38ce5b288bb32702cfb57e15502426a3efc373932da2d01e68bf031f57251af2

C:\Program Files\AVG\Antivirus\locales\sr.pak

MD5 d13a44314bcd033fc50fc608ad1ab91e
SHA1 7abb6cee31c4873b717910fa9c0669130343ec5e
SHA256 6615bd59f0759e6af09309b8344c0e7f0c2dc2bec55beaa0afd1bbe09af7596d
SHA512 5efaf765533e2bbf3095a05c55b3a144c32cec14812d743a5b7de47b7ebc7429088b7b94bbd498568189ee0c4cf1056f2766ff341d46303e23410cc84574c798

C:\Program Files\AVG\Antivirus\locales\sl.pak

MD5 dbb839665d4d78d71c9d49b85a0ec0bc
SHA1 1b8662843a1acc58ef120d62ffcd19c764f8613d
SHA256 80ab358cfdafe9533005571d832377a08e5df4801a6f61be7aeb2afe626691b9
SHA512 86f7e656d140e03f68b0d7ad8c7d9168029e3fa1c8d75cddb2101dbbcebd772dfdab1da3c568effc41c1bb6b3ed0a588f4be50ff307ae14be356ccd101025950

C:\Program Files\AVG\Antivirus\locales\sk.pak

MD5 0ac44c1ad8985cda2e3ef0bc2082fef9
SHA1 66f721bac3f1ff5be9fb7b926b87341d303a60b2
SHA256 ae4a8e4e3706626f7ba53cb395e2472389bdc1319fbbaaca608ee1ae3c918e0a
SHA512 5ca7d91b3ac747241acd8b76176b19a62cb44c62d991e2db6631097df9276c277d19d3ca6713e382ee69f61550b5d40daa03da838d80f04727a03a97a0b28da7

C:\Program Files\AVG\Antivirus\locales\ru.pak

MD5 dcbcbf5867918c54c5f8f267664056aa
SHA1 f3b706adb3c222a84cdc92bf97ce26f8aa0042f2
SHA256 fb9da2895730be8d82924d01d5e0dc28c454d8b91a1aab556d255462c374bf16
SHA512 429896d3e774eeb6f447f9f80f1c148685df728b343899e12e58bd4d58caa70d3b38e264037a720a2074e909e3e3722c8393a21b4f4ced2157da554bdfe40f37

C:\Program Files\AVG\Antivirus\locales\ro.pak

MD5 de48484707e8770f47d27f0f5e2358e6
SHA1 014295dc0215191606e40b2fd757a5a637164571
SHA256 5fe258168978f52d2b3c6f063c7a7c381a70ac06e128ababe6656375025fc088
SHA512 653da7faf9f75477c084267e30a288f52fd1260b77f7d1552981034b033d796b7ef18a6f77214179521213375f4b43a7daf69e4977e487cda90c9d7e96e82e52

C:\Program Files\AVG\Antivirus\locales\pt-PT.pak

MD5 4fbebc23d7a0aaa6dcd426777898bfe6
SHA1 959ce4fa97c24143c3dc28e9420e6d6c76a7266e
SHA256 3cda10980a23de97163a2c06b31829cca1ec3da63b0bb0a246126f402c19b16a
SHA512 a1c4052a40059dd5a417d87935c9700c3cd127b63ab9191ca62e448b09109762906638c5d80abc0565711425f52c5ec3fffeed87aae70c0888199c45a4374880

C:\Program Files\AVG\Antivirus\locales\pt-BR.pak

MD5 3a4f9d62b91bc0eeab11f0865d4be286
SHA1 c56a98f46b9f0ef8c5180d176cfb7773a05ce941
SHA256 3051442a3e905dfdfb8f17f49d12a3722c511faf9aba0fc86d577dac90e3b654
SHA512 39a81774c90476e4e8ab80b0784a8923c698040f51cd6acd08a50b5d2f90a7a22242296ca5793ce39ccc93120df3f40eb2abaf6317ffed8aebb986ff28946081

C:\Program Files\AVG\Antivirus\locales\pl.pak

MD5 419e3f381b0e0f080ec230a9f1b80e66
SHA1 c279ff058f3f3ef086715ea2206f24cf7aa75818
SHA256 a5fdcd13f711d4665d1960f512f1bd229dbbacb24c86bbb3773a905e2dd24b33
SHA512 d7896ce61b64ae92f5af2774f3a996516d24e89d7cc6f84429cbf3f70aa3d87404fca8c6d242b5a088bdc1a7a73e229628ca7dbec81d6976734632cb5291e9b7

C:\Program Files\AVG\Antivirus\locales\nl.pak

MD5 cdac79ea10a58cf43ec1e5452c5faef5
SHA1 35bee3062c54f83cebd26c50718081186023c0b8
SHA256 ad97f1708909ba1c2d6119de7536448805f00275273a8b33e743dbf2e7ab2456
SHA512 d9b907c229742808561e87fae306b8e65948ed60b21e90981de1761f162cefdfb95705edf375bf686cec15f7766ada2969fd7428f5ac4334ee83d7d1fa8b4947

C:\Program Files\AVG\Antivirus\locales\nb.pak

MD5 4795132dc7086e139a2af75a69fa4f63
SHA1 e8acbd586ccb9ca0686c7cbf90f0be5cda48228a
SHA256 8ef002c7ef1d7207b5b41038f16fef198d2343c0539f14090960d6f1295d8c7a
SHA512 466f4a0eb01d2f8d8359016fba96189f152fddcf5c041b05a62c5a7b14b3d93b3f2a4c7eba7e292eb8acacb65afa68b9e9adf4843ef78c410f3d5296656911de

C:\Program Files\AVG\Antivirus\locales\ms.pak

MD5 a5d5cfe69299d29812c9dc473c9ceb72
SHA1 768d505ea7678aa2d7f7aba46822de231f1a94fa
SHA256 26457724f3431e3383ac833cbd990834dda8e5e76b961ff931d171aca4221626
SHA512 c8a8e30e67e003720c2fd20150140370e9e8498e2c385bf7e6cce8406b7abafc20fa249f7c3ec92deb5d86145d59717d17d758350bb732f8196129ca82b1e110

C:\Program Files\AVG\Antivirus\locales\mr.pak

MD5 9aab1dc6721afb63ada134d9d1bc2dc0
SHA1 f0e309e0570e1595709cffc570a799e013a2431f
SHA256 27baebb27c345e367f27b2ea8eb5895c2dadadea282a0fa94a1b2057859736a5
SHA512 9e04ad79a36fe4142544b6d360c0a5227cd7c48e2b0b091085e8d3a011504522da4584460e5234d705d1a9e1fdf695902102e005a30ed2cb2e021b19cd58a708

C:\Program Files\AVG\Antivirus\locales\ml.pak

MD5 5434e2c549029aa898a97f78a65ab13f
SHA1 0361686f5d38363fdc5f67aa5980b6729fedd4a1
SHA256 990b6559fb32e86df8045cdf8687fe7176fb810c18b2032fbb1a093d9b2c901a
SHA512 d05d6e89e0f313622692b2173f715c4c84f80a7fae2ca9bc8b1ecdb02b090e5189d40f5777b647e97344ac65a84c284209256a7e1fb45016d170fde0eb7270c9

C:\Program Files\AVG\Antivirus\locales\lv.pak

MD5 a9f1ffb1e215b45afffe7e454dcc082a
SHA1 bcc32731f6fd700496d4445545366cbaa2565220
SHA256 a9cff7d778289b25bca696ff4873e45f098be21f8f4fa3105ae7e2b9b1ef95da
SHA512 c8e692b0ade3dae78b1bcb7d8e3c821fe4d5fe0759180f6f44e603ecda341a8a925cae5986584e98829007bc56a4744ef0082d1feab42781261a6ff7b7b65676

C:\Program Files\AVG\Antivirus\locales\lt.pak

MD5 96406518a17835d2c08ea09f6a4f5269
SHA1 63f2b8ac41adabfc0f58bde2ea02af3ea830cee4
SHA256 336b6bfe35680a19b02d583f332df5d0f5dc6fa5729c2910fb1aa6659e6aaab6
SHA512 342a9d97fa6747b52e462e302cc865e8ee6018aa65ac3d517d4625cd31cef68412e4df9d28ac10e39ed73801342455635ab99a6e167bf7527ac7acd62bab733b

C:\Program Files\AVG\Antivirus\locales\ko.pak

MD5 d324469bd2d6e373ab875328c95322ee
SHA1 8c4d3d7e0bb3df9d4028a49b64182d016b47443f
SHA256 549b190c3722d4774cc7a8a2730f858dba66f063840469799adb449184056f9b
SHA512 10a2e751d95422fbc24f5618edac8589d033f19106ee500c83830fb839d639d30f25f2b49ee017767325dfdf833a6e1f9eaaf0c1081c1d339233dfeda9876ae8

C:\Program Files\AVG\Antivirus\locales\kn.pak

MD5 3a998b7d9c41dac3b2896685116ab994
SHA1 8c7a3272e79fa27017c24905f2b598499a62623b
SHA256 5eaca86a3792d40db18e7d1ce39683471bed1e8b169d716101808930728e1ea0
SHA512 e1e7e49d4f47c6338e9530b0089c1b78f96fd8e088d7ef2edb013c8a503b86f803ec074dcb8ec3998ca981a5373fc37936c102c9d8c971abc66c6233c6758eb0

C:\Program Files\AVG\Antivirus\locales\ja.pak

MD5 017796cec4dcae8064f6303f2e3174ac
SHA1 1709c22b0a24a74b690deb61dace383484c08bc4
SHA256 8b8407ca872711857c1efe032f0c71df17fbe8d82107a09953e812a20497e582
SHA512 e469f0a63bc649126e0a191dd17c1f5db6e1bbde4b4cec63fe4dfe7c821ff5f1919980ba5bd4962095c0f8c4698ac659693b6ecf1a5feb2832936bc3c47a3af5

C:\Program Files\AVG\Antivirus\locales\it.pak

MD5 ab258570cfdde79a3595b9deeb6cff01
SHA1 4563fc47d20d0a2ad81e7bd9298a5aecd11ddcda
SHA256 5fef05d02e5c971e8d3f6b5584720ebeed7c7e6e5214320f09ca6f7d84ffa993
SHA512 8a7ef6aff2682a96511e2130de62989e5e3a9ae35b8db66173f7ee0102b1e5f5e0ee7ce2a6f06588ba6e4c577c6d5d5767d0a23f1fa1bce3c2d4b08f7bcc90cd

C:\Program Files\AVG\Antivirus\locales\id.pak

MD5 556874df87f3e62bc9f2baa6353c5d73
SHA1 6e79085ed28fc54399bf7b91a09e69aec0e21e2d
SHA256 60e0f7533dd163da804ac5445f2a80fbda26bc58ce26d8d2de7e2bfd4e5d039c
SHA512 884045476c84c3c18cf41c7a0f4ef98c9df5333284a8d9f27757fa5c19a8c8f07a821b613f7d0fcdfd594fc23fc78ed5d133e2e1e5c965794376e69903f20f8b

C:\Program Files\AVG\Antivirus\locales\hu.pak

MD5 ae54cf32c7e5bc9b75615225c5faffea
SHA1 25c6ecee303925f6a273a8d0818a79ff80a74298
SHA256 12949111bf85a2236f071a294a508d99c90587a97b9ba7f61dc8d70e36f5761b
SHA512 eb12669cef9fe09d8f53094aa5df2ac71c8ea334be474a2dacb5f2e8ab56bb56bbb188aac10509873fb7dd3ebb6278d69a050a700cef6388a5caa22736813932

C:\Program Files\AVG\Antivirus\locales\hr.pak

MD5 5ab62a807b85bf1b75c741abba0e9f98
SHA1 641b2360699dfc465a86c0e10b51b4739bc3c770
SHA256 b967887c6313fca79a82168645c1febe43c949f01e0eff3bb8413a04b590e16e
SHA512 d53895053eb4aa230bf9285e1cf0fd46704a9658065f35a265496610c951d09c2436071f421217d3dbe54423624d216d357471763bbec069d3d0d938557fa291

C:\Program Files\AVG\Antivirus\locales\hi.pak

MD5 e7506ea783c56cf5432618080371868d
SHA1 91f7c1c26a7eada6af72089252c2a0153066fc03
SHA256 2418a772d39e45fbea52182965a901364ddcd5459a920c8dcb56c2844954e536
SHA512 4b4d90e2fcc913c061da046b4ad7256c1dba78959d08dee67a471690177dcc8561650e3e0397446fbcb4b9bec89a345b4f2911bbba6a88444ee9b135fecb49b2

C:\Program Files\AVG\Antivirus\locales\he.pak

MD5 ea6c8dd5fb4007b5b5a692b857693d46
SHA1 e142738f399bf5aa7c19d478a7def3d270e61851
SHA256 7652d063f1630e33228809834f71e6e2ffec75c472ec66b6ed767bd98886f928
SHA512 a77fec4ea0fcea2de4863eed319abe2f4143b5fd345aa951c94068f862bceccfe16575271bd423bf09b7116c6bbf7faf4daa59bfd0025797ae9202a311637e1f

C:\Program Files\AVG\Antivirus\locales\gu.pak

MD5 349ca76d987c9e2c7fb00966aa034357
SHA1 3bba7ea00e4f4d9768dd2311ec1ac59cc8239652
SHA256 79fa0f068f09ed239a8e0c3f1da0b35fa1f86622f9fa47721e13656696184e88
SHA512 330488349b8a7d9503df180611d97c4d449788284304f4bd231ec97c77d5c2221adecbf6a9486d2a8bee37b6e2c72ad22cea3937e95c1c3178c9dc6c522a52d8

C:\Program Files\AVG\Antivirus\locales\fr.pak

MD5 39df7277c2854d60b4b61bc11add4188
SHA1 865db185756772df35af31dcdf78dab7fb9f8549
SHA256 1ffb04ba6986f4a25f5191da50939cfe48d1581388148b7f64d3c10a124439d8
SHA512 de627a69981b4a4604a587a610b59a022f6fc4715cbad7be59cb444db7b42e0337cbbc42e9c0a5fea84bff066be3273a8eb251c578e5457a9ddf19f90a8c71e0

C:\Program Files\AVG\Antivirus\locales\fil.pak

MD5 2dc3f1409e7f6a3fdb3aa55c1bceafcf
SHA1 76fdde6ee054a19f7c76046bd41390004bc6ac41
SHA256 fab8b112187fcf9ba5102ff0aac2f5eec63a646c8bf808fc5a2e4e08b9c62a83
SHA512 5ee1981ac59456a623297de3257219b69bc053aea71fa4ae1486bb6f0689f7adb5e78daa17d8d338755eadb7164b7d7f50bd6bbc004c80d00ec4fe56603750c0

C:\Program Files\AVG\Antivirus\locales\fi.pak

MD5 59d49ab548b74d85bae165b8cc15b073
SHA1 d1946469ab92270bc99b7ed863ac723cf676f050
SHA256 fa171dcc44baf46cd4331d0a833172185ff6a166a31ab4f9890eb0832e15cbf2
SHA512 40b9018eac2f55828f3ce3b50e6428ed545f8453c51b193614137c035ab9853f63ae9c82c2ed1d6f9a4aee265238478bb46f468b08442d6cd4d0d49c9e1576bf

C:\Program Files\AVG\Antivirus\locales\fa.pak

MD5 78c7adf045b3d8a05c6f6519154cdef0
SHA1 694fd63b612fba0267e1deab41b8a87ee0649dc6
SHA256 05a98b8dc3b6d5e3a224e17c144d873c3b84c6e704fd2b8dd659e2099789f9a3
SHA512 cea96bd1621550c6108695d51a317bad4054bac9b564e45f2b0a16cea328be15475cf2ec033c33106a184215fe7180fdbbbfab709b782f43919f68b976d8cb99

C:\Program Files\AVG\Antivirus\locales\et.pak

MD5 d045af9a8b85c6ac73f60e9fdc16590e
SHA1 874293f1b5d1b6e2641d9dbea59b4e1b8f377752
SHA256 241f3e5286b25864081f50edb93c4693bf001f04d7c7b98f5c4921f768cd7e94
SHA512 b8f9f59f6519c5839d4da668a16062100be75317c4275bbb50e1afc4b6b66ecab7268054682bfdd63c5a71dae8ae00e80eff3eaab161c2e35a3651988ad38413

C:\Program Files\AVG\Antivirus\locales\es.pak

MD5 44c080e276c1c44cde4dee4c576a4358
SHA1 217c766a2ed03b9a9f2f4d1e2c148f10d836cca3
SHA256 85862323a3128490a2c1be66a36480f7eb73a2294d62ef4ff38ae868c034db4f
SHA512 333acd81c4b1fb5f24f0b0b2f5192175586fdd455895bdfd7092425cd877a844aebe3e74aa37060c849c5821fc5174a2471d7db95a6e7098e43e177db70ef92d

C:\Program Files\AVG\Antivirus\locales\es-419.pak

MD5 4861cfbe34644b1aa3a62e0b8a955b28
SHA1 66497635946e50bb17483db226d9d9fa0e80db7c
SHA256 ef0a523bcfa4d3a1b7472947a1f2a0a68e24c628386f7f0056ca4404d82481f1
SHA512 162069b7b670d7bf68ba8276d2ce0b042a4cb0f19f2f66edbc8af00dbd97e084ea9a755b817a82d77e83e63d97e79d7e50eabaf67c880b4aa85b3b6af0cce20d

C:\Program Files\AVG\Antivirus\locales\en-US.pak

MD5 0a70bdd8c0efc740818bdb82993bab85
SHA1 d84b6092664894f42e1afe042abc946a3e0d2e65
SHA256 21fa942a5f4f26996396f0d84807b6f8c01afd5809e2da33487bbecd0a6d13ef
SHA512 085c21045f8fea63a80678069af61e4273420bb6645a833319d58248e61adeee3cfca23edcb7adfc2dd59621184035e3f9e252db8d5840e6f6727e0e05b5fd63

C:\Program Files\AVG\Antivirus\locales\en-GB.pak

MD5 314c49194e366808b2b36253fdbd7714
SHA1 e9e8ba1fcfe91b80e232899c69844282d39d0d23
SHA256 411a729d9288a62780c32d6bf5f4cf0fd8d221ff341ce79c2eca25dfa03c9821
SHA512 5c24bcfb043ec09f31e5c8e640d1bed4932f9560d68256d4409d5d51a8948af3381e2bbf164515a2e35cd7e6ab5349d9fcfb4916bd8d11453da9d69e7cd8f5de

C:\Program Files\AVG\Antivirus\locales\el.pak

MD5 c6009c7b038068b61aa6275b4cb9f860
SHA1 4b77f7f822f4ee15c57dbe873c6f7549fb608028
SHA256 efe6a9d8dcf76f5286bec0496209f59da3de6ab6e355a183b69a7e4bd5d36cc2
SHA512 d3d5eb21caaf361bb92e0453ee1db4ef9349e071be2736589a8d2f5cd587e85d33c7d65f01342758dede0ab0a037b294d7e263d82f60c29e583ea1c30c9f3fa8

C:\Program Files\AVG\Antivirus\locales\de.pak

MD5 6932a8734c0ef9949fe0dc3b2282e16d
SHA1 817c17d5592129b6277075845557148e1e59cc78
SHA256 88581d49e6c83ef74fe4aeed438c0380f321d9eaf3b8ef210d39f8378836a1c1
SHA512 076f2741f28f76fb0da8fa35bb55418874db7e2304dd09afc0cc818b0c5e645831cb0c3ebf97eac474339c584e640f562b4699f54496ebd761e3733777490b6b

C:\Program Files\AVG\Antivirus\locales\da.pak

MD5 f1e5e7dc819670c061902a3daa17daa2
SHA1 583ca07af55f3055ce127b81fd825fe45cb722ca
SHA256 cefdaea7b486364291fad01ff402ab8098e2e13bc73b2bbeac25c8a9daba8df8
SHA512 b8e8e79f052d5165446a8392a4836fd6915cb87cf199c499e9b4e767e6e60e4e94d601420e798ed3b7354c8ca91304b1d062332cfd5016614705aa57462aec83

C:\Program Files\AVG\Antivirus\locales\cs.pak

MD5 0161995c04f022922e5c036d374eceb1
SHA1 5294111882537c10e4ea4df72b3508fbf2d2bc30
SHA256 3f2e5a65ebf8938ff4e9676b12573b23c72501761f1bff4d5ae466b68c85130c
SHA512 c04c549e23d2ff33cc424746f1a1a6d70e4660612d857070810c7ad9c7021aace09acf62e0248f139acfa2369fc511b4f329e14f3d6126813ff66ee7d44b3611

C:\Program Files\AVG\Antivirus\locales\ca.pak

MD5 8fcb9f17f850f0dcffa2512236e25790
SHA1 429b36872ed7b655d745fd8efba6b5239ad340a0
SHA256 c79b92ba066cf5414fc37795e6a76e966c23143bd3c48c0cf5f61aedd5cdafef
SHA512 1553cbd7fa4fc87341bfca39cf58e8834d6c3100571e34bcd5a1961884776abb69592c627cef414b918e8cd4bd709a83c4af2bed5d5c4a84b9509e896b8fbf42

C:\Program Files\AVG\Antivirus\locales\bn.pak

MD5 c7b9e899ee655e2cec7a49b9cb2300a2
SHA1 5c471604d1a755a393f1ca2f1acafd6e014792be
SHA256 522e7a2e1f7d8e49b5632759cb5dae269578edc522689bdbcb23b74750f53e77
SHA512 b56e1afb9c3f67ce891eb0215a68cb3588a82fe51e0dd2f9b18335f2312bad156cb3be032caf641a7a39ddc0a41038f96f7b36469ca327051bfcda620145f6df

C:\Program Files\AVG\Antivirus\locales\bg.pak

MD5 dec816e6e65e705be74917f249e43fd9
SHA1 6f90b68e6b1d904b3e41892cdab1923f4f868376
SHA256 ea323024091753a5576a343e46d19bfbf9939122bdde53d91d7dfdbbea5a9c68
SHA512 d21fcaf4fe07f4cc6c369d7cc5a1bf06de5ddf7e2433310b45b53aac340259f5276e1e86e15591ede8d4d5c05d719871d586942664ffc76eba1712ef3145395b

C:\Program Files\AVG\Antivirus\locales\ar.pak

MD5 98230353d1463eee93d64a4856f7008a
SHA1 10d98e7d0e095dcd947fbe0b8d771ed1574e3ca0
SHA256 36f41a346ed07708ce12d54e5a4c4612f49a375155d1655a23c52256838617cf
SHA512 53b9d1b50bb79e245d74dd30cf66da4715c81ef63af3d569eace6329eec00356eacb7357271778e837b60fee08deba2ba445b8ea74619a955bfa2b8e5c05358c

C:\Program Files\AVG\Antivirus\locales\am.pak

MD5 ad4acdfe76c998b945642b9af2756ea8
SHA1 025ea273d63fa71f3c10c578b1a3f657dbdb3f96
SHA256 4dbde72ecf65ac84b6c01251d37c425c4cedc00e3cd9cd40c0bd5a6081359b64
SHA512 81f71679d2ee24ef8124e81f39f49b113a157c88af093a6f571c34b67d19933c200d095ab65ce099000f132fd2a04a44829047816c1e53a42ed4c5b517e90fc3

C:\Program Files\AVG\Antivirus\icudtl.dat

MD5 b4835c946570220b1c7eefc21903f03d
SHA1 71243432e088ebb86512a1cfeeb2fa93442dc050
SHA256 8b3306c520a6559d8b53d1133f6bb3efce913e1d780a0e4cdbfe6c79d76de431
SHA512 f6004f3562fa91a3287d370ebb071b8168778063d218498a3546aceb302958de50c77d6d60ae9e7576cb71db682fccb06de87a02c3d2a997710487fd08a60e64

C:\Program Files\AVG\Antivirus\resources.pak

MD5 bad3a80c0bbbda22c237407afe0a82a4
SHA1 00cfd3358c40c549d4709f4530de277ec349edda
SHA256 59a0ad87f4aa0bbfc2d1462ca7d5e760e2f6f2911c6c31f0fd450a9bea7dc684
SHA512 110a39d7c26745167d31edfbb065818afc68cf6bab273f967852024bbf7c4566920f93eb207c4f17105386f18cd9289d35ac66eef3c1ed5f90e5628568222fb7

C:\Program Files\AVG\Antivirus\chrome_200_percent.pak

MD5 8f6d29ec5f29c02e8d7188366f0ef3ae
SHA1 7451e3cc4a7de1a53987c5cadf2a759269d99a40
SHA256 3e116ffe2f55faa2c2b96aee4da637e6424cb48bab27d9f94a958530f840c673
SHA512 418be962c4dcf92423b2bb780d3a7476756e16aa1b670167ed3631bbf7ad4edb1d35a04c5f8f685c5eb79edfe5a247403d25c6ef18f43eadf1192603ddb2b386

C:\Program Files\AVG\Antivirus\chrome_100_percent.pak

MD5 8ebb97efd9cc5bd6c500ef6c7a9fa406
SHA1 8e285f1ffd650c87dc4a0ec26df418acc1fc8821
SHA256 aaaff8d6c9f0307c4eb3dda812f566300073414de002bcefb273a7be57f9e69e
SHA512 f93b72eb950d924b66bdd44713b631409003feef26f6146ef366f05312459ba2d2c4c720b3ad13594c8ee6c3734c53e4d1295eea064c03be313ae2f541105c89

C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys

MD5 c503391a4bb78c3fd56b330d3a40992a
SHA1 f0c28017da12baf79085552cc683fdafef351c0e
SHA256 cc8081280fc5ffbdc75c85eceaebf8da82ebee132b4684b1900b1d86540107ad
SHA512 c4e60c59a3b22f8f233b1b6877b7345de24c38a01c1cf8313929ea61355fb775b1d1a171a1a13895062eebd81e486450e325660d2477d694589d47befbb9793b

C:\Program Files\AVG\Antivirus\aswVmm.dll

MD5 e36df18333d818e96174af7b45b20f4f
SHA1 5aeda395e1e562a9772534538780582b00f4212f
SHA256 486c91a9f2c0712709b54e77110a890ad757b405d82048e8d67840fe416ff9c3
SHA512 595d8bdb00527f644a45e1174261ce3bdbb72a628c8ffbd972bf55f7d54267788da7bbdbae7a4cc34d441d03c4fafb11772a280673779a619166b14929f0e945

C:\Program Files\AVG\Antivirus\avgToolsSvc.exe

MD5 cf3dc7e3cbe2e1d8df8837339735377d
SHA1 ac25885ad508235e3d6e46ca94bea785470dcaba
SHA256 8578de1fbebd6f4100ea2a76e91da4cd66afe8e2ebce4891006e7f8e328ed908
SHA512 d6ca31ac3f87ca08c3d79ecef7002eabb282943abc0b5b2c5d8e25beb3f6189db1af4b383a6c2f9254dd23d132464a2eaeec26a1f9704bc0f9f94807646225f7

C:\Program Files\AVG\Antivirus\overseer.exe

MD5 d53a877b6bcb2219afb5a4095eb9407f
SHA1 10d1e7dfc4dd93a56f862f6c8ee0266348569410
SHA256 96147244ab15493830f42bac46676ceb522b5bd9c52c12f97345dc52c6bb1229
SHA512 791baefe6637d7e22a8e3ab251f70399117c3d83f98d5f4f1c5f6e9ec3bd4480f3138406b3ee87411d710054760f44c073d3616b5f8b2f04159e735d6ea38e5e

C:\Program Files\AVG\Antivirus\SetupInf.exe

MD5 961fc3fecdc0a6016f29c3f27af99c96
SHA1 596c258ee6ee9dcfcae84c677d1e3c5b11aae376
SHA256 7889f2df992dc4966d8899a9e7546eed98b2b4e5541fdbecbc892e964912981f
SHA512 a2338ca24e54419e5320ffce1c48c2b129e8bd6ffac2de44a62965a39aec7d8f94919786e4e564ec18cccbdfec81675671f85a1292a2dc528663267a8748769b

C:\Program Files\AVG\Antivirus\AvDump.exe

MD5 c42787d466db36c8cbe939eae04a2850
SHA1 4b130f2a6aa2a265d471c88c24ae90f3d708101c
SHA256 559e82a979d11c6141cacaf7e4a4d64ba2d8dd00382ebab918753613b1dca949
SHA512 84449b0511372f77cac4de319fb034159da34b02f24db04947f7fdec7381b58d57739ab08f2dfdf988ae78569c55c7ee7362dca7ae04fa3a4307e74493d21277

C:\Program Files\AVG\Antivirus\AvBugReport.exe

MD5 818a39c221354c1e3b30724e12ed384e
SHA1 eeba918ba965acc59a524797760b7298da7bbe0a
SHA256 f1f6565ee36e7684ac33a54649a453729963ade4dbabf0dad5a9971e2927726d
SHA512 a608ca7cf64b6a22828197a9da9f2b430538971f8d0299210972d38da9d9ea90c533aa5fab304f245d3a7e8f986eacfaff35ea380fb27bbfc727f3c7db8ae80b

C:\Program Files\AVG\Antivirus\RegSvr.exe

MD5 953534727d7ca59a5dd3b2ab268968d9
SHA1 fafd202b84717253285821d48934b8f4d0c02f39
SHA256 4e25d86213119221bf7e12ae28620d35ce132820aff3cafb0c7a1a6666b09f68
SHA512 06675888653c160c99c0642551927e8ee03d0b67539deb844972e27517e499b8c47a302f97eccca846bcbf45945630c94f0d5c30e81682a49039f7a5e93eaa5e

C:\Program Files\AVG\Antivirus\aswRunDll.exe

MD5 4ebdf9491703b211d4015a3d40ab2481
SHA1 5d6a42b31fd8e38d7d196cdb906167269c8c5573
SHA256 acede5a0ffb97557c4e67387df08d4575836921bb71955707f73ae1fec7554c7
SHA512 fcfefdf44b0d9a92b8511c7f9f61c3ccfd44c254acae84a855c7459c1e8275157c6bdc73bc4453787e962b36cbc65c9ac6f0fcb7c2a624ef50fbf7d165fe4dd0

C:\Program Files\AVG\Antivirus\x86\AvDump.exe

MD5 ea71be88f5b3accb6b51a9f2aa80d363
SHA1 1e289a816ccc6e568df2da2c0376d8f78ee00105
SHA256 a3d0bb998bba01d98af76a29ad7233a922845cb690ca770f938fea48b094bafd
SHA512 e9baf508057c6f2fb04e97452085e0000af8e7f0e018dce11837ea18fa8b27fb6d5ad4551d1039a59821264d47a3502395b00a25ccfef4d6989ff4e15f64566f

C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe

MD5 fe4497c37bb591f793477270bef3800f
SHA1 479b2d78d3e4ff72144beb99e2a71eb8253c8bba
SHA256 27a865580f258dc074fb9a5467fa916551523fab6cf8f62e5e9f5bf4bc22310d
SHA512 04747703bd0a8c8b2ce50e18dc7bf2ba8c5e0d7ce99a0b06689d24e4fd17d882817df8b7139773cc46ed7d2d1323504ea9fba3c683b5e3bba4ea010408296538

C:\Program Files\AVG\Antivirus\x86\RegSvr.exe

MD5 3842aa1e47dc3b11d087317406663f37
SHA1 a994243c1136e1fa24343ee03d296f4912c9c13d
SHA256 d6255c60439c0a70ca098737b5d29d5ca028f3724e28556095a92cd642fc1653
SHA512 4c02566edf7ab0213e3923123d569261dc3d13c1b9080e267f81d838acb82be6873d00d279d4d167ca83c15b2ec06b412a6c072923a9c2bf6dad43eb2d653990

C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys

MD5 b34ce8ef913494c7968d8d151af4d73a
SHA1 f1529dbd239eaba9418496a9d8808504692f1424
SHA256 121f214858716060430d8b252ff7a3081f3a1d8cf9b275651e75d1193847233f
SHA512 e5aa1e924f4837a45b31e54efdd07f68757977b777e68cfe7f8e7e46bde4c692bec9b742d438cb9192a536ab74c995ceb0a2b61b5800625a800ffbb58af6254a

C:\Program Files\AVG\Antivirus\aswwinamapi.dll

MD5 0bba4c0bd07eefaa201283b75bcc5c56
SHA1 2f8653bcb5f21181ee0c80dbef4c228560d68906
SHA256 2a484c4674fad7394596409845845b0da9f5531ef322e2d585270b6c4b6c7d3e
SHA512 71655989f5f063c27c167d906c77ff0302e6dc4c6416dfdafe47b8eee4c50f3b0990a9588a46f3c4229ff18d3e2d17ef27a3980d7ef06c5be17778ce081d7441

C:\Program Files\AVG\Antivirus\aswsecapi.dll

MD5 c7aee5f776f6de237ba8cda6378ec480
SHA1 dc387bd2d3e39b78c94a53b8088cd01376d4b521
SHA256 1a0f8e3e77c6e982d649db4c28b1735be6d5574ad287f4921c9216aaa49e8aa2
SHA512 a23ba3345a2525eab3b43d75e10740ec113d3281491eb3a2cbee9b69b0b3d33b04b8e4d1c28d1b1f6a5b97dcf33ed2b8be2359b96bd34d66b87378ef751b0fb9

C:\Program Files\AVG\Antivirus\aswremoval.dll

MD5 61f518cd090226987955e8383c443545
SHA1 bb0808d5b45df84dc4e937db304a780507f3808b
SHA256 c4b7569229968f3a746e09f1ada2a20400bf7ca5c7816ee643b0b313b56b7705
SHA512 c8654b275437b25c6ae119a5d38487312cab94eb0e4a65be697ad6f13cb2cc8fe14ac8ef43cdcb9b4ec9d5d08575ef87288e5b5e70aefebb8af0b9f24a9fb2b8

C:\Program Files\AVG\Antivirus\aswpsic.dll

MD5 0cbe0bab9db2ae0f3091d439c7aff172
SHA1 0f81d1aa37033bf48ab2569e75688acd01ae3dfd
SHA256 91bc79c3e7358ea16c0deaae9ee50ec3fa948e180385056eb264081d6dd2a9cb
SHA512 b7d2a32d1de290dc18b76e34b8a0b56b78c52cd511c808e70ac17b440682c54cd997830fdef11003e1ade5cf92711a7e01c34f7221b147d133070efd97ed5cab

C:\Program Files\AVG\Antivirus\aswntsqlite.dll

MD5 5c8e69b5c74e17bdc4fab8fad3fd6b65
SHA1 c229091ea811102618ed6a76abacc2905404f845
SHA256 8f9d938b77ca792972e8eb92b38c71d28982c8bddba42ed1991202a469d92f81
SHA512 a505d4ebba30f4fb5341d5ae5ec91cdbcaf08b54a23d8cd5e040a8d09a7b09b91dc6e1dec6a5415a733e8008eedad7a6bdf0130b598093c0f5578ff7ae78f7af

C:\Program Files\AVG\Antivirus\aswdetallocator.dll

MD5 ffa9a2a55b0b9ebb5d3bf779832125ba
SHA1 fa08f4e7cf49b193e7639e81b8b9e43b3fdc6afa
SHA256 787413481f0f416c51fc424129b961a48565a6b517c4a2478b5a0ba4211bcf24
SHA512 6ec3f875215d1ad4100c45018a576069faa27567310c7d2ca9d4d43db17ba80b2011e4a6c9112678719b4f7a2d4a2a55d2a621b5dadd24624eca1d4e2075ab26

C:\Program Files\AVG\Antivirus\aswcomm.dll

MD5 1605a5b5f8eee08ea9601f73225f3d5b
SHA1 bbf47daf2536338e63320834818921eb5e894b9e
SHA256 025c40e0674af6efcfe4068ad3fe5ef6f9495c413565d79c80ba5272950d0664
SHA512 6ce04fa6254dd08fbfc2ed3e46ed930cbe318599c83c6e94e2f05b8113afd29a215c23e138502d76d112cb881188560cdd45965bfb2208dd2e8827d4c86e0f99

C:\Program Files\AVG\Antivirus\aswavdetection.dll

MD5 15b5a3ad95726f1b8157204f8d566161
SHA1 c5ec39f543d5f78803281941adfb8614e5bbcb33
SHA256 00f8bdcad4b899ea9fc44b0e01e6b4617c94a63f0ffaaeabe072799f56b4cd85
SHA512 9172bbfacfd6300fba5ce984b59c5b75952538f5444566b19f7d996f059bff256c36aa87c0b89c20ba5d77e8a34440799eb302d3920775cc86acb7b149d8a28a

C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys

MD5 acecc0d8e4461bc9108f491af817a494
SHA1 96fc4ee7c9af19d341b6921a52ec2bcca8eab2dd
SHA256 a4018985a62b5ecd3c3537a15feaaa6f51f20fb2c40648e1c92230a2c7e3193b
SHA512 9726009ee130dec8f7730ba9706004d97ae6677d62439a9d3032007c65ac5b5c1e8ac8165e455d4bd0cb95d1b14b32a09a0c74c1b9acf051770058f0603dac74

C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys

MD5 13d1f60a36dc61e4651f0fa2f925017f
SHA1 ea7cc839a9d56be1675368cd853e598a6d321c40
SHA256 4c55d7cbf72ef205d60d5ae2e953aecd1d2a56c10f5f3aa578d9ffa6805716b3
SHA512 a0e299de12e70a83ae5b1e9fab05f67534285e94912e79e3c13e971437c5f99960893aeafdb5b3279df5c85619f7c6312993d5e639e2a0b8e1223acdae8bd9db

C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys

MD5 4aeeb33bad81fced46fa7f90a17d60d3
SHA1 f3d6e8bbd96fb42f5c52b5ae4cebd933420102eb
SHA256 5cabd407ae502f3ea4bbec56460bdf6fcf5bf39284dbbc6d10db90665da4be62
SHA512 8dc259e22a3b14e8d6688c7b9a1113cfba8105ec7942518019a944a9ff1eb87c896ef149cc2f913429733654f6211bd6da944d3aba113cb513c0123f8848beb9

C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys

MD5 b518475b450188e2b12b3800c0f6c02f
SHA1 f3ed214565a02e4306eba2716d3cf7e57b795f40
SHA256 1511f413145fb9917473527ed6b17e637dec82123415a569c236719805aa3007
SHA512 9a3dd518ad9a3af6e65482b77102bc5303fbd335fd263393858717dd3b6b2207dd5b88b8222946015c835d0ccbdff6a25d7b50c30e684db49808b3b46ed8e1b9

C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys

MD5 1c2dca384f182f71501265b0c393aad8
SHA1 aad41490715f3a7f1946bd97709bea86b97627b6
SHA256 9139dcfa944bdfea621c6057b522852e3d5229a9dcf5211700ff7ae59452b965
SHA512 2e767cabecfadecdf2353db0fe5972fde0c591e8cda3297b445d5434d012470ec2cc856a626afa96aab3b46f9c6cc953dca92824d0198fe3ba729741e47f9608

C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys

MD5 f18ab23b526e4c62f8413c31960e4fd7
SHA1 785a8e0abb7be95d788ec8500b71ff803ab6a95b
SHA256 66c2f71df49b86c68baa6b9c2d57b4f6b486fba1356da5105ab4964b82a56b45
SHA512 0d3905a8c81661e4680294be540e79df1c5fed20e3c7c4962b50ec028f9b03fbdd24274a8751d58b65fccba954947be574801c459173bcb0b0c017fba552bc7f

C:\ProgramData\AVG\Antivirus\overseer_unattend.xml

MD5 1a90bc8644262cd79e806a222f38e95e
SHA1 0b9dc24a50654a32e0d5974f9f4370bac30a90f1
SHA256 1210aec78a7a836e56e94accf4eea74d5c0f26c2dbb25ae4d6023886ed3c9d64
SHA512 4f67699dc93ee7df09c4657a9fffbeb1f34ac615eea55d169ac03f7f58c50640c968f4215ede9dc59b5660166a9e2392fe10b8f2f68f6b067e9631c94c805941

C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys

MD5 dfff042f70397fdd31358805022640fa
SHA1 0045137204d0677ee37360a4167fea79a73f438e
SHA256 a76aacaae0af594cdac29db974c7005398412cbd79f48ca217e9d20f31971cae
SHA512 8f46086aeacd0a78e0ce5adcce9ff1923dcd32c50ddd3af43b5e5a2c96763dfe4a40c6d2d03179a1e4007f14ecdbf4c1ccc467190b084569980714ca0a1a9666

C:\Program Files\AVG\Antivirus\protobuf.dll

MD5 c54e7ec57e1fd9155ac8db7d5a4c5ac8
SHA1 c74d4ba9044c379c672d613168a70c7398dfaeed
SHA256 7bef0f11011c0563e927789bc82b44bad51c44a7607db3aed5feeca1751ef08b
SHA512 cb6c8b51aab9bf43bab581ae036bdcb0e0ce8fec3ef1815530ee10885b90aa484bce8cb0b7d28f10a7431aed58f707eb2a05e3574661bdcf73bdddda61aab484

C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll

MD5 aa454b456433b0d2848fb1875fa674bd
SHA1 daed22374c2357d82f52144b7685f844fe36ea4f
SHA256 df3c31c32b14caeab1df6ffedb34ed2c79a91723fbb6db28f51795724881f3c3
SHA512 90ac876aab85657d56cd6a574ab52abd016d4de87cbe8e071eb268cfb262a99cb65c3ec6a5ee5e8d36397f5a62a4a9baf64c17e9c58357346a70a686d124548e

C:\Program Files\AVG\Antivirus\libssl-3-x64.dll

MD5 17d76c0e6fe4f296d499da46eab835c1
SHA1 2973669828165363eff1c9e6594a4d3ab153c7a3
SHA256 2959ddf57bcf20523899f6cb3f16cbfd122ed111d7dc6f94333ac3b34871a944
SHA512 763a693ed64112405f0e635b509649b9323afc947e9d38312235ccb4de12785f6da24e9a1683cfdc6c6b67fceea21edc267a7f80496b041b3ce6eb92c07c793c

C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys

MD5 2233b086de7755cff0c2182116edb47c
SHA1 89b47f7b31bfc6afbb74be69c0b229cbb84af4a4
SHA256 38fd1d5a9c3bdbc746c8c6874c5bb4379d328fb8923ba816b44333649187c764
SHA512 38ba818b24b0b898faddb79284cb13790b113c5e7e94cd5577ad16849d48abe5c7533cff383c0c89ec6a005d3c362e723f425aaa9805ec81197614a269b64fd4

C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys

MD5 0f6d28ea3b36943df353d24d7d42c2b0
SHA1 3930e7ff47ce96ce987800b3d39694e4355d050d
SHA256 5278ed37426ab63b69965d18c79622522ed07cba6189b89fbe75a042004a4fa8
SHA512 f801a529808b0af035d2af0101e1aec5df284f9260ba8206375b4cbf5c8208790a261b942613394bc40615f15e9e75e85515c15d0c3340200807f2c390da4096

C:\Program Files\AVG\Antivirus\jsbridge.dll

MD5 381e25b9ad00407b02cb40b85e7d62a2
SHA1 b582a58ade8aafe9b22c755d5ac764f5947467ba
SHA256 2558aa02fc571a307d0901550c542ed3badf9fe8c3a3a2bb801b7d9dfec2ad58
SHA512 6900c991d10ea97126bb754efccb1da9b32be3ea0b48695ea127e5b26e36895e3b8a26e8ccbf1afc6b4dcc08b5a134bfacadd967997268f5827b5281774aff26

C:\Program Files\AVG\Antivirus\AvConsent.exe

MD5 8141d6f3dd2036dbe2d53f3e10f8698d
SHA1 a9817722b8059d75822f652695d8ae97185d5ba7
SHA256 4e9710536ce2489a9e499e2708de345b840bb00db8c053c2cbe2209db2221ca0
SHA512 6bf0004e3cd741bf003238722ed9f742fef91f2a6224ac429c891d4dc60b659fef3027c7c1e770fb24d2553b6c881e530862778a7a8c8fb0681f93b56b64ab17

C:\Program Files\AVG\Antivirus\AVGUI.exe

MD5 919d8dbb3e4d907c40202a05e127df39
SHA1 80cb176bda244e594d128bbf21462c9e8c4e88e6
SHA256 99141fb4f8ba84d7de7e4c73190762294e57842ab6664127d0461c592fe8829f
SHA512 fdef428d9b406a1fda1f7c502ee4a0dcbd4f29b6658d838983f324b8150cbba7162ab9ff92666e4ba5ab0d6510109d663206b346fa7a97198f2fb59cb1015603

C:\Program Files\AVG\Antivirus\AvLaunch.exe

MD5 37d77e71386c5af91ed81c1a452e6d7d
SHA1 1a63b8215f8fea11f96e17881e83572244ca0f79
SHA256 96ede1c074c68f98c96e466a3c510497d3820ccb2a9a479dfa021c9b1ec6edb6
SHA512 26dd97d3a2af608791aea39ab2607b557d5eb25d5501bc7e51e991a77c8e184a12d86e0f706da78ddabd6b620b84345647ff3887c4e5925af7828abb07a78e4c

C:\Program Files\AVG\Antivirus\HTMLayout.dll

MD5 8ff40566001f525b9b04bbf5433014b5
SHA1 5a2cf9afdb4620a21a27d790beaea92e4338a2f7
SHA256 49149bd758e258f5642a7baa51f4359d72efdb727d95afe2a3e0094c5412988b
SHA512 ac400af854aabaaf5f92bcb1f6e0e9793c4188b7935fa56567d8e0f5cf8116fc7cc22ed9ce2981d5c103fb6aabfa3a0dd908a77b270659bebd7cae20769c81b0

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll

MD5 7f9531927e58fe32981d195625a17e2e
SHA1 c2831c6c980e9ffd05f450302cf81af11050c300
SHA256 88241636a8d3b8ab2af9d3b3b9e40cad4a17896f87c468ce5f177724656b7340
SHA512 92bab7dd259a9509ca2cb7ed82dee4de77a95780b9acbf36f657666630e9790dcfae51b3efe8a10563edd0ca8a29ba9c9c8138a740240ea106cbdebf61a10bed

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll

MD5 8a090e342a1cfc590b468b61e0c6e23a
SHA1 2ce5c404d0e926d3829565a819142657374271c7
SHA256 c432d3c6a02d636c4e66cb97bb738655efb1786a89d2ef446cd0aaedc7f6fb7b
SHA512 50ea6a9241dbbc52f93703cf29d2024ad49efd8f69f8552e493039640f2d0e625bd5c038e942079c0e291784674d531ea256c2556c637ce292ec6de8c417292a

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll

MD5 8ff7f31d203d158ca42f0bb4fa077587
SHA1 721443995a06600be6db636dbbd44767f2d2a349
SHA256 a5aad3483ab030cce01bf33f5a72da627755f13596bf3fe72db766463d9acc57
SHA512 a65478de5e6fa74723f66af35c3c24762e0ebddfd575e4bd7e868233a846e7813454d0542670159b91c74978a1db667d23229d4605080cbf6e96c3227ca2d7e3

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll

MD5 b65aa2646529e9c1de570d28c2e37c2b
SHA1 0c0516631b589a6d87ae53442a7ecb8b277127ee
SHA256 783aad71c976972def8a34579123439cfebff071901d97bc91033a05d9c2068f
SHA512 4cc7496c2c0e18e10c0d3783892b0ba15c1241fabb2ffd168e981f60e3993fcc4cda07f2ae9afec4869f7d06928fa606be53544a109a3d78067cfeef033ba009

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll

MD5 0c94dee60cf90c0950680ab6aa2c2b91
SHA1 d7051e98366d14a440111ffcd5b28379f8c67806
SHA256 ed53b64f64fc8371f8ef39b4366449aa764eaae971de628aa2b09b3a6847216b
SHA512 0cc66c7f194ddc4c0bdc9cff0709c75455a35b6c5ba78ab5d3e7093ab9388336755850f3567a93c96cc66d7376126a45ec8e0cce370518346647d1b18dbe67d9

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll

MD5 cc556ffc1ee06111ba305967b089779b
SHA1 9b515a2f8e7dcf570f040b19a64b36166e17d93f
SHA256 be242784fa947e505ab9d79a23d7ae96e5979af03bc51297ae840517942f8675
SHA512 51fdf6c92ac6cc06b04092a0b1f9d391ed36d8ce0b2b123fff9d228875bd91b55dc218615f757f06f34c11d2527344f21c7db48a7b0502685bf6f77650d240a2

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll

MD5 1b73cbc1a51c5c2e61072729535e3148
SHA1 52f3494af0555caeaae477173dbd7a8c171997ee
SHA256 4279fe19e9d88988a93f5d334518b204a8956543f84467168d5c63d490337593
SHA512 9898d2952dc3cadfafdacd6d281d8e1614f6a8ca88448e52d393fc540e543f810d434e8eb74a640232f83c4ee2a07e8b37184f59adcfc9c8551cd0e061cb4460

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll

MD5 8ecd8aea1af9dcb3bff28b1d4e0795d4
SHA1 acd125327614726c4069fcc4cde256d276f57ef4
SHA256 ec4743a6044224132ffc5f20c25bd7e36dea25f7ea9baecec7db40b0904dd7de
SHA512 33ba68e27fc769f0166e72da458244981622ffbfad33ae1015ec73ff83751eae9aebf1aff991247ddc31f0223888f8f03fa9b2b1d6069112ad8e1689e519057c

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll

MD5 0d3e750f8b8882470a74db90de94f814
SHA1 cb07462263379d3f5dd89e2b62ac31a2f7538821
SHA256 5b858fe4a054adb9461cfd12a5f3b8a9622a2eae88bca8dbd7d84a9f972a20b3
SHA512 b5ac0039428d844db36327ce6637d207ab02ad4cd89e0eac361d61393d396d6e2fff76d1007985889ec88d20e9c62ad29363b984b77d791feba588c1ec64f084

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll

MD5 2126db527717014c6695f9745a480c2e
SHA1 3d564a111a7f5a2a3e9b06ace066931fbecdaf68
SHA256 50c864c13306921277e9c43f0133c754938e96cfa6982879d106b32b4551d984
SHA512 a47423d6ce322d297b0ec222ab8fb7cc46a31f840f412f6da0bd4ee9c40080ce4dcd2b00267de53721e61ba8ea02ee99d366a1047e41805f7feab8c43e4babbf

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll

MD5 b52238936bdf50ab985435a176281f68
SHA1 7bd2be0808c538b6f15f20a9a1228cf4a20adbdd
SHA256 3a23171aac49453f931d69cd55f6ec742243f5835386d9e6b18efad96c2be450
SHA512 36999e6cd50e26b1620fe24ba2dc11a40b25d1d77cc7a0337c7a3f65b16383fdb224e179392a215e6dae846e8bda6acb3e027445fd334e26e34278a397452f6e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll

MD5 0713775484e95e5bebcbe807d53488f8
SHA1 222dcab5f38d72971fad641201ba3ff9a2a0ecdc
SHA256 e63a096b1ae68a774b1f1afc51b5dbef1a5ac2d79dccc1104112c22841e3e378
SHA512 f19d30d37718de3edba15358888b13afd9f9dfe4bdf37bdeb3204fb6cdeec3f249e388d06a89b21dd4a0da9d1cd70bc4f5244f287a4d907dc0a786df7ee97097

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll

MD5 841e4ff9bb531b52218392db1d7cfbe4
SHA1 5607c2a987436195f1e241a0b29e8fb1f734102f
SHA256 4da31e582dc47d46132cc73ad34d5b87dddd2338495ceb2772f7e103a9a32ebc
SHA512 93232073d95870043994c752318f9b319db508fff452e4aa0b8e42e66d13623803be4537e1798dd05177b7427175d989c8e49a379fd932297e161d461bae268b

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll

MD5 85444893a6553a4dd26150a68fd373d8
SHA1 ad9b46da45366f13a22173b06e22a45a211e99ec
SHA256 65f2a93490c845833541de1376d5bb65e6e864a1a9232f58f86a7a84408508c9
SHA512 ad56f71d0dc6d2dc5dd46eaa00247bd209403014648fb9c8f98937fc8e36fc85c0107365d2f6ba4f6d530f340278e0205d94bafebc78d10201e71dbb5d4c36d6

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll

MD5 90340ac74d22b9a67237ea52a4dc1c75
SHA1 75d44b240afd4198b0f3b7256a4a9533ad1ba73f
SHA256 fd48da616f2d17054bcab961239431d99c247586f96bac69aac5b704ea694352
SHA512 6f52ae85b4d9ab8516d72bb1662ac9cf602092fc61ea78bd85af05047c70a0adc5edb67266032f12a86601c983015276f15a457935f5b6143dc80d335351e5ec

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll

MD5 0444624f30e8030d84bb169fc2410444
SHA1 05c1cd844368ae2c113585b477f91507430d72a0
SHA256 0b87358da7882fed313facee92bb8f4e45299c63ca557fdfba1478b364575fc5
SHA512 648a79fd30a73582907c7ca008be5ef78e6e72aa22478448721c4c5bad45a45bf76570d24e061dfae5e535666e79154f5f9f66a08746313620a17582e3998304

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll

MD5 3b07abbe272e9b9e2989e2d6a400fa53
SHA1 f925e5e58377dcdc13b6d80ff22c775e2334e372
SHA256 a170d9851a1427066d1fd61c32a9ae4b9545aa926be55da7e7d94275be281dc8
SHA512 14762c984aa6736b1330b1f0b296622fc1ce3ac79108c0bfee793a51131deacd09b494e8c851c6e437a84871a864dd65389657df8b2256f931e3c60a61fade8b

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 7442e7059f712705d4b97699bf56de35
SHA1 f924088428eda3b76030091cf59ad38afb590118
SHA256 f822289ea5a9b0ccf9777a72bc8b73ce68b596fcca811e0cff0adc4031056b20
SHA512 dec6228063bbab561ae0c02cbcbab3d08c15f261758405d8a709707a180a09af9c462b0b382b700177f285a1ce3bf7e71e093f9031d15f932120fbfd396aa851

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll

MD5 46aaecdb8d337980c82cb2714a985986
SHA1 22104d2272b592a344df5b575fcff83ca0e4b161
SHA256 34457a002e90a590b516bbf58530cdddbb618a46bb3e764e18167c44934917dc
SHA512 33c91058a693b82f1457d49bba2e209a90b825927be89e38523671ac16f4fef208b98efa980a3e11185baa4df6d7639d447bf30e19dc91b76f04ee61b6169bee

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll

MD5 592a65b922d4cd052bae1957be801a4f
SHA1 8371486ce1b38e692c0abc4a2a9e0c3e1945bb89
SHA256 d78e74087d151454365adf6239967c8ecebe85b1c6c6d3f59e70f0980028b1e7
SHA512 0837209e518d5db76ceb8128dd49cf03b8f0d11526630ad20c716ade1e02df1b39a8440d20ee20b488c6d6180c155d00a9cbbd311fc50f4803a8b95d4a545726

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll

MD5 0651bcd9acadac1d50653be35378a82c
SHA1 5d1b2233c7acb3915d33f7b29cc2f0cbf34ea1ad
SHA256 fcf66176b6f7ab86f98f38d5662f61fa61ad3f1e59740d8a1df0e1072248cf6d
SHA512 1ce05989181faa8d291bb0df34bb4e93f2f576187cf2d0c5110988ce17e6a682d815297fcc9fd174bc1791713fb07b616ed952729923abf8c06b8b8f6d71d82e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 d1f28f796bacea3d58eca271fd128758
SHA1 934efde030a54a441c342af18ab5275e5facd0e8
SHA256 b8d3d45141ad57d917b25d2491a07f20c77b1dfd047e203e26dad591c40b225a
SHA512 4b6ada7f10a4a660c3b6ac0fd81a41c680bd6752eb1a70da08510feb10fbf2b7d5ee177a94d5093239914eea79114097329a64067a72068a8baea8a9963e3901

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll

MD5 490c63e6b1aba9a525404067ce3c20b6
SHA1 04997f8a146284f8369c7db6204949658d6d7180
SHA256 c5131d1abd188d009e72b8c6474c74a262b7b8ec504470385f7f69428e7ae0e7
SHA512 245c4e2545e7eb5462e20e12d8092cdaba24d48e6c53d02f3eec586de17eb9cb6c15cea204a18deeea3cc8668c8afbe9f35b0fc1e751d2f515edd18ae149d275

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll

MD5 03c2c3d48cba89a77a8c06158056aaa8
SHA1 3cf294991250721c2100288d4dbcb0343cc04bf2
SHA256 43e0c37da7bc6b2786f95765f14177651bea534ca4d1d966c79fc301a55ad5df
SHA512 bd9787ec2cf87f8c790db18724a5cc10d1a6de005fa8cc6a74733521bb11251bd0d026af9468e98b616a6d8212cb41c3da102248e105a4b312d7b068e9c407d0

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll

MD5 410fb7adfc54094b95609747a5376472
SHA1 e2e79f589a2e71009d9947bb02f05b877e208266
SHA256 77f2e7e09fe542ea78f4f6f23440014461074b993e50bf75d02b2c6571f5d696
SHA512 57fc04e4c770766ee9c2cdf7ec166792fb4164d7657fbbb6a6ec74a5073de953860b7c1d5754b28b61a83b7bb1cc0a1417a2f13c246aa06044045687b207bddc

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll

MD5 b685358b3d0f37b68a24a6862f2ab63c
SHA1 b98d6706b7c922a2c93a75280e599361502697d1
SHA256 7cf73e4f69b3dfd89f3b24167f2f421b17537f3a4e707c63c675457b4fbf850b
SHA512 965580bfab334a217625e64dc5ab8622dcd18e5377453252b0c40c8e171040411a8916145f98e1bbe7476ad140562ea52ba148bf584d3389a07c2654d122e9b4

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll

MD5 b179b9f02a2a42a92c8eee8722d03745
SHA1 86021ffb09e59a781e96158c8f5fd7b63ef950e2
SHA256 9c57a5fbaa0a57530b988a4aada32e378b1cbd1fe368b90e147f12069c8ae7bc
SHA512 4fa0ba86b83d4d3ee041772cc59c17407d02eef04385ad9c6d63547fd9e039a90d5a161b9acee7af9defce761ff47e288207f60b2b81a28cebe73ee1d68f0482

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll

MD5 2a21692ef3a54e5f4a016a3a1767a7d9
SHA1 9890261f7cc42d660371c1b9d3a96c09b1e48783
SHA256 01f6b2760031ed0d521e8d972a6e7b4aa05393934a37266c3f9374042cc97b3b
SHA512 7ee03077c29867a717245bbcc1f4c7afc425c5e248c7c70f884e3ad0bc0267f95b94ea2f47e3554b2d189160d56ba4a6924399bc80201fde24cbc943894e60af

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 7ebb75a1000e52570ca55c35dfc7bd6c
SHA1 764dc860173990e451f6aeb6fd9b0164a86e447e
SHA256 2b151cce07a4d9c8507a1c547fdcb6ad904f9ebeeee71439d6151eeee287984f
SHA512 6d9c127cb35c122cb028eb9e8e7cdb466dc7b429ae8a13ec818df96917120f5e1f47902ecb3ecce9ddb1379029c63db3b6504d83dac8b6342484124902672c09

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll

MD5 364d65fe7f976fd00702f5bd63eea9b3
SHA1 e40359ed2e2deb198caefedc27acf8c7715fc80e
SHA256 85fd25863a60e7c627494dcf14b169480023c0b8e4682a0e495f4f7389407149
SHA512 dfbc7b8660a7b96135ce0b35c8f2f576e536e8f8bfb53ee268611fabb4ddc4c53fe06a1a9e81ff26a8e10dafc40eee5d579a2bd1e19d7517bf6f089c605ece6c

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll

MD5 c748312b0f6dfa5440bfecbd094f9180
SHA1 d991110deb52177634630ab6165e195ea62ab1bd
SHA256 7966a70a6113a131c563914f8cc7acfd8b8922d8ef1ddb2a18caede076f1eca5
SHA512 c5554ea1436d27ff336d7e25f6f68d485c65d916389213cb9c33df2622cf08314411ce941482c03a251e214e2faa72abd266e2ccd444c95c65f12f78eda5a830

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll

MD5 796e70f25faf0353eba92c001569c976
SHA1 2b427d0ad6e6ada06c012860a532da24e3f1a8c0
SHA256 9e153dbf1c157a910dfc62d1f1ae6c728ae3d5f2b767c5659a6881cecd35d8f7
SHA512 e0a2b6716add6542de78d409a4986a57a7d2e7d10672a57bc5a44fce3e65e365727cc64e9fb34deceeeec96b544d22b0901605985f5cce7f11341a00f898b56b

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 f04d8cd1c228b2a9321429bc9d72599e
SHA1 6695fc5cbee5c73077c59ef514353a4e2d6485f8
SHA256 498d2f02f5fe0a73cdaa1617be6bf7b2b550ada0537f8b1673c590ea99429c30
SHA512 afa2baa1a7344e795e325cf3b757371978d5e1c2288c31354095f4c30a4d308f2d405fd00b4efa86fef5830930a247dced395f11cab49e6a620df2241abbd069

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll

MD5 5e50911343631e123b2de2d19ad5e2ef
SHA1 48f0330e58e1a17a72bfc9b1283c8eadc96e1ccf
SHA256 b3caf7155167f5d1d4ada4df4764bc78b85032bb769e5ef586fcab27fd681cb5
SHA512 eb6e19b6b51a4422a861615d1f1d0742473e49eb4ff4a2a25c84bc485b9db336f14e3ee83afe8d221d91466ec7ae436b1210288ee3328a2ee0f66addae3be953

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll

MD5 51b851eb7b58ca2c3280def9722a9602
SHA1 75aa3331eb7da58868f700158df56fb49e3c4507
SHA256 9f0d6efb48c7f8c0f001ec30d45558c5d8675c06573eca7c8125a7d5a1db2634
SHA512 e9b0c683b58ecdba5d5132f6808ea2dd85a3db3b0d9690efb54aeee92c29b8b2b4535437d861d2fa2a8033e623aeb4ee0661dd01e17527a74d6002c9926e8783

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll

MD5 fc776a56634728a146211939d14187b5
SHA1 f8372701ba9ee1a51ecf4649c74e27d1e996a45a
SHA256 ca2b5493a6699756b3bf63d9bd807b0204419ec3087d02f4bb5c7b01e8fffd4e
SHA512 dd468a46c62e8a5a2ee64332522d5ca5f8093b13722e13cfd996b32b6efc74cc2a8502b44cada19ec0c30027dab400c8567c84937f08ccd989d8a0b75b470a75

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 9c46e030383d0f85a113a1f3b7477a77
SHA1 7f762360a7cb9881fa9c153f42f3a39be89db946
SHA256 d08d50eff27e71af2e72655edf22dbdea85346cc14be53c48988a3c039fdf17f
SHA512 6ab0490d9eb82f010dc4bdea8e54b9b760a417a44bb88a7bc74ce7d61833e355cef54712f3340b37fbdf07dbcd83e17295ab546d864ac06e84e0bbb7d8dd8649

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 4ee09ce90a33fc4f885539370d3ab11f
SHA1 023fb903cb6ddd95e25f18fd72e1b57b4a5ccff2
SHA256 4b00d5be82d9eae3445b559f4eb1c62eb192f5554b9edad50b09f98fbc65c126
SHA512 afdd5f50fecb5ada09a4d8217f1db396a2501b4ea14db90267ce51e964536a9e7c32cc55b5a8239c357f9146a7f4fa601181b7b8222670550667fae95d55bcf4

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll

MD5 2b3eae5e560be8c87a246d0e8fe3f593
SHA1 8f9563bb72fbea30d37a27c353daceb552279603
SHA256 b858256aa6a926f89714f21790d25e90b7dea5096bd9935454a8b4c7abea736c
SHA512 e33e50380d37f075b8d7fa283d5b4005ccbd7c35af1d11dc6ea4f4529c39571f50114d2c678061daa47f6b36bda9c948ca724acb9aaf9595ed7caaef2b0c0359

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll

MD5 c542c43d910dd6ae2f4a7cffebccf613
SHA1 02086fd8e53fcb3ac20cd4aabd730d46458d698f
SHA256 230da452a8068ff5be158d84618c9d291bf9b8bc878ed5d56318558d52e4966a
SHA512 364aa5a59c10d95c6a93024a443972a06dfaa1693c942bca517700bcddb9372aae1c76bdf35453a5ea256179fa61586922cae7d22f4623135fe7168b5bf04153

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 ae1eb2e7a5de49e2950cd2f7892d5513
SHA1 ab7ea36f3c4232f0b3f6036edecffdd4e8603936
SHA256 23fbe7263ca595af627fc37e774fc6fd5f66daecb54e38d48486c9df09e438f4
SHA512 ef919e89dbfe93ea2f45e01913c9b7d1695520f3d0073f2b578ef814e3dd6443bb506e5766d09d41e802f9c2cb4d35778c87f86faa89baf7dce66da787b85418

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f6f0270f98f5cf857d1e0667819fc9d6
SHA1 959209e5e068aa2564f4f777e1c8616a9d4cb6a0
SHA256 616ac120e3b9abb6f245a09fc17398bef10c5e6aa617849fe68a89efdcddb7fe
SHA512 1ef69bcf037e2ead4b4c3518a8e8e3c2dd3065049649a6973aaed9300ff6fef4bc2bc25f7d0b92dc4ab5f6a576850537ce9d6e00090af86512d080417eda42c1

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll

MD5 e36e88531f284b1135617b91f73e5ec7
SHA1 dac7d7984c7f906f66a2eadec395207a4fd9a599
SHA256 0c25f2284aec3aa7dcf6432ba9416e2fb289e08bbd996bcddadaabe42e361b46
SHA512 7e2f7095bba85a3d6aa21cd7371b73d9aea6b07d89a82c448a65f3188d9365a0070cf8b5312a3ef0eac1e4a2d79eb3d34dfbd7a16a7d9da19545ea216c195c4d

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll

MD5 0e37f414237e14f395f8914ac2532581
SHA1 2b06c81103d7c94075dd63a8df33b72ffda75d2b
SHA256 3ab7f3707a380352c5aff32c0761c5ff86f358f3683b1dd273da8be18f6521a1
SHA512 3e226dd4a8c2aba7fc81132840e8087bc2fbc11096098345051d6eb1dc724f3960789f7f958d362c6cbf7d58904bf5ec7ac84945730256a50583c41dd2135bda

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll

MD5 320629a907048b64a99ef484417df721
SHA1 0de1886eae33bb5f16de27d647048a92586259d4
SHA256 b5823ce2d6e600eaf4e2b1353600dca0351c46d014f97ac525c3ee9dafb2bf4c
SHA512 6567cd36297cb05ed301e5f7eec87a5f796aeb9fb63ba30cbe73087bbe9539e2dc47a11947c8461cd79ead01052999913143d32ecf4cbdf5833a970e61d5bfc4

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll

MD5 918b087149a2571d9db1eb04878c3603
SHA1 aa1d2c7550df6eddd2e99b44ac9de925888281ad
SHA256 b2546e21336714858d2b03d2532b6955dcd7ff46b30435f6d309d8c39d0dc957
SHA512 07c0d13e505c69985d6354c450887260345dc59468eb82b9b0534d1bd13f5f960d2d56932b204b300ac7e5f0ff7234c5e459de06d0e466fbc3f710fb9551793d

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll

MD5 4d0399f0050b13586b8b04f62e95b16b
SHA1 407ca079a3bbe2837203beabf41516fdba776a16
SHA256 420395ac9ab87accb00fa478be0b73b583a42d406d1341d98a77f6189b556998
SHA512 8908cbf7cb7b87fc78a2baa1eb2aef52303e733987891361db07098fb70d776fe936d48221a846787d67adcfbaf30ad93b867d5578b7dd566fe8addc480cda18

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll

MD5 38646cd15ac25a8d71bab09d5b077338
SHA1 4c153622a3f069480a194bf98add276f9138e168
SHA256 cb9f01af9ba4b50c604633073e4003652f1e99faff93daacd4502d4c08177688
SHA512 43844f5e82c7bf6a485a5411ce19aad3bb0f418852b86bb479f41170d85e04d02eaa76092b84ac7a1abf14b285d66fa2ff891cc9c97bbc18633af14ec44cebb5

C:\Program Files\AVG\Antivirus\setup\config.def

MD5 c91a467fec5713b0083c50ea5043accd
SHA1 267f68e7aa1670a5cd201d751f5587c0a0946389
SHA256 54fa68a78912ea530f5fec32850a719eb1db9aae1971c8519acfc6866ddd3b42
SHA512 68338f5db25e566960086b6941ea4943554733d7b307722ab483b32e719867011164531a285590de82adde65c509f55a980dcd0840866d63fced8edf52bff59f

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 b2eac5c213cc442820167617d568e179
SHA1 9e61baac12e1a536be5e553530db8957ac606d37
SHA256 8b4a9ba2855247adddb4ee1e7f503dad5674ea7bb45015bd69cc83a3332f696b
SHA512 af7a8e6e16b86d4e2aa3141fd41a8c897957486b4d87d8ed14210590e86577e030b4b7c419ed988d22851c5fdf75236c23560fd855ada97a76459c9c93802c83

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll

MD5 1c76698d36fce20d2919e67e3f08bfbd
SHA1 eb85df5d35cad00ee7eda50e8a4eceb2490f9245
SHA256 d95f01fc571294b128d0cfde5e68472b8f6a0b3dd5f0c18b676e3a077df80cc7
SHA512 7b0a9de7a2fab1b969b469f7e7edde93b9ede530080f4090ca0066642ce6bba28023bdb8ac5bd85eae38d918549be7066981a08263a3fe2a657a5cec15c62487

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll

MD5 bb66dd4c715754bfa99abbcbee3a4449
SHA1 21a9bef9112c1a614bf3d5f6eb2d2f0f17b58531
SHA256 55804126146c7c575add104eec386f161672cb740e765eaaf7ec8707a7cd2af6
SHA512 aa3b8ec6c34ce2d162783595ff3902cc1e8812ead15f2e723feb82fb0202f654d7e1138e4b3f83c7cc0204e15c41a34ad0b1d07fd3bfa609e97c01241271d136

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll

MD5 4228b8901e130b70052da8562dc7b5b9
SHA1 5007d4da77465c38d66689312418acbef9c7aace
SHA256 67f4d89f85a61b18ac1f5d6d04f625d64bedb252c219ff9785cd1508876bc718
SHA512 cb42b5a184fe08df207ac391c3e87d44dba15008efe2caaa0774439e8f7df2ec35f63e981d080fdb8fe2f46e8a43ff58a332d6cd241313ce419fa2ea0ac2f40e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll

MD5 cd3ab89fadee9d9ab307f55390798102
SHA1 7f5646953d2a90c1033cfee8d2e6d394b05d0a5b
SHA256 915c296fabf88b9e3b43b5a570a6e8e642071678ac443c555f6e95bee7925bc5
SHA512 5b68fbe6456897695fdbc683dd703c286531e831fa3039ba19bc376ac5f363cd0588a815156b18139b82e64ae5c9d87bee025805658005e46d3fce915a9f332e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest

MD5 4dfa6db968c4c50fc1f1e41036572358
SHA1 1f281bdc5210640735775ae1b9e4a70ecee8329c
SHA256 14ad3b0d76e581de26d6516965fc2ff28162cc2027c2b7e18fcd18aef77d8854
SHA512 1c95f5f3da8184e66927ab238f2a533222442be10ff712c095b50b007ba0f8af584f28cc509ccecfd480c03fac47082dfdc4dc27131c2de4ee61afe4aa8ff642

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll

MD5 268036dfa28320d2186b9b21631d443d
SHA1 96fa44f2214af9ede1160e043c7cd31b890b437a
SHA256 edb3ff7cef28496d535e40769625e542dd3e13110c38ce2e3dc1caa8687b892a
SHA512 99ce4bc5798320dd7f736725eb85a98553e277ab93353e1675fb7842bd258bb408a5df7bc530a161d91c1eccfcb510138f98085a80e892c3f54e2e8a723bb841

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll

MD5 9410ee0771ff1c2007d9087a8c316a4b
SHA1 3f31b301b5a99a13486ddec08d25646d5ad510db
SHA256 e4e85eea1106d361923995e53a0b961a28d4fb58555f40945003f35e5bf2c273
SHA512 434a32ca6c4fdd8ffeb45d1bdb4d9f3c1b1259a1260ae66eb241f8bd63524cd1a3ec29d5eefa2d2f266dd740273e69b6bb8a7771badb77e781dc789dc18de2c9

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll

MD5 22a66d8309244779b8a7f275a3ff5cbb
SHA1 195e58fec7a5d39fe7a6275dac37295777da1352
SHA256 aca79a9c1f6d664d99691fd0d3d84a8819993f784b2ff6d7baf8e8ab2e15e7b0
SHA512 b39eacf78b9b97d968e96e357725bd6cbad7592beef5e0e5b301189cc76847be49f8a5299a16d68bd5c1c2d0e86d5263f865b29b66df8360cb1d4725b7b00ac2

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll

MD5 932dcb8d7d06f4b89fc3915726c418b7
SHA1 33a1fdbfc3dfa0a1b7d2fa3b2e8bad8e8c71e961
SHA256 a73bd7d75f368ab2fe949dcddbb25cd5d5975ff9091761a01b98f5e26de543ee
SHA512 fa24b5f9a4192fbfe737506899dc052c51f48980992cbdda878deef01ed0280ca455bed0c813089503da3ccac92a0289dd8fdfe64cbf6babdf70d7bab531540d

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll

MD5 0f4e5f6c68c514e63c4cdae9eb9e40f5
SHA1 b755c91cb14e9f22c690209d0b4c3661ab20770d
SHA256 945225e01a65e5199aa7372b893da3b42dbd99f315c345f0e7c136af88e897ef
SHA512 8962e7f92446c535151b38a7e34bacbfb9f0f48ab57d4c2c8f2162dc2f1cd9f15be70742032192b41aa368c97a149e1e6fa6991e29077b7b7d7c1708f1a54f9b

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll

MD5 f9c7a19dfc5fa60b1405c81208bd959b
SHA1 4eb70df0a412d79fbd8011fa17ef815e10189c0d
SHA256 2f9cdd965650440cebaf2349140a7dde9b587829b7753de8cd051933a777f499
SHA512 2ea1e4d7d63af427a0c764b4a9a646421dac1f1eba15c1d43bd040b284fc611c8059d889c48edfca56e745abb996939d8f430ff3e249a5c6455e81b520307a55

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll

MD5 718e5c4a63d2f941eeb1b4e9d6d85a8c
SHA1 deca5196d35d43c7abb35d9ad4b0ac0756585fd9
SHA256 f3117e3445945a872a35e91371e2a6c9f7b3fa5e74e5985f6ab12ac101b280fe
SHA512 61694ff307bcf3869dc14dac45e74b0cdd5a661d40e8483cfe96debe4727ec45ceef867d18e972d25a6b294c43ba0569562392b6752e068f2ba7c15407fad975

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll

MD5 11d5d26552c1730ccc440f13a1fce188
SHA1 4c534eb613cb05455809b6471d38e1e0976aa919
SHA256 edfbcb2ced712f23842525cb076ee2c09cc7b811a389cf37922d04ef1985e10f
SHA512 2428c4257ac8349035ebb286dec236a25acdbf23178aaa80fd5461b2ed3101c0a67574bf7db8728d0c101d92f45dc72e7bc578049d5b18fac367bdfb44ecfbf2

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll

MD5 ebf8072a3c5c586979313f76e503aabf
SHA1 2fd9609f099a8f42b1b7ae40ad35be1569c0390e
SHA256 a030dc2dfd2eca28a9375c92989adf4daf161f988db5e16b9e10678eb0dff4c7
SHA512 438c2db953606818b843e42c04240d510b5e398617e8e5539498264f93cf1893ae9a6b6b02ee35b169ae60b0e3b5621d7d9f7e2945d0f1e7c2e7e0c1e9e3c1de

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll

MD5 e6d7ff1c7c1311a9011f1039639adc3d
SHA1 d47faf7b6f8af8ed67546e75693200d022ebeccd
SHA256 993af3de5e1fe2e3d0954cf06254fabb91a5a3aa513183fe0841b897eafdaeee
SHA512 35eae324dc30a6bf652cf571daefa8d34d12c09361b248d8931ce721940347ed50a2d51222adaa655abbf9c5a0ab58d57cd91cb1cb26dabd487ed721790378eb

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll

MD5 7b7f4484966036ff86a7e4cd303d3871
SHA1 18a789e9d1e9df0fdf22e94d71a18c483cdeb611
SHA256 7d3d88332d4744c9b6be81e2ba8d42ced7657ce7879a26f5b8a8d3bb2331ada0
SHA512 39e986994a99361fadcccbf5bd861ce9c4c6de65ce5e3da4d390b234fff34d7c561637ec012ccdb2757794adc222bc80de19a60a8917fe65fc221fdb3054149c

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll

MD5 6aa7b1323c5d8e314f2fb42f855e9b12
SHA1 044cd0167de5e9c1b014e07287c90473c96944a5
SHA256 9c5880c395b4e7db4b8d6de49c75909abdaeeef0b041c1703c7339b05d7d2866
SHA512 e99a14c8772662dbabcaa504bc61ef616590bb6f7384adf8ae0637e0a365f94c67fe4222b978605b7a2eeeaa62505e57c32857b17b51f4b2e9a0d8a033f0a204

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll

MD5 d7164ae82b7332432bf2eb7fc7774e72
SHA1 221d79c77a8a80068621a0eb8688ddb86224408c
SHA256 08d811ff57efe50d9f365c76ec29e095474e0679e06bb4d0d4d0134b0120b40d
SHA512 d1a4cfc0a21509382606f4650a67556b0616283231e71bb1870ccaa5deba42fd77583c3130d60d632e98f5acc4763f57a2ed932aa2eeef49601618761acd9429

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll

MD5 58a8c2d2404ad7bf6fca8bdfbb8a5b3b
SHA1 6e834364437bfd23b48e66d8d891966860528d08
SHA256 eb7851e182a4675bb34633869938ff3579779a92a6c094194efbc970f3765dcc
SHA512 d44e3b47dabd29621a3fadaed16074a46b646e1190ffcfffb7ec835b8cd6eefac88570812e41a490daae485a1d71fb2d035c91e73b65c2fbde649fda8733ceb9

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll

MD5 80e80532239aa8929ec0fddedb7aa8af
SHA1 312e743535e66735d782cbaffacf94c6c791edab
SHA256 d3641bbaeaa5a7e7d4ee0ee0ec64ccee0327cfba3d10b89094144eb70a0867a9
SHA512 87e7a5496bb2dfb9bed4e9b9913db2656b335b916eb1277ebebc33ac9d6622bed50a22293dcc02193f846be5e0b4b0f032dfbcc673955aa90f04cf81b47a9305

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll

MD5 dc3fe259a9b778480c2405fdd7405c9c
SHA1 d28a588217738af932fc43b809add215eb932856
SHA256 b33a762f0eb072033044e7ee89505b695f357c958d4107ce6f1c4d68f88d3277
SHA512 54f58f5a0d1aecfb9a6c8f12b5aac30e26ec427dccc097f8015d690a0a2244603e80810c19fb8eb2ee7ae9122d14829b3aaa81c69c77b6b4c5751d040c3849f7

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll

MD5 533b418afd2ef8e423f42d414cdaf5ef
SHA1 09d3a595bad8f0e7ab5604fc02ef832d11a26b88
SHA256 66f910721f4477ea238603e5c14c858d1e26fc2ceaab3b48294cac069790202c
SHA512 eb73c82a91ce67f8d0265ac4f0739849e5696ec0069ab6508660368b8d382a230dc88eeb89aacf8bc9fc6b7e31c009521fdeeb979f4ebe6e80cfec083129ccf1

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 4847091828ad3b0734418343c712cffe
SHA1 24e69b32dba65631b92493b7aabd68d141cf21e3
SHA256 d9388848ebfe27138998518332bb507e5dbeb1d8851e9ed0300f15e14b6958c2
SHA512 5e8061cc226f3471e3964c04cdc5fbd3a607c9abd22a11a1e818eaec42b20ae873fa80cfce7f47b8f8844f3127ce98282c737f25666d20ded47704e0db6f29e3

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll

MD5 bf69d049653e504a7a1f8b55a6dde7bc
SHA1 737a1cbf1fddc0ae93a0a99d2feddd474f4b85bf
SHA256 e6e839c6d205f91adaa3d980f843bab3131b8a25e06d152d0f70a6e98fbe0fb0
SHA512 a8d834d46fcaf03aa53bd48b4cec816e0fd599b06b16a14006e402bfaa5a470f47dc6a55c1a94314d635af55ff2322eb242b0c535a02fc830dac83e375adc6a2

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll

MD5 152925be0e3a0ff77b0979bcae7a7583
SHA1 4ac4bb649b42893a8d5ba345a1c92ab2ddd1ddde
SHA256 2e23b53441ba6b0779b222c120d44eb9a156d55cc3648f76216017ef06f9a16f
SHA512 17b41057b82b1eb037a59715970496d402ac00a59fcbe67245203f117fc38f1b7e7f5b78872850ac4fd7a5dcf4a3ec561dfdb3fb0e827ec7043978b535e9ee26

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll

MD5 374d505ced3719d875ac316ce365b1d5
SHA1 24da4d65eb7a9116c626bf16c3bc95b563f10176
SHA256 1edf013e890072987b8957b77baecc37140bc01581e5de6b020ae454bb57f8bf
SHA512 d9b82d1679afd85c660ea985d6f57cc13fd35b4d7b8104c6d9ce1f182789b615a573b68d5f1da6c25682cb35068ae0aad3c1c9b4509f339fa1a83a9eeb7f74ca

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 e4fcbf91666504c1eb70644dc4c5f479
SHA1 bf96622c082eec928920a052bff477cb0c9e0573
SHA256 58d9a9b2442c10140db98ba705e8c7b7b9ac5a2c030d3286a66debf63b615c1b
SHA512 9dd34f36144010b3c1400ed1b1db8ac8e97997a0d2c803858abeaca75e26d19dc56512714b566edee581ca20c813c3cafd47a3f774a1596b31e23208b1eee4f5

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll

MD5 6e245fdd89bb6f88f56784adbdca0b0a
SHA1 9ac5d68ff969f984f74e6a8cded8e683b98ffa36
SHA256 0e195a8d013a329a06df877a4569a3ec772f112ad29295f086c6d3e53f322fb5
SHA512 601248c38540dcbddd61fd26203df39ef5d450827570f01cdf0e415873e098913d82ca6e3c7b21a9bcae267b4cb67e970237cbd1c6320b8ffab58c9fb675a3cd

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll

MD5 b9d80efa3f5b0b75c523d4ced4da1fd2
SHA1 f493358454a273d0ddc6467c9ad82bf460dcebc2
SHA256 44ebde7f2681c0b8518e55ca242261b24f326994f089a4ef6c060f8dda04d62d
SHA512 d597c0e7c5309b9631966b01fff7e166c0dd0fc9d63534d588d47f9deee593cb2cf79cd490145aefd472b9493dd65144e875d5870742c8d09fa4c7d459259feb

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll

MD5 a1bee0af7bd944fae7f14174d9dfdffc
SHA1 ea699130cd63857569bf34826b9cbcb5ecfa1a21
SHA256 2c557f6a21db6c99af6184637b5efb57e44b40fae892230a43e96ab05ab27d40
SHA512 c6e9473ec6cdfc0bdd1b8f9f42bdcf3d31855b6e106b811ca52d2eca895328889451726fe12ecaf0af9a238d74c10e79bcf0870f056e7e85ccdb9be49f4515a8

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll

MD5 d91e6c55a2304aa59d24e76f34884535
SHA1 04ebc0bc4932c09c3dc7d9259fe7c9a6166b7233
SHA256 8875816a3809753c04acd961244608e9a47127523c1d5e50cddbd83a4627821c
SHA512 19c1e2458c5475de2b41013fb18dcf3d149c88c0b3816596b67c90f7bdced3d5214fea97dc3782f56f8a276f93fd28cf519018257bf432c00435ef6bae60a8b9

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll

MD5 70f8acde94e2c3952b7ba7f56a4ebfb4
SHA1 955064391f0c9b41362cddbff7a070ab3888ad3e
SHA256 91decddc6e80d742755a1f65261d10c3c0d059aaea6389bb2da6fd3aa7ec5289
SHA512 71087a283d560f08e43b1a183258f1153ab5091d5d318cf4ee0fc8385285592c377d8e68a0f06d3f0be84202aad6dc7376b56057e23b6b3753a445323580f287

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 177009944ea3860b58c09da1871db999
SHA1 01cf9cab3aec3a1ea89111269f8cb036e73916d6
SHA256 f353bfe02e30f4fd5cdc89bd7f44703257f229a09f0d815d7794df902f67d1a1
SHA512 279d1e663ecc151dd2dd15462191ef41e668c7a2bfcb7930b8d568facf7695a030948c3af7f9907226b00dede255a7f30169083ae2ce544f2381548db31c9981

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll

MD5 5dedf9f86ba1366d9e920f33eb03721c
SHA1 605312ce6d623889a1d404354ee653414a7e4920
SHA256 0ced53f1ac2adc9525047d2c2a7592300dc48a5f52ad8b740ce22e3f3aad85ff
SHA512 bed8c7a74e57f4cd44bd0edbc1bbb1f528ce261d7ad6a5545c33974c223ba910d648f0cbea8bf0736deb5aedd3b257f373cbbc4f9765d12c56a78e823d05d4b0

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll

MD5 afc4db1ae7eb74d1b43eda3d7ea5b43c
SHA1 f31b2c1161024ec2f89c72631631e11fd5ceac60
SHA256 fb4b382e2dfa80b3427a98c51d3270b1e80b5c2a10fdae1a72b7c464e57fc6a7
SHA512 a014e4bbe207fd707a87aaa0228241fa7c414062af8922f51e46210b958284096357b21f89e59141fef28039a999dc6ac832ec7fc38bc4895e88fbed6b9a45a0

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll

MD5 1862f49d5c2ba7c2bbc78bc517cb0b38
SHA1 dbdca39d6d9d166f9cb5b8855d456653419136c2
SHA256 90ba9da43d6705d76905e630505bd1fd097d1899c9bca3241ad0de5ab08ee366
SHA512 c9c85ec2851f5b793de07e672365e6db28f1150ed6b6057d15be828a36029f4ba9e0d4cce12c7d424da4c94713c18ae256d9ecba9e59ab88af639adf56ed6a3b

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 57745a06849d90cd5c79ccbec559e7b5
SHA1 71d3d3c0998e648ef6b061f7c65850c6a2a8593e
SHA256 890dbb72c4c35266bd658c663c1242cfa3b50cf51e2873e986b7ab2e055af4a4
SHA512 ca28053575e40eb805f366a7363257b3d40a6fa8ef46ffb5b58ff17cfb0ea2668f5cdf2661355e94866b73b914950c09940f5c32fef5f9a22439932e35391dca

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll

MD5 948e3c479e87ad905a3689bc94cbf86b
SHA1 c9b2dcc45feb9b0bcd52122b51adf98d7fa5b0e5
SHA256 982fcc32d7614cb921cc5203970e3997a33b31aa1d91f14db5db25a582dcc3af
SHA512 6f15478ba5e7b403580b4b52924866e52adcd112d82900dd17a2ce67efa10306a5a86e1ba5cab76bbe3577e2497b83adafd6cf6c39a81c35b53b528e8bf6b440

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll

MD5 31f60bf9a22a86cb8879fce5c1022254
SHA1 23cdaa4d6ae0e953d083b968558a2af49bf95a4f
SHA256 53afac76a7124a132a7c11261f3b6ba8d6a5466e7e8f683c8d12ac370b7d6b62
SHA512 c41ebb39cc0939b38d788b692e75c10c78a806cc8844d8526ff25869777eefd086518cfd817ebb700e20b3937401d6c0f7f506bcd479fafe1b801507376f4ba6

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll

MD5 9ac788a87032640e046f305413585503
SHA1 41b74cecf0f78134204dd3d8aaddfae34d6aacbb
SHA256 363825adb27d5a5bd249fe58460a977077f823e50dac7509e124fcbac1512128
SHA512 cc725796af3f7793ce6e6faa96a201ebf5e77ed00dfac3211a66a95ee071e559c9efb8e47ae0287d9cc1feded559000a582a2138736ab8c628325428c78e648c

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 772d6c07e47e77a4479c7a9eccfeac4d
SHA1 b88db71fc80eb57182db6dc6ac00b022e1e47cb3
SHA256 2c9a8f8d47b49d04a82e8e689ae9f6552482b1861eb8398f3733e97327191c2a
SHA512 f87bb803e818372f57319af97227834673cce9988c81ffd4a3d1c6d7038c6f7398e06a7133a17f063cae152ad27666a6d18f87ed77bb46dbe141c1272bc3ac84

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 9ad2e67f2b1f04b760deb00b889fab53
SHA1 465314c9bdd359840f7da11a619ad0b409c271d8
SHA256 5662035361e37f6c5e4a5a19de134df2ec20bd4c0f1be803203b37c95ee61265
SHA512 cdb358848d48cd3913e7249eaa45470bee4ba9f9d92d975215018477a57db930c16b349541da2d82a2f9131220ec3b3cf9ff471ca411c2f705bfe916e8736be5

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll

MD5 714e850aa29e808568933c5ed8c7df5a
SHA1 ad84833bcac69b5217705e1c4d33d54c856525e1
SHA256 4a244eea4596ebde0f9094cc6dfeeb5abb3c4385225bb0630ef55a431fe1c4f2
SHA512 3a220ad4e2fd49f40f7fe5fdfc53608b114661f31993c0329e993c5d733b6d6f3a366eb46f93aaa9d5cad90766b21d85e5ccd09cb9c5ab905118d70702a3ed11

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll

MD5 d4bad006e413ace7d729b1249c49b92f
SHA1 cf0dff1b371316c8517619fdeff81c583268bad3
SHA256 245d48bfce5cf6e9c5093e995d6ab5988e2401d32530fd6863bd5f8fd688d780
SHA512 d1a5001633f1cce60db2687da28706f66644613672fa8487b065e3aa8d77ddcc96d9272c665d894b243e222e1c104be10be1dff8e5d007490e50f2bd2a708d0f

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 6337654372aa9adf6a8fc97d9676a33d
SHA1 b790f4828e7aa18cd0eae77e78c67ddd66f3ec5e
SHA256 6fc551cfbcaa0f90ed24dd09fa117e9fb3b6755a3fc0251d33ca64862a9a3414
SHA512 4a888d71747c64cb4a964d8df956c5ed9e3de9e8cf30d804e3ba76e8c35502e1802423ce527a419935b0d8c8e4c0f6168657b2734ab79d01afc946521a88d528

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll

MD5 d8999e328af5ee1eb23c216336637cb7
SHA1 a7bde6c833e4d6ddefcc4050997b1583ff1ffa42
SHA256 4ea02b683513a157e21824b1c1e9ebb782d22f14209b67961f97b1f79673d3ed
SHA512 4f041ed2daf781b7f86b4459e74330650b2687ee46dfb961ed7a0716ac7ad2082a631cb619cc6d3c7d19f550bc030553b9656aeba14f969dd52df0b40a0e418f

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll

MD5 892e47390f34aac7d20afe63ffa92f20
SHA1 4a78a77ae1d5bdba55534167f781a3c8675c7ed3
SHA256 6070ffb5e20ed032d460d323df981d369fa68045fab130fd100803a00ab88c23
SHA512 8b37866ebdca5047673d984bd779b1df052e3d44e3fabc3a4ce2e747489baa2bd86add629d95c76cf08150f74281d89d46372ef64266b90304cf7dd581af3a93

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll

MD5 1902b85a588178857e9637902e5a1b85
SHA1 31ae4cf76a34ccbd92fdbe60bee080998741ef4d
SHA256 5e48c99dd6318b017686bde507cdcb9d6ecf25f4f78f345845b865e443f1ee66
SHA512 0755e9c0adc9e374060c851d4f7fa62633ec07dde0bbfd56ffc9bc8ecff5b9efd6fa8418c43e838770eed43a54a48fd61a41226d9ea84834275a4a36c7796472

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll

MD5 e334f2fe1e0e6d5d6966f139ed328d97
SHA1 68b2cd826f3dfa59531397ebb3f382dec9af5fe5
SHA256 d56eae93c55abdc8eb77d132777049634e28a9b59fd4b2101d51351546b984d1
SHA512 fb6ee02f06447c906a4353d93ce247e14a9a1ea4255819a88e395afe2e3775fe3aeb622b7a97d86086d88c739ba4d2e2fba9e8fd6467e167fc75d595c9182327

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll

MD5 817f9a76b7eadc1226b006ccbdd38a11
SHA1 8b81897cdd4d48befa389c1df2d0b887ffeb58cb
SHA256 99ed148ffbb35829480412dc64da6ad24dfabe2f9a0eff9ba1493455d7127677
SHA512 53d8b2561862c6b2465665d761612aaa8b7adc887058260fbf970aac0fb006317283ada01468b1e042fd9dd44def90451793afee297ed787086645cebce45cd2

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll

MD5 9fa3992f5dac5ea5dfa15b9669c68154
SHA1 a453fb6c4064da8c01ad03a4ea3c0434efe82635
SHA256 9057131f628e547c14754d545140ad6544e64606358104da50841e9a1b03f442
SHA512 ad73f3952dda55cfaa6a0d6a0233df785650f5965caa4859b6c1577e3fbd6020e60b4b26338387690cc48b16a186d2b530708a71d2671ab17ee8904399de292f

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 059129bae1776f03c59d3ba66a6f6dee
SHA1 33b1dbcaba1d16eaf5413f1378119cecc1298724
SHA256 a83af0f79abb5e5c818c6f38a38da80e531081f3255cb006ed4c29635cc0b9ce
SHA512 6a7da7e58620bc1ce4b6d3cab1e0b746fc9fcf05a84d85931f845412301880786fbc63b31611d9442b5a1cfa72558966375ef14edc749473e2b7c988dd20b675

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll

MD5 607703b245d9b4fc69a8b5363ff626fa
SHA1 dcf4626787ea220b19e08cc5bf9e55553a3a2aef
SHA256 f65b1b3ea2767f98f0c29118e85b06f4e61654bec34b60b3abb593b24ec29af4
SHA512 92d761f733f2c678946894ca72459b0e6dc62cd3abe1073653104689ab48c19603e6e1109c07b2f110822b424430f22d112f87c629b99d0b3ccc16e179549628

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll

MD5 2b4a3a51e075ab9819c6d6bc40efb4b5
SHA1 bc52c10ded8b087c73229dc2f98714b5a368f521
SHA256 d718e1b6c352112c2f8e36b4ba5ed28e6179257fd2fe944c4a0d404b5c15b5ae
SHA512 13b07dc2247d51dad1ab9bc7df93e0d3e1bd6cc4fd16f9aff87ceffd40a56933d569a5fb82177dea7b6ea04ebf9f909f95451d123126155a13de6a85f747c592

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll

MD5 6b33e6f1d77cec0901ea8e91473bc18b
SHA1 a397d2c6aead0b3e57d413a8d4af7f28e67f4166
SHA256 449631a3f5fadef72acc2c2f84765208d0ca014ec1fe93fb9ad805eec1d40eae
SHA512 8f5214e38202719f6a7549b2b97ad24288974cfb6cf0da1e9eec5b3b2092220f2330a260b17e28afa90b90226666a765a4e64fe91107e2063cde8e285f64773b

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll

MD5 0909e61c8c9c717976828f65c987e5f9
SHA1 b5affabb8afda55ebb1f404edab69c6c239affe6
SHA256 03ffdb036329a25beacf905d62611a13e3dfdda6cbd2d13af830258e8cf40ec0
SHA512 7f78746e40da64631c08d0e173fbdeb40beed180932b42382d9f3ac0cdb4348d2a5b1c29770bb98f5d4823cfd66ecac2285afbcaf109f82c8b75c7711f10c49d

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.901b3990

MD5 b5dc4cd84e001abaf9167d3970a5300f
SHA1 612bf55fd5a43b7da96268a541148bdf3e0ef333
SHA256 5cbc4bdfc8ae2b5e9d2ecd8370dc50123b9e6a7870ae6e0ea4c937d8ed6890f2
SHA512 44ebdd8956aa027985be8a58ebce8badfb039a563dfc333b6d1743c6316834444851a065c9d73830a90362027ec7cbfd3df3cc51dfb2b8ca9e79a7f930daebda

C:\Program Files\AVG\Antivirus\crts.cat

MD5 477255e0a760041d38c98bccb99a403d
SHA1 2bcdb96bbe2dbb6d85db7cf50d0345b72959ad00
SHA256 d4113f0402d704e9a0ad29e696e4d142838c0c5f0ac349c6e9af106890528e97
SHA512 0564fcddf1d01925ae7d8ff93f338f197b67994efd9f7ee39bc5ee0d09b72c29054bdca198b03e873572dc9b07cafff96bba31da3828caa78728b2bf2c005c89

C:\Program Files\AVG\Antivirus\mfcm140u.dll

MD5 cd97b86463a7755aa6902a18625993b4
SHA1 3cc6675550719994b237635a62d0874d4f3d604d
SHA256 05f3d04060880d09a4c4f03fa8a17cf15b04e9f7f764fa346e11ce4e98d2b777
SHA512 c454dccc466e10a10ffb7161398eec473b70336527063a18e353ab25a5d7a2576176c2af2a7096c47cb98acd826fadc0bf6c1e0e6b7cf7421528c8be07d00a35

C:\Program Files\AVG\Antivirus\mfcm140.dll

MD5 e0f0d9c1ea05cac4bfbbe7c2247aa61f
SHA1 ac73392983afb5a55c245c79b55d5506db6fe8c8
SHA256 f0e82a2f1290346217138b3d892cd916d8ca69855f63977d9561f5278d350332
SHA512 bbf3d0db25821381ece3cfa161447513f28c2ffbf107ff6c8752cf61cbe2c497d7e5c154533a35da95505472dc475ce83ac89baff5762ef9cae7d83c89b14ce3

C:\Program Files\AVG\Antivirus\mfc140u.dll

MD5 575634e4b6719eb8600605a31c32750f
SHA1 f327886d113db53d209d9896f0cc8df1f0295efb
SHA256 9e6d05d9b6d8bbe66c647a1f07b3be2234f070c9938a10724dca1ce3fc05ec12
SHA512 0da85512e6ac5673e51ef32e4e95a60416c80f76c4612194878f64b6a70ff3c026717c0708480d6141f4ffd8c881157e67ce703936ac5529d2bc225909f00e5a

C:\Program Files\AVG\Antivirus\mfc140.dll

MD5 cad16fe5795c362b05905bed436b5e1f
SHA1 20b845f469e94e533b545bfe05fe5ede0a3fe32a
SHA256 706583f44a797afc17d2c394eb792a33f2aab0829a1f5867cc36fd94f00dcb74
SHA512 b2b1ebda861ee710700bca22c38ae33043717036c3cc07a236670b6c9c2f006a20b28c2eb98c4151259bbb670ce159e3d346a0854f73fe37ac1124487c29aced

C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe

MD5 97b4f676213bc82e477952c4991b9c5d
SHA1 cde06eed2230f30874f863952b6362a7cbb6885c
SHA256 be0d6abd1072666a9d0d8bf7634ab5e5945eeee82ae4455099b6ba74c84b11f7
SHA512 a2190ac5bc6c6efc3f7ca7dd023e31088faa337140dbcfe042eb1a3a5442842e231441ce11ff950e30f80f33747a03e6fa611f7b132460d877fe63f4e45e41e0

C:\Program Files\AVG\Antivirus\nos.dll

MD5 753053f332304891ac7341ef24eeae68
SHA1 e02a5d37910f73c8b43b0164639e5be9c90095ae
SHA256 46b1497bee6d2234ddce0cba4366ae65433f3eb586c6527c1fee47806595d517
SHA512 02267992a22aa3e8a46bf8a237ae7b0c8d83e601a9bf40410514151c3c253ff255b7559bbe426d549531c0355fadffdb841f09d6cd650e91bd34d077fd5c6813

C:\Program Files\AVG\Antivirus\SupportTool.exe

MD5 5ae204e16d0c27b957fd45081aaa6828
SHA1 5131d5615b4eed8b0b4529b7550c9f756f3c07fc
SHA256 c5b08c4f639477a57bf98fd3114a691fa5439b154a5f7f2cf65a162415210f5d
SHA512 e3fa4d3463220c892b0e9e64bee4d24f8db4d1922a4aaa347348810c74c5f886553d53dcd6add23f2942f6fd12449abeb04418ceabdc65b2d6e4e2c0b3468155

C:\Program Files\AVG\Antivirus\AvEmUpdate.exe

MD5 def2d621fe90f95994ecad2d254c97b6
SHA1 64df74c63ba950e96f327793a5c97e7b77eeaa29
SHA256 76518ea9bbcdcd51501735d09145704e8405708b49223b79e58d57105dc02327
SHA512 15d61c3838342d6adef483f0742646f34f68945702b69321ca17324cdc5028e88cdbe564febbb6b1e2cf2aee7112275d4b8e0ed219f974acbb7f4e4a95b19883

C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest

MD5 7cefa19bb1eaa218e139641afe5f7ebb
SHA1 a7e9779e8638eb304f6ed251c598bd49d050bc2c
SHA256 1e7fef380e3b0a873ec4f19e089af82d40e1999163f4018c316e93efd725a8cd
SHA512 0336c0984f01fc432442a12a5d3084dfb05c9b1e44a253d1073288cfd5ce0da4a0841ca6989047697107d553d7a04f354a6898f1d00f2f7efd6469dd50a49f1c

C:\Program Files\AVG\Antivirus\wsc_proxy.exe

MD5 75ca8458d560e6f26a7ee0475e650458
SHA1 208c3669b1cf9fcbd514d71d95e4a905cc908989
SHA256 cf9c722de59b6a7ebba99620e45693f6f9affa8be26a361fb5d6662e539dac3a
SHA512 4af84fb6ff1bc9d1469b6afd9f7c0de7a8401fadf72551939e3f0ef150b30e3187d686c900c9a0afcbe35049ef37aa0d278ba895bbaa5d7e27fea4b08aaf2cc1

C:\Program Files\AVG\Antivirus\aswBrowser.dll

MD5 d3eb072efb27ac7520496b363b7e8b82
SHA1 ecac8c456c5e4067d4e06582979300d7114aed93
SHA256 768b3125a8848669bddc1f7fc275ca2c4bcdf182a59f1be7b0e27cec775281b1
SHA512 cb803d28ef005ac87910d7f66f7c3a2ea07fc89201c8bf4222c9a037099cfddfe1ecfc36bff96338662279f739abb3f25449867ff47102b93eb96cd7becbb6bc

C:\Program Files\AVG\Antivirus\aswAMSI.dll

MD5 de535caaa9544786a5f4a2144dc1af31
SHA1 ec9f2c3622a0716da830bca6e1ec2be063687240
SHA256 126a15b2db21bd3dc9b8c28c291b9a2f7f335d84604f27bc77fad45702bb19d7
SHA512 5203b91dbfcb6af3158fc0fddcde12380c1e1a4b39d4bbabf5cb6c4b1907877f124b97acc1e4800bbae78ff8ced31874977963602231ce28286dffb3cf815d05

C:\Program Files\AVG\Antivirus\firefox_pass.exe

MD5 808aa5036c9a5bfadbdf03446620a21f
SHA1 15d35855aae5f3c55dd1e6ff774b1f07819063c6
SHA256 a41a06e114a12e53c9f37ca3106e1019a62fef13453ee446cfef4b3001f4df3f
SHA512 06536db5c52a4e96d3066f11485e565836a7ae8f0e41f7193fce3dfcd7e0255dceef94c38ee17f3a4a57cc22ab969e8ac7ee0e9a2b5852472eab27ea201635eb

C:\Program Files\AVG\Antivirus\wsc.dll

MD5 b3a9e3d53a909580a72be5610840e656
SHA1 629dbf915216690d8da64fd52c52862f770713ec
SHA256 5bf04e2db40a6815c5dcfed231c0b22ce618e9e15dfefff0e203ef8192c27c26
SHA512 adb69ff4c5d6963d3771e5f45e58f15fadfa55f3039206a1f0b33e672c5b20b23f40bde1d937458db4a94ca19e74cb661212355fdc9bc2b8c2d4ee29cbd8bb48

C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe

MD5 7eef6489564c84c891b1901de411771b
SHA1 09286d7d8b62ae556a5dee7f38fc5bf86db8fa80
SHA256 cbbe0306908ecee3f6f0f391af1a485fb44b58eec3f553b63eeb2e8651aa059c
SHA512 10916f40c6359855e4b920562f0f9eff7951047e673395d59fed1065f428df175ac9e9fd34469502fe73e55653a3bf83fa864c6c36608f6b082c9d07b5e0cec5

C:\Program Files\AVG\Antivirus\AavmRpch.dll

MD5 1e77679e8d6bdab74b0f3e08ae9edb30
SHA1 8500f7e87e2530cbb7c736019270d5d60b401f97
SHA256 19a9bfd267f9cd0ce810de39f4e3d50d7aad9aa2425f46139db2b221e264f1e7
SHA512 d878831a7bc581af2ed5fcb791897c5f8a1289d88f46233baa94a1d94363f5633adb09d2a598f636578eb666e36bfbb22beb5be4e470f36cf5a1704d3c1fef45

C:\Program Files\AVG\Antivirus\AVGSvc.exe

MD5 1e04382324c8117649fd5c806783734e
SHA1 688877a7c6a67ada9684a88226240bb67e533852
SHA256 c9c6e8520502c83e66f55f94d2ee8490b2871ec200037d82195cffcdfe293d45
SHA512 7cb05eff2bfd88ac5e4e94d515a2d2045bf2495003cabc64c31ed42a6b778654542eb8fd9f51662d092a998b215f143d71575e566eeb45163a9caf76445d343e

C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll

MD5 c5737be48c6288cbe4a2095a64e75ad0
SHA1 c4935a8eb23db2866e93254a6f63eada725685c9
SHA256 39b3847ad43ba03d5b549b8f5060c81e87960324dcaf7bdd607fbf6562572cb1
SHA512 8765ed57626127509fc74119742a49babce96a09ace149dbd90f891f1dd5207767c4903ebcd9d6cd7298e773b7b87bdf1d2475518ee5b9fdd12b9c41fa927e0b

C:\Program Files\AVG\Antivirus\shepherdsync.dll

MD5 cba4b428aa83af4ad475f331307104a9
SHA1 4ba7a60aa59e32201f52f779827c4f2c6c4f2bc6
SHA256 f1fb97ba5553e64cadb3c8148e420f56fb86a539ba77bc7776087160687da7ad
SHA512 dc65972e3474b28c6d4693416bf8313f0c0e38fd8156692b3b4d52986612cf89faad7dbbc7fc172ba1367db3de5d76922ab7f9c30225561aa684f8135fdcdd27

C:\Program Files\AVG\Antivirus\dll_loader.dll

MD5 2fcbf87aa9263774b7dd752c01fddc1d
SHA1 b04a268732715ca796dfa0acabbd05b6322526e2
SHA256 57d9598c4c0305495ef758116dbd058d4c0f82b9393f626c427a08041e6c02ae
SHA512 844011e8ff67b5440659965540a26a5f6aa14f4f77a927bbeabe97c4f8b3265518a8589f989b8890de4f988aca6e4c546bbe7c3f855649ad4881cf8266735151

C:\Program Files\AVG\Antivirus\module_lifetime.dll

MD5 723ca0d634c793fd785b43a9d9e424a7
SHA1 dfa20994c74d30d760fed59f38f64155ba803d34
SHA256 3ad6a889da85a14ef02bc88fe8d8398a681c7e9f9778e356c32e53fe6951d25a
SHA512 0439c33d2cd6d74b86846c803479565c395574d696814125a0564a39ff40b495b325fa01116d518c09a72a24db44a218211cc4291a63b92e1e557665c7062972

C:\Program Files\AVG\Antivirus\vaarclient.dll

MD5 432c9a05f332632edad099cc008ccc03
SHA1 81257842d95eca8a533b9091e8c79606e359aedb
SHA256 56e2ab40c5f64e12cf05344480c2cf455fafe157bb886cf4b707646dbea7ecad
SHA512 76513afbabb1077b083e98c409c43cbffbe0434131640e83a8861e20c5d01b55b43a2223702f7ebe9660babae98d59bec9873c53c13db370295dbf90e7c28b00

C:\Program Files\AVG\Antivirus\browser_pass.dll

MD5 d217b9a10dd5e6217f214412b91473d0
SHA1 5ceea07fe1a5929f1aff6e8e44e1728a67397691
SHA256 97803521d685598cb4a1e2e97be41cb755de716f85d5898dd7448770f69de46e
SHA512 56fe7c932420b12643ef0dce86accdf5b9ba20c687c01b83a89545c520c2668270e4a212091773d51475b43555851407f470acdec0198438d261c0f361f94f4c

C:\Program Files\AVG\Antivirus\ffl2.dll

MD5 a62d42a7360117d9a64ae641b2f3573d
SHA1 323fd2c1611c94bdbbddf073a067aeeebdd3480e
SHA256 121265f6781faf1848cdb582ede6f5a1627debf2b65d36589ab80c75fea6043d
SHA512 8adad6f8363e86d9b1e42b2a7611e390a7ec3ddd5b7d5118d3b63f3be8a5abcb237ba1bd24d278fce93c7ea87b8f3d6821552899ceb312f506a1438f515d8dda

C:\Program Files\AVG\Antivirus\event_manager_er.dll

MD5 fccf379f6a2f38f5de1490bf59012e2b
SHA1 b240ec5dbc7d54a956ea590b7eaa2c78508bacb6
SHA256 c15436912c039931b68bf04fabade75bf97da47e719c3ebe3e48c83cb06b220d
SHA512 d09dfe2efa0991f9d0af0e5fed444d74c33ba3ab3e72aa96ea3cbb1d6225db51def83cdb7eaa883b97cc49e96c247603dacf35aa3e6d6a5ad65d10721b7b0a0b

C:\Program Files\AVG\Antivirus\event_manager_ga.dll

MD5 1e3a1cf6bf5db2f080ace9b93ae2b533
SHA1 b40fe838fc3943e3a30581a3a5e1842f9e0893a2
SHA256 15a3637d14b2cc54b5bef6218b9dec1eaad972520fd46601e0a29d7552417b06
SHA512 400f4f82f22d2ac90a3ff3cdc70f82cd2c7d37975c6dcb3f491f4acd9e293e986109526e188d2d6cb86282922533cdbc671b182e5c76a865de04900bbe1bae3d

C:\Program Files\AVG\Antivirus\event_manager_burger.dll

MD5 f1741fcbf2f8fcf2a7e95a463533dbcf
SHA1 5a1322121cd8bff08374acac227f4cdd77bec016
SHA256 fd7cd168ee1c617b0c5dfe34c3c1e4efd62f1190ebfe0937f7f4a168365b055b
SHA512 f9d369d2aa2b4b53b86b906c6b5e6f98b19fa6966b1fdd393c964964b94149f99e287cc428427cdac1fec3b6ec38c8ae38a9a38bf84aafc00686962505a5f632

C:\Program Files\AVG\Antivirus\event_manager.dll

MD5 bacaaa7ed8126b0da2d8420e5b7e0fbc
SHA1 cbe79b03d7450e7067836900dab1deb374e557da
SHA256 e7db4a477f297b6e78370d009448efb80cc92a162e093f7361c55b6885b27f1d
SHA512 f225e7e6cf9cd2c4d60cc241f0c9436eeadeae9d44ae7334debc74ece78b7efa051f3b70dbf156e04f19a6ab06d7c51853e00fdd717751e11af8eab61131610b

C:\Program Files\AVG\Antivirus\event_routing_rpc.dll

MD5 61009e2541605f54e8b753dd0a45fe7b
SHA1 8be616ea14ac52905481a1a7d72ab7e54749d181
SHA256 5f3f5c1bc7b77bbcde49ee85a4baec461ba139388ca812998ecfa329e1669cb4
SHA512 23fab5602d4b2a17bb417714c8a3b58c9c7ff6f51b952fab9e9f4c3fbe11883b1f47226bbe972656a5b3ff2ef023ae91599dbfd3fc40467259a9f3833f902503

C:\Program Files\AVG\Antivirus\event_routing.dll

MD5 66399dacb99697b33edfdcd47c10e1a0
SHA1 0174247db3d6c69165e272976e80971e3bceb54f
SHA256 3f968a1217d0abeae1f9b2e71cec4cd14bf25c2cbe390b2bcfaa7823f54a87e3
SHA512 2f502ff94b9bc4798716fd96d251eceff3cdb0ddfffee5e130d38f6c39f560167e224d7f5407f396e8b42974183c632de19959009797738e0e9864eca6ea2b5f

C:\Program Files\AVG\Antivirus\serialization.dll

MD5 11dee2e8e3f81a84222ab5baa600fac4
SHA1 5b19599eaf44eadd773b3cde5175f6c090c683d2
SHA256 65ac25aafdc804a54de50176a4ed568e23cf0d18c5d98a55228828e46bd8f03c
SHA512 49ad7ef0b2dcef379435a9ee080026e161595bf7e91ce05b8c5cfe2631b7dfb6d2dd224cba4e6a612aa86f45bb52ebcd09f39b76f90cb1ec1a62c1b5838a8ee3

C:\Program Files\AVG\Antivirus\process_monitor.dll

MD5 4c5a024e1543f64152c46df13388cdaa
SHA1 dd705b812ae5657bedb915225c8413794ed6d012
SHA256 422a2c9c4fdb61d281447eb3ce5eece99b52d873df19707031ac7774d327a5fa
SHA512 4039d4d1df3dbf634f8d531ba760c704b00d47bc668774e38dd01ed719aa4f281c4430d3605b9612dbf5590c63de198d4d568e9a46ae4289cb4fb34c08d8fe80

C:\Program Files\AVG\Antivirus\task_performance_logger.dll

MD5 1314b1500e4001b27dab60272658f086
SHA1 a5dd1392cb3d3a0f644087e1f740d13655210d31
SHA256 dac0d6bb66d0f926b78bd8768bf1a044a45d8b635e6739a24178d72fbbd52984
SHA512 e89184c3e3770cf2372972cba163d630c685682af2098f343eb71eb3b1fa96c8343c8d98c7b2b3b41d86d39e1bef99c75bccb9edb28c26069c3fadc8eb73e16d

C:\Program Files\AVG\Antivirus\tasks_core.dll

MD5 06c13d03c63e65028fe5fbd09580837c
SHA1 92844e5eaec43bc41b3f0f8254d0e91fbfd2777a
SHA256 4fd9589412e29923763998f4dbca780f7d791326bd4f08ec286767f9a9d7cf85
SHA512 32fcdb47afbb87d7279b7e0405ddaa6571d0391bfec9972bb5f198a1a2b18c8596fbbe5cb1be8c011ff3215b8849a0372d9ac5e551d17476ac0d258540bda0b6

C:\Program Files\AVG\Antivirus\burger_client.dll

MD5 63cc03cb9e79216d0143401aaff8e1a7
SHA1 911c70be1f498bd4e13104b894274414735fc5d1
SHA256 8c47e4a18044184eecc3b01e250e7d435184d7002cddd13df97c8e14bb94ffca
SHA512 7d3281d3058dd59919fa48daab44df19f9ff296903c4b8fe52a9016876da1a34de1eef69f44feb7ce3349c877b5598d115890efe9c3da82a39d6f7b635d1e549

C:\Program Files\AVG\Antivirus\log.dll

MD5 15c19a21f4108d1236449e0a3dcfb3b6
SHA1 ecaa7d9c7443ac6b613f7d559421b8c689f5db3d
SHA256 efeb9edfcb884283a182f9bd0e87ee712fc60216dd5cf2e1775d91d5051e33b8
SHA512 ea0fc1e5d06c0ba99d226dbab4adf0865cd7086f5704dfa824cb0d5cdec9358b5a6182f280ba0b31fac15e26dcae2d39b059d5c3833a42222f8353060ae17d6e

C:\Program Files\AVG\Antivirus\aswRvrt.dll

MD5 f4b421f633a829bd5bc9f8e1a71869e2
SHA1 fc32ffc6fcfe01ad2a064ac84950b91dc3c08604
SHA256 5c7762e89f00b8e71ccacb63f10ba950212623417e4e43188b58aec960fe9978
SHA512 657dca0ce9c4da7bb68adf336c365b4e9b7e1c3c56a678488cfa309bf91b814dffb818d317f90ca966431941676238e633e95dffa980bac736238e4130b7eaf3

C:\Program Files\AVG\Antivirus\aswIP.dll

MD5 0449a2cb2a36f07b7343d14dc714f650
SHA1 e722f450f74745b24f50697148cf38295a9ce72b
SHA256 e4b4d018a56476fe5141330cb360b7384ae43c91f5e604a4f439328500bb904b
SHA512 21de851ee8bfdc7036e8d0d35f8322eb6cf669a2ff9363781024a6342e2164a4d8168a8f1e0a3a34878333674bfaa370a65482e1d8f5e47d5463534e66321614

C:\Program Files\AVG\Antivirus\aswChLic.exe

MD5 54a5ffbcd41302f5f44f2568a4c5600d
SHA1 93fc1d863cda6b72081cf68fba31854be789c87f
SHA256 f18f0b4273f56e35a8074640df6fa9c47e902d602942c53a215ff51cb4ce22c6
SHA512 9380dd7cea91c3e049d4eadf6778e76e5be8b30893cc995cab357fe437dd59f69dbf6869aeac6b2e48b8ec2656b58c74651a6552167e185037df61c580dfd3dc

C:\Program Files\AVG\Antivirus\VisthAux.exe

MD5 30c3872aa6f4d1123f0941eb7e0947cb
SHA1 a46d2b55fc4576916c3074e254b46b74fa769478
SHA256 4c59522d0dd42ecb4340eba0e6eb16017a6ceddcefb83c984eb23b8c643a08c8
SHA512 28adc3d0c871bd1ad55d39c547fac9e421ed10915ddfe0db69d62f05e1cf8abad3c2ca3a3142fd10861ab880e980c31a0979c2a4eb0c2743a0687445014aa8c7

C:\Program Files\AVG\Antivirus\aswSqLt.dll

MD5 0a3c607ecaeb3db8c6b5e4ec6cc3e5c9
SHA1 8dd37f80087a572127c6809d00c41122dbe2e344
SHA256 48eafd929085529bbb1d2f0bd08e2ac440ff883124425519f88ca176681ce060
SHA512 74395e8e4339ff73b45640f437bee608d0ca999b514587897ec01019f3f818e76cca0428a2316ed071f906ed701b35b84826d2954b113580446f36c2433a785e

C:\Program Files\AVG\Antivirus\CommonRes.dll

MD5 24ce5e6d7334363da5979375fa8520fe
SHA1 89ef0c21a26d972cc773877fb566377ab9930a75
SHA256 0bb23c5ba7d3ac6990cda690f319ec69e783112ae08c7886d18e7f6ab9ac548e
SHA512 13191e52d318b5f495cc153314dee184730e220fdfa9ba3f73b143a50c76088d5478464ec1fb1e34567072ea9f7486f172f2fa4186ec59f3f129554d564da59c

C:\Program Files\AVG\Antivirus\perfstats.dll

MD5 191e4f527d84e06b29202688b2cc731a
SHA1 71d36038c40375ff4175001e1c35a26b4726dc6b
SHA256 ef6ac79cff76cb4adb17b2f1d16f24257520839134bb0b977d80f1e1eec2f175
SHA512 09f6750d978bdce4f9717f9f3a8e83fbb04c3ef975cee46e44c11a1706891a3d15d8cab1a0a52658221b74607330ccfbeea43268d681271bcd3155d351bda736

C:\Program Files\AVG\Antivirus\anen.dll

MD5 4e9eaf8d00e50c62006f3ab2a776a321
SHA1 2de42d636623846595348bf6ef4231a98caf4a88
SHA256 a00f62b682eef9b294e2c5c1fa544d72757e838e3f4b47d9c5174921910202f0
SHA512 3c4cceaaf347611009db127603b51d7a96e1b450bf1ba7d1250bc9ff0002d85c2d9bd66d946bb7e8e9872c31de067fde109b282d58d11745ea97caf3b22175c3

C:\Program Files\AVG\Antivirus\aswW8ntf.dll

MD5 4360bdaa45b159fb3f3f9d8a8fc5fbc8
SHA1 4522a3c900421107694cfaf40bac35eec8ea1dc2
SHA256 a4042d3761daca18aadc8a72c2606bd71d3f47c35705d180038d45e7b6db879e
SHA512 5bb8ce74ef4c5faa3c411d6962af98363eb962de92918b2f3c4c236e8f991f4dd9395eb4abb2f2dddf114d5908f4a3fb97558cc27af381a1ba18bc7906a2d719

C:\Program Files\AVG\Antivirus\aswProperty.dll

MD5 b3a0a578835b419f50e5fd85dc1deddd
SHA1 901491ae13e4cbab87af625caa021454310afa0c
SHA256 5495b2f35349208e93b1730b61836be99afa1193f954b0b5af35a6a9d81e20bc
SHA512 0e1295e2313afbd63ee3fea320231aaffb79817cf9507f1cd7747e675e89e184455be9d6e324ed24e5a1b1838e62fe0a12056ddf5db90dff525a1770832b1ef9

C:\Program Files\AVG\Antivirus\aswLog.dll

MD5 385eeeaae598cefbd60947698723aa6f
SHA1 0c1a8c3c47fa19fcbe70762754a4386314af4bf2
SHA256 cfa5444d88f6dc2838c714638afad307e851fa4ebf56b70f2361898b509e9b4d
SHA512 0a8ed5882c5743cdf00591c289b32a8bf4b449b95dbcc74db43293b43f2b8eb087a8f2af1a60abe88b44f5d191356e1b475bbb865df72dda19216ff110d77b04

C:\Program Files\AVG\Antivirus\aswEngSrv.exe

MD5 0fc8d5ee5b74ddbf6f0a65a64afea667
SHA1 44634a46e2f87aa3cd9618a1ddd6fc068dc81a06
SHA256 edd7de57b016696b00c2522d34a8c9a0b5012e1514d4a0c397cca40b6ae7b45e
SHA512 08b7f0e189f103d91040372d7e8ae6d3a249dda5b42c7188c8a9e46be6fa326afb7d136d1f95da57cd8c83f76f7dcef925e0655472db046594ead32faf95ddfb

C:\Program Files\AVG\Antivirus\aswEngLdr.dll

MD5 a8edc2ae2e2ad6daa268077565aa9d93
SHA1 2c750d415b0156a6d59ed9ccf281141ddfa0238e
SHA256 eaa20c5ef0b9c2da3cd95a317e223b714243f30a769d44e1bd36d587b8570e14
SHA512 c5f80902557b6b27e31e71cb863cc9345c8d7e153a0310718b3918d8657019452acde46f03fcc679b212c9781c112f8ca8f75a6d9174ff7791912c24f69e4c67

C:\Program Files\AVG\Antivirus\sched.exe

MD5 011732f8442bff215d6f42bfcd39108a
SHA1 e987c1b32a52cff78f60063325ab63605057cf6d
SHA256 d30d5fb4e013d276a93897f967ffdce222c5827fcf38e6ba1b109a3553aea476
SHA512 0d4d85b004f8a329607b798a205848a02e82490a8ab2b5ad686e769f93bde5f2942923a519032c1db66712d628a12baa7eae312c4ff2f3fb1229561c32a4408e

C:\Program Files\AVG\Antivirus\ntp_time.dll

MD5 84c33b3ef5a15824ce1ebbb289cb90a0
SHA1 014183ca3a51f98c8885182e472841296f1ecbaf
SHA256 7dc5c8530cb2304c3a65400849e4008f20093163f75fff54011894f2a20b4bf4
SHA512 3355c47593b7f6a5d17beca0ed44ba68cd24c722606557ca7ccfb4095f518bfbfcad1fbef5c6aa3922cded6686e57462bbc6cea928f82f02f4c66da3ddb1b1f9

C:\Program Files\AVG\Antivirus\streamback.dll

MD5 e7e9b0e846e130413a9a2f988215a95a
SHA1 8f33613e01a656a8c7c6c4f462692d8d1c2528e2
SHA256 a57d1557dc69107cb7cbafc9af79090ac577ebd248cfe991c4deaa9584157e1f
SHA512 3783efcb168c31b03de6d2dae4382529c04bad713bdd15e78cb8aaa2c2c0357a056ccbbad7f1c4848fde0ac744a5e9cb0e736170792dd1d77ad911f4e62cf366

C:\Program Files\AVG\Antivirus\aswDld.dll

MD5 e44f79ca0a158752e6c1d99e41001054
SHA1 8ec90733473f1d659839ef3e88bb891a4ce75a3d
SHA256 934a79bfc82b2e42e16e995a5d8197b455e28b72c9133b664aade1bc74fb15cc
SHA512 1500d7ca4e85d79cdc685b76d2eb72e9e42cfe148ffb05b03d5579c7c5160c5cc24b33c84ae3f081db212297a7d8e39e26ab1ab3422a7dd282869b7fbdff931d

C:\Program Files\AVG\Antivirus\aswAux.dll

MD5 ae6d2507cf7d60d6d6ccda84c7934463
SHA1 9a3b447c9bf7826fd66de0e6af0f77f5756d6144
SHA256 b8dc799b7cc8827337c81beb197173992e85cbd9a366860b6157e8f587e9c170
SHA512 d578f14f33c9bf66969a45ea835bd104bb5a1b55f35cd363974df1683e28ce1eff4bfa6b4fb87d2095db6846293a1274e6f56d034c0d9f52e0cb2a1bbcc134c9

C:\Program Files\AVG\Antivirus\ashUpd.exe

MD5 2671106045c806a6fd911c37b471909b
SHA1 22ce3c147de843d509401f3f34fcfe37e18526e4
SHA256 1e58dff74dc91e018b3bcfb0f8b4fca088cdd1d4e948682a3faa4a4c11f872b1
SHA512 68442cacff2d70369538adc65f78ea4a95b18b7b4010229c63e0c7b5dc7fcfcd148171deb3bd10195492369f03d1a4cbec0449b21167a58a06ef85402bd1ee74

C:\Program Files\AVG\Antivirus\ashQuick.exe

MD5 ee6513098c96372f6d6fbb56cf81a154
SHA1 b2ac6ceda0b5adfecab5be9f74d5d288537a292d
SHA256 1b810723ce1790e483c0a32c1c12cee4ecc70337ea67ab46db7a278b245e953e
SHA512 6197a836a50816873c38b04ad469943656a61bb3591da504edddddef696097acc5d027ebac495b9c10c17ff5e10b51fce57bef066dd168c05f2b4c6d3df61435

C:\Program Files\AVG\Antivirus\ashTask.dll

MD5 74a1d12885ba26c87122adda0040fed7
SHA1 a27a7dc2e4bf385d6683be227c8faf579ff9dcf7
SHA256 cd1068665fef3e3c8cddf8d8a4db61af5e14c02be6edb501bb18fddb35315510
SHA512 2764e6d8f212ca5b0154fed6ad9119065ffae736cccd6cb500557e0acf74479a0abe4687c150461d21732af38523b683ea94bc94113a53413b4a5030665acaf9

C:\Program Files\AVG\Antivirus\ashShell.dll

MD5 4c21c0fa7c3cf3bd0ac28c1d673e6903
SHA1 29d7c1075632140a17e8e613f23a9c7c53104f0e
SHA256 44385ae9dae30ccbe304fc0f19c6ff69eff8db94fca141aa64e955d71f9e9602
SHA512 370231906db01695339d91a7350226c40821e25c4f3493545b9bbf8767262a86e9c0acc9bc42a170ecc4a2b4442609aff3c99b754116df7a335401922ae1bba6

C:\Program Files\AVG\Antivirus\aswAv.dll

MD5 29e8af6072a720f394c245ce19ded5da
SHA1 ed6f89f43e9623cb2f69c9fb2c9c084c6e16ede7
SHA256 6e8e0703c14e765b8537770d86e33ed507f100f8e1ab5b7172ef2f046ea5ffb6
SHA512 4d8496b954b00ade86a240f728cf3eb2603f2074f96f6a129c671a2ed58999dac59a62f24d8721a91e786524ceec1b154d6cb51e8c789879b64b3145388683a7

C:\Program Files\AVG\Antivirus\ashServ.dll

MD5 4d4a3c1dd378664451783e1c087bc75b
SHA1 9f3a76b399775a151fb384c8767ec4c5846ce200
SHA256 9f9fae9dda979b658ec6489867c1d49f012990f51b4e06bf11ba5f32cbffa63b
SHA512 bede3ca821f1b1035b4d94d6374ce80257438a4c0a979b9a6fd90375a4171914fafde0e48eff8e747ed82d39376908a6b15c5a8d6cb5eb09c31a43780fe5da69

C:\Program Files\AVG\Antivirus\ashBase.dll

MD5 4b29efa68fd7c430583f86db43799c1b
SHA1 9190e5e509a6a066a4dea5e569013ed02e5ef19b
SHA256 e756825b1760434e9d4a4fb87692365b80af1652ea188aec5398b0ff29174d2c
SHA512 49fe5687b6e7ab8a8dc223cd32bc0a81b1f388354e02997b2cfa01dd2314ff666b255310737796012ad519dae93f3730c6f5ed200de9ada72e72f2056e96d510

C:\Program Files\AVG\Antivirus\aswCmnIS.dll

MD5 e4eb2ebd52eb2e770f7df562fad5b7a0
SHA1 f4a38db58958fb3979d661cbdcd0968727c065f1
SHA256 f0c877faec8d783cbb2bdd60c1a4c7248f2f128dc0f3a6f3fd8b687665952077
SHA512 4c5d10e4f27b94c6db81cd1dc0600657356e8f7b46c0e0cb0b46edd5af36596c918dbce1fd2cb9baca5dd7eb9cc654672dcd6ecffb1420d1ed011548ff044312

C:\Program Files\AVG\Antivirus\aswCmnOS.dll

MD5 1b257d0d5698b2421824b0b50729eb10
SHA1 1c2adf3ceb8aa648ebd90b28f73830d6c869c4b6
SHA256 75d63a4614cca6a8ce081d0a497d3f5328cf8a6597651f15586ddc10a12d2cd7
SHA512 b93fed7d83ad95b04074281b4ad37c70b6c36d44ca29702fd94b1972ae1745d88f8c55ab17aad28e38b412971784adfa245035573bf790110493a13cf04ad75b

C:\Program Files\AVG\Antivirus\aswCmnBS.dll

MD5 174be6b83715c5e4851085d84b3f1443
SHA1 68704dca55ba3ead5a3d28c6b9d535d751d60f2f
SHA256 4b79d3e4fba3fa2736542c5c164f387c2361b7d31467e851aa296460f4f54d8e
SHA512 a9403374dcfa0be93ec3b3c52fdf714a55cd4ed69843ab97a73d0e135bfd718bf572a35e0806fa7ca0b069706baee1782253604afe8b7fc07246fbe7cb2c01c6

C:\Program Files\AVG\Antivirus\Licenses\zlib.txt

MD5 8041053262bc492837749777c930a791
SHA1 e8cbe20136c6d1627d40932dc4398d2053be5228
SHA256 d988d5362ea432d8c8ad9f05af876ba9409eb1ebad8c34b899fc9cc8c7ea5311
SHA512 0f321a821b1ab36a5e60a5d5e94dc26564a2cb03347b54279b5530f7b50ab3105d537637f338553dfc4ef800d28be103ab0ca50f77da3b4627fb6d7c558bd3ea

C:\Program Files\AVG\Antivirus\Licenses\yara.txt

MD5 4bf27a810f9a1f9e7c76b029b3b457cc
SHA1 8edff1174e110de6aec218a8d9ac56dbea27a1e9
SHA256 1e5a5eae04b378d12f93a3acf56dfdcac7005bdd67fe22d71c855f4e994e9928
SHA512 d818fe6f1905f46445fdbed9ea63751441fdd69651ac532aae946181fc28da8d2aac98146fb507d3df9720b24dcd2f05a20735f32e113503253fd85defa2870e

C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt

MD5 06cdee91812ddfaf4cf3916f7a5309c4
SHA1 00397115d379f863279d13e823d33ed9c8b51be4
SHA256 7a9555c822ed30fcbf6832004edac893ba10bbcdb8e12d9a3662ddf1b52bd6e7
SHA512 cf22a889618b15fd40dd82809c2c8f5003fd40236798d8738fd3c56cf0f27b52e4157f834e5339bf12388dedb96eab1dc3e9d01968e1a4aa155e60cea9c96694

C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt

MD5 a3e6629906286395714e96dc4ac8edf4
SHA1 e1faf4917a367e29be497afc8ca14bb7b4493efe
SHA256 bdd96967d9b60683a91e086651ec03eed0d4ba142b37993111a0b1a608f8a05d
SHA512 c9be16142c2d45b9e81b2e33840b58837eabf94b3659cbce65e18d1501ac85cfa35fa087a467cbd55d633f1dfe370e61abeda2ed1e6db4e8b65826b7c41a4ccb

C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt

MD5 b2feaa6a26c0149af9c4fbe2d6b692b1
SHA1 23df548394b0b16e6d5c733b427307288e1b359b
SHA256 d7e3eaf9a5ec61dd5f4065d252a2b0130c0e300ac3ac9cb307469e2a86ebbca7
SHA512 156e4cb2a1ae146cee9cd25258b299fdfab716866eabbab3e01f23a0e063e4469537c0a1e497d36f829e710211fca7db58608ae6bce87cacb75c66c8a57483b3

C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt

MD5 7c3860ffbb2e3df660f4762e02a28a4e
SHA1 9a689135294896040420ead4e5a05038d0ce8cbc
SHA256 803b8b5aa4151030221b3c3f71a645da6241938421e49901444a79e5cca75fa8
SHA512 393e4077221420b1a1d73cb1d89ad264b65e36dde03271959699260e8305ff8715ab1a7535c356f2bf961f316ccb1ef1ff6e13da1708e7b53a9b6e12ad7066d0

C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.901b3990

MD5 7cf65040f98baf1ba15f488d76f31e6a
SHA1 c9e9e12d8d124bdc38b63a1c832bf36890ddf046
SHA256 64578d53633622b31d19024184265f01d045b637da98fbd15ca81e39acfba63f
SHA512 4ffb42ad75204da6a288aa2d748754eab2a94386c33c9981ab1edb6f848e02fbe4590baafd81f5349a4c09bb913aedd7f57d49c43d96b8ad6e63c0e44d0a8ca1

C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt

MD5 bdc36270610932ff0c405f7dbec4f1aa
SHA1 36ef609b122ccde100fa096a4703f3433af6e2d1
SHA256 8c109e1d8394fd4557d916d75ef61fb406319106cbeab77736d7c666befd1ab6
SHA512 83f1346cbc0d4e49b0e4cc338fa12813661eafb00acba39d350e28c54c86d6d19317545dddae562763e6794e5268731cf4d1d8f24db42a0cf8d9ab9165970beb

C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt

MD5 cff54e417a17b4b77465198254970cd2
SHA1 a2922ac9caf1914313d4117dd30f4f1de71c5e14
SHA256 60ab263d1868282cb8262199edf648c21e45b729a78c6768bc9c27214a673da0
SHA512 a8cbf26c8babcf722623a709d5810baff798448a969000c36bfb7570d6ad388220066973783d7e162c1968fc42d0418a1c7ae15f51eea2ef2a2e843fdd9cddfb

C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt

MD5 ae1fcfd0aa84b946bb9fc04ba39dafcf
SHA1 e1391ab3bcdbdd0fb6e9169ffa1d72c1650f839e
SHA256 e9c108afa89f5f9ef50484bb1c64a8d07d0c0bfce171df01840702ceeaec1e34
SHA512 bb9635487def64130a10ec3cd4106e5018ce17d9b979124d9f6674ab1fc7fa549c32c0602aead88cfa78f6900ada5a1776995fe4b864b466d6dfbf1cb53d942e

C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt

MD5 ce79a5e699943b3a132c0deba1777ac6
SHA1 57919d5bf210193d05ba496a870832582f475559
SHA256 f4df8b2457697851385d9ebb93267832c1dfa24e0e61881952f6b0c452663dc9
SHA512 82cda6f61e3dff94228d3eefe4e1f65dc483aca9c8597e482c1d6584d2f70ab7327af6461080447649dc4986b9932025dbcae5c078a2dbcca82c3a985d118f4c

C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt

MD5 347dfef587108750fa72297199fcc986
SHA1 0e34d7cd8afeb7e3a17bb25f371262a1ddc564df
SHA256 08bebda80b178f4b558faed4e52930f66e855614e4dfae15a436733b4712e041
SHA512 defa096320296c640a94a6abead06698a7682bf522dc1f216bd6a3fb70519d789b83ac061a518672987f6cf2d5fe5f7e60d1f9dccfec5b74c9b387ed591339ea

C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt

MD5 97aa3aafa51953d4ad591398b916595e
SHA1 a849084b5239438f44c43b52576171f660576e2f
SHA256 ed72ce2b51ee58f117e5a021e2e04af158857f40269fbc03491f0b2a99dbcc96
SHA512 0b54f6b692ee9c92e0a867361b1601459cf6bcbd653b902e1dafacf3ec445af11023e8a5f7485e4513d351ec662ba39dfd52a9e84858128e512e68ace970c18b

C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt

MD5 ae3f3d4fd356269cb456df973156650f
SHA1 4f58ec889575f422dfe25fe14f22eeb5d009a4c9
SHA256 d0a9c5d1e40d1179f0669bd93e079a518b3067fad240410804170f05d1ba04b6
SHA512 ac1c0e7d7020f7ae091bb53e4b5d1afa8e9a669bbed4f7a418b8cb9975eace1c8c6eaa840f1248ea4f607f87ba8765d61ea0f05fc0e586ee21275633c8f1c3c8

C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt

MD5 c58efea00b9a80527a4eb1edf3b48d42
SHA1 7a9460def676dec00affda16aba1e93f0fb26f74
SHA256 a9c42b959825bce9b7c72a7b0797a41580cb21f407b73e08168fb1ed1db438c4
SHA512 6cbcc440792e05c8b73755acb329e2961a1991b730fc468d7483b1c005bdc664271237de634c3a1969967f8feea03b36ee8d2dd58e94dc61f553c4d728ff9d2e

C:\Program Files\AVG\Antivirus\Licenses\mhook.txt

MD5 d273d63619c9aeaf15cdaf76422c4f87
SHA1 47b573e3824cd5e02a1a3ae99e2735b49e0256e4
SHA256 3ddf9be5c28fe27dad143a5dc76eea25222ad1dd68934a047064e56ed2fa40c5
SHA512 4cc5a12bfe984c0a50bf7943e2d70a948d520ef423677c77629707aace3a95aa378d205de929105d644680679e70ef2449479b360ad44896b75bafed66613272

C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt

MD5 d229da563da18fe5d58cd95a6467d584
SHA1 b314c7ebb7d599944981908b7f3ed33a30e78f3a
SHA256 1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c6
SHA512 e2f81cb44129e1bc58941e7b3db1ffba40357889bace4fd65fd254d0be1bb757625bdf36bf46d555eb3ca4b130dcd1c05225caec28d8472dccf52a63dbd6e185

C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt

MD5 d774c7a88d7b41d7c73490067b54e3a4
SHA1 661206b3d45d9f6836915cb266f8536ef8ed39d9
SHA256 6182268f7c8c37fef81e83f722d1ac9bd1ea4307f16005a6900bc1aa473828e0
SHA512 7f9bc6a96e2cd7a1b8522edbcb72be141a5136dda654e0e8ab5ccf39a216b23478c64bb4fc68a71ee303237e6e9e063adb84873bb786e235e9a039d914e7b762

C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt

MD5 fe680362852389fe7a16c47aae27bc92
SHA1 377ea1b96cabe859af78bb561ca4171544ab0152
SHA256 e89251cdaaf385d93f74b819412217e47a7a06cd65115a1f87eedda0dffb2947
SHA512 8bb0e1ae7fc66e12581b43c0823e82011ec88d714eb244a840a46272d9c04163893217b6ae6c42d07ef72c88ea154950282ef09f0aef2dd44a3e42de709135ef

C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt

MD5 dcd04d4748467021571f4a01f797ddae
SHA1 c59d498fa113b09406389f8828dde6407f5a651d
SHA256 7b8c5dbc64e5ce65c94d31b5690a0e30ff83222bbbbb859df2a56b9dfef14326
SHA512 7ae6a19fdda606f467c15e97ba08620838961bf64d9c5b6843cd877a23f0697bde8874842b12e3c317e18b4f8609531bb05414d5ed4ec68337ce8e1c73aae64e

C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt

MD5 9c08c5872a3314661e37289d53a846e4
SHA1 ddad81444c937f22e749ab9518058682953b1cdb
SHA256 0ad3bfee8be10e5519949e7af492e36bc349376b75fbeb412229a5967e3e9434
SHA512 dda85f29349e7222a6487f91e42e798c6d93a091fb01ed08d7caff5b906a2732788fea763d3e8fd10084361af8531ba2059e2410e845390c937aff659cd0fa36

C:\Program Files\AVG\Antivirus\Licenses\libevent.txt

MD5 d6913685a013829414179d17903310af
SHA1 d665df4878ae79173751d5a8a4346c1e2567f232
SHA256 8dd48e57572d33854a835ba6bb045d9a01321bae43377934fc08ce642992206b
SHA512 228fa37c918f781f3151b7cebfaa2575c70e515193adcae66a25c5de0035199ba935e677c1df1b2acf6951b43ad4e253a5277ccd72aff9bc60cf6f1bbf444eaa

C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.901b3990

MD5 513ea4bce55c427e58b1b6d40d087d24
SHA1 d2f6cc5490d34da9fd15e6edee4995d6eeb42892
SHA256 7732fa42ebc8652ee3300a086a068f6aa5008cfa0d14948b144e4b06c82efda7
SHA512 0c9f8d90f4ca229b5f175384d0cf348cdb8bccc062ba5b2f97d5aba0b9d823b0ebc2a0634041ec70e62715250a238b41b0c31ccd76ac24b8e864508d93251931

C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt

MD5 51d2728ac2976fdf6eeb3a02cd58982e
SHA1 3d4af58a6b52ee70064abf68a2412aac2cddd42e
SHA256 c3aed6a54154090685df3bbcd72e7a84943a4f3d5e5491bc6446a0b2d538c493
SHA512 734dae65afc8b551ecbf6665dd0a48de8eff2cb815a079a2bd7e37e19388253e39441a779403cb553d091449ae1eb858ba560726b86b2486220bc694f85cb6b3

C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt

MD5 4cddb654fe704264c203b4d9c7c832c0
SHA1 9d236e8f305b4bc8c486de24549a706a3957c210
SHA256 634788199f33637e3cc36c61e5272f72ccbdab87be0c07eaaaf487c5f4f1ce82
SHA512 1933696744c8a95bc6c82ef0d19e99f1d4291f6e0aaf8570e45bd74065ec076ea9b3e4b030ebc8df52903f4f98aef6a9727d3370834efb9187e4ce24ab9a0180

C:\Program Files\AVG\Antivirus\Licenses\ICU.txt

MD5 a2a0baea9713f129f7d433dcfc635167
SHA1 349e31d4f425c71d5c63e2dcf4a19f5e0edcb57b
SHA256 f155f8f66833bdc8e0479656256bfac1d66a9ec9df4aa56292308f522b4e3fa7
SHA512 87dd90b17aed6c5aaca53baaa3d149c07028f730ca34681842aa9c855817413345af27a0bd27dfc64677ed6d9b2e9013b585bda06130315cbdccf0a27103a809

C:\Program Files\AVG\Antivirus\Licenses\GSL.txt

MD5 598fd6266b820d382b6f1134f56351f2
SHA1 91d5e0457d0b8a0b9c0a2f557e0e2dc4d7f3805f
SHA256 656e11ea18f7fb862f6625469b822583f3c08e986b3a24962d74737ebf6927e6
SHA512 a1de7199ffc3adf0a4679b47ce77ccdd6ebe7ece123d286c58236a08b64c13c707e590fb5a12ad0a72e6a5907356f4d5754151eb7fb45a99d71caa50912c16e5

C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt

MD5 7eee1933e27bfd222f8ecd48d463c30b
SHA1 506dd04ac3db8729abffd4132294d017b8b1fba6
SHA256 e9bfbf4cd2bb60ea2982dc50dee92466a81a42de9b40e65c4ee17298646c7bce
SHA512 279d059dfa2c81c371000b865fe49389fa911bebf4c4f7e83379598e3e109852b14a185f1bd970dc94ad53a804d7554a4547dbe7bd7902781daa8da1898f7885

C:\Program Files\AVG\Antivirus\Licenses\Detours.txt

MD5 c26b34f5996c7ed7f7bce6aaf6c8a98b
SHA1 553e3a3efec9a07d9b08fcaadbcd88f2099aada8
SHA256 f854ae8aabc0404652b48a2b3bf7f21ec174c69d73f5596934c20884eb0639ef
SHA512 e3c82bfe3bacb07e3a8327a01b2c9772e44bfa1a8012c0f0b363d6e3b2ee2371bc66f9c207611cd6f73d6f1ff1ceb9b2bf2c7d0864ade256d41d533b598a804f

C:\Program Files\AVG\Antivirus\Licenses\cURL.txt

MD5 8915cda79ecb12328ccb33113dc85ecc
SHA1 127e0111a102fb3f6af9ad82d0620f4c4ac2c164
SHA256 7c3794f6aa18b133dc86045d00f3d5894682084692a959ce521982eed4554f37
SHA512 30acf8eb04e4063478c8ce0879c838dd9f9083efb6e239393f4727cea279a171ac4c597f3f1bf855210eed3091acfb50d9d31851cf6a147774f3bf246d6f4d59

C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt

MD5 15f12037d9859d059c3a557798163450
SHA1 b3609a3d6832159913cc9b8fb128df1383087b24
SHA256 e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f
SHA512 a976ecbe99ab8f29c8290f26df5906326e820eb3f212928cd2b74783716bb6b7b6e75104140b2816408af15a1db30f4f5ab05133baa2c2d3a6e48c6d915fa915

C:\Program Files\AVG\Antivirus\Licenses\cef.txt

MD5 4434d135a9d9631e1741ce7254375a0f
SHA1 e2d2dd3fa7a0f0f7814118af8c03094fc325d333
SHA256 2e69c36a7eaa4fa153426eab635c607ea0356cbc7a68a70f42a49e8ab8eb8106
SHA512 9c59379e08895138e88b588f0ee3c4ab0938e8fd6906ab041484c6ed90da38c7ef9df7843002abe5249b359dac56c9c064f9119e58eeb1fd34bb2b7a35194450

C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt

MD5 128b02ba4177d31ef91600882bb0baba
SHA1 6b98f098fa3f1cab58b9610b0af9c9545d5010e2
SHA256 b87ac954a37f855f6f7199a3154e2e84623558df980e8afccb94c5c93bd4cba3
SHA512 77b2fb5862bd1d999cd9549319ffe492ed20aa63659003bfb48c2426242984f97b6666ba9afbb0cb7d71a46f4f5f7e883e31c248f9b9eec339e3d4d7ffa66a0c

C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt

MD5 9087d9182e280d5a124e844fcf52af82
SHA1 058d1d953744a7ace99b86c97238a3083dde120b
SHA256 5eca2c8028dee3a4728012bc60a763f69205325d0eb75b344cb7e10a788faa96
SHA512 18758d28733aa9db4257db7a18176a8459265021f6cc60e48ee6bbca422411d798bc597a683afefce0045c2b025e65577f6ed085fa8c9acb10b3e23464da6dfb

C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt

MD5 a5f132cdee178b77dcac80346cc12b62
SHA1 d44350c4d2332a9a30f154f896e88a3e89016825
SHA256 331b34c5d939627eb370fe4250beaec0d0fb5edbf687b0c3631930385026cf7c
SHA512 d3e45ff903524667e40fd06870c957eff349e44eef22a2d9e9e01db9ff806dcfb3082ad5bf974b864944a6c4b2d7d9910d67e440a5bdb50be23600115537588f

C:\Program Files\AVG\Antivirus\Licenses\brotli.txt

MD5 7df5cd81700618ef9926feb32290d2af
SHA1 4763ba7dfa7730d98b190dd8a4a2c6818d301fcb
SHA256 60ae0f13e76cc2eaaa108677eefa4ce16b647f6bbe8cf0a1ac9429d82eca7248
SHA512 92c0bbdc5155d6e218682840dde38697327973b8f45e0c6d100705601449a6f1f8eba74cef8bcadf09ea945602b378bc64e81885f40965fa038d7974a71e5641

C:\Program Files\AVG\Antivirus\Licenses\Boost.txt

MD5 b51058fead1aa71840b79527f5bffd3d
SHA1 bc3c4d41d4cc7753bea8e7a77fdb7cd384adbb59
SHA256 beb8e42e9d6b4284e03304d05a81a0755200a965fc8d0a5e0aea1e84cf805d6e
SHA512 f1a8d21ccbb6436d289ecfae65b9019278e40552a2383aaf6c1dfed98affe6e7bbf364d67597a131642b62446a0c40495e66a7efca7e6dff72727c6fd3776407

C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll

MD5 7d3e52e5af5fb7c7c4ad243db06ba51b
SHA1 58daed48fc063759c85cfbdf6cf4b1b0108a921f
SHA256 f1ee6ab5f4d573038119e3d1b38610056b7ed6d558c5940260fee14f72993609
SHA512 859e66876fd0d0e290aeb7b6b2cfad938941eacc885a596110ac2f76681f56c0b9e93290a65da7ae2989621405633581c3a3d4baca28ec87f5efd3a25d41dbf7

C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll

MD5 9ee74d9c512ffafbb954657a1289e0d9
SHA1 561e6890e420d448abb1eac5fd74782fb6afb4cb
SHA256 80427bfd209baebf714416de11b59b6abe3c954944064a57afaf9df67362426b
SHA512 1d8798c01cd2430fffc30bf1124789ba3c507fce5ff34b7e0ef230839c657a0588df4c2ae3b307770127dd3c78c8333696f9114cdc9275cc1746c5fe572e44ce

C:\Program Files\AVG\Antivirus\CommChannel.dll

MD5 e8c1094a511a3d7d79061a6c1cd24e5b
SHA1 a0367a98be722dce5b071e8131406bc119285fc3
SHA256 780c8b8f01624c82d50614690b4a8f231b953d1a7400d9fa3d4d8ebdf77cf906
SHA512 d9ea1c85d2a3f0aa78a879667724b422cdeaabfe99720d327b57c0d901211e87cd78f6a227e5a7dd679e62ad61eaaeec0b6c2fded1f65a06dc116bbf6edf0dfd

C:\Program Files\AVG\Antivirus\Licenses\jansson.txt

MD5 928ffcbe179ca1faa2d4a2747ccab1b7
SHA1 0978fa6a4bb455f6237eca37956d179b7512fc1f
SHA256 c8d3b9240b998223daf58ea16bf2856caa5cdbcb75e93d4fd20c548033d885e2
SHA512 627af0d12924e508694e977823fd6d705700eec590e9edd432605078b007143cee5c70391143ae259cff9287db89fc3e613198c4c586236d71e2de70cbc6d0cc

C:\ProgramData\AVG\Antivirus\settings-24.2.8904.1563.ori

MD5 d6d47f2fc4249066cf91a53c7b920259
SHA1 12fd18a223a52963e0365362cf1e350355d9c8e3
SHA256 1a42bc373998c605dfa8d4df5e2705e1c209326ed578bc67ebe0f3dedd2a2951
SHA512 19cdfe62d19bf5073f28d6693412585843c113d85b4a3e01460fcefe76aa1c85a1e908e8d89016eb804a4a875a9ed5f99499b254e673074e393981482c21d209

C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Regular.ttf

MD5 0e1821fdf320fddc0e1c2b272c422068
SHA1 c722696501a8663d64208d754e4db8165d3936f6
SHA256 4a7c36df4318fee50a8159c3a0ebde4572abab65447ae4a651c2fe87212302b5
SHA512 948adb943bfae5807e0e88a23364d8e706a8bdfe8c4d00592a95cdd34081a64a8d44c4ba6e33a65874ac8a7117927c3de2b995fdc57c2746aedd7161df727293

C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Bold.ttf

MD5 52f9b35f9f7cfa1be2644bcbac61a983
SHA1 c348d9f1b95e103ac2d14d56682867368f385b1a
SHA256 28a1d37668b4cf94fff5256e9639f175baf4dd654ec84ba910485d38beefa6bd
SHA512 de48b5e6751134c7fcaa8ee4c734e0f458e86fc59249ef19d9c45b7098eb7273c4119d5944332465080154a3d9c8acdb1aa84ccce011bbe5c7f32251acde6cad

C:\ProgramData\AVG\Antivirus\Fonts\proximanova-regular.otf

MD5 9372d1cc640df70d36b24914adf57110
SHA1 374508b24ea24906f25655de27e854e69cda2935
SHA256 31daba103891abf8b4d0537661117a8689c9ee5d91ee264f74e64ef1bb37a61c
SHA512 8100e80e7c7a6283a348fb0c2f9339600dca96f8db21e49c3c875ca6c0129d87452ca0d678904e40f65404f5c78b37a82718def85efc085d5f2c9d0ff94182d4

C:\ProgramData\AVG\Antivirus\Fonts\proximanova-light.otf

MD5 b7913e898d3cddf10a49ad0dc3f615b8
SHA1 560917b699fe57632d13cf8ef2778f3833748343
SHA256 1e90e49b182c8b5876ee6805ff3cd2e39a23fda79df33d2e8b57020d6f208334
SHA512 baee3e6114fb8b4f946cd85fac7bae19e1cc681820c6c5824092ad955e70ce7253ae471aaa28ad97412e67d4a9c741137bf3ff27233bd94b6d3a654f72adee16

C:\ProgramData\AVG\Antivirus\Fonts\proximanova-bold.otf

MD5 0018751ac22541e269f7c8e0df8385f6
SHA1 541e47f0b29737b74c2758b1f040783485de2a6d
SHA256 9f4d35bd7ca167c7659a872bdae6fde11c306b07eb5c758bae762f7258b39071
SHA512 6b6465848cdc0fb24ff2b1953e71b17c19e5e4224857df761222224778b4659443e8ce21bea15c76abfbcd9e371e607a0c1a94addbe761c2f07c1648971406c8

C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Regular.ttf

MD5 629a55a7e793da068dc580d184cc0e31
SHA1 3564ed0b5363df5cf277c16e0c6bedc5a682217f
SHA256 e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
SHA512 6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Light.ttf

MD5 1bf71be111189e76987a4bb9b3115cb7
SHA1 40442c189568184b6e6c27a25d69f14d91b65039
SHA256 cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512 cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Italic.ttf

MD5 c7dcce084c445260a266f92db56f5517
SHA1 f1692eac564e95023e4da341a1b89baae7a65155
SHA256 a54dc8488f8193bf30c3820cf6f261f911f9d328d699e1a1b8042641554cec70
SHA512 0fe7ec4c8eceafe87fbbdb9780519faffb646a23579ce5a4f5170808284c1ed85b9aafdab18cc4ddcaa9a7e6e2559fa6ed984d986ba93d1bbf4bc0551d5661d0

C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Bold.ttf

MD5 50145685042b4df07a1fd19957275b81
SHA1 c1691e8168b2596af8a00162bac60dbe605e9e36
SHA256 5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
SHA512 9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll

MD5 a08cce69a147dfb6ed0c01689b57b2aa
SHA1 7db5f711efd994a00c1faf15cd3a20f1676b9f2c
SHA256 4bb20599774049cc9a737e6adf57e75d37008009c01cd23e48fa2f9ea8bb3772
SHA512 4b13fed602b6bdc5291de5df6f8c359bb179bab318f05e86f59ce1e89ef025e2399efaf055a7b97580e4618a195c157234a2a663cf045012af7a72729bf43d48

C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll

MD5 42b30de4617a3ac696d9eed803093cc7
SHA1 79f16d4ba21d9b90ceb7ff38379345efa0ee89f7
SHA256 0fdb7355ae5e53effffcebea8dece73f7445a4fdf8bbde39bf24d5f08dfbf259
SHA512 895e9ef239fb2a2012e034eb3b91d43d9800a04e2ae6c72c5b81d1f326d72d9f0eff6587eaec028ee383f57dc3c5872393f7af09d4e5a9640a591b0f9371a9f7

C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll

MD5 b6376656479d7ab7c754ebf542f4f767
SHA1 0381985c8ef5e0eafde63ed0284d3082002ede5d
SHA256 9b7cc1bd4f7504d203e21b47d80dd76a4e5ce459a12d3fc6b3340adf5936d9e0
SHA512 dc46dc9bb846c96453f47da95ff8a20bf38f7ef218b897e9e2aa23153389e912249c4c708f4f53fbddc192d1a154c75ef0f175573b8de4366f1f54efc842dccc

C:\Program Files\AVG\Antivirus\x86\dll_loader.dll

MD5 9fd34c157fcb539cc981f8a56bfed9de
SHA1 f78578e47fd942d3444d916b614356268b51216c
SHA256 de99cecff9eb040cc26d078a4184123aa2a9b5bf1512a4f85f206ac82213ec4b
SHA512 6db0605b1ce6000e65b9aac27493ad45475ac537c94d17257afbbe4d222deb2f58b5fbed50945151ddcbdecc92614b619e830ddd8ee2b1cce04c8bc1399e1a4a

C:\Program Files\AVG\Antivirus\x86\ashShell.dll

MD5 a5a967f866de44062133d52b6f17e13a
SHA1 4fba115435b4e2d475f6a444e0fb7c39b8d09415
SHA256 d5ea1720d652db6793fa28c62381352a6b22ac78eb8949f79a78d32e8eae1224
SHA512 846d80cfb105d1765077c43869e295fcbb72f9018b3957ff78baba5c22163c4642213273cbd96afc4c15d906dfa01eb2809a37e9d9e72a293f404d381604df36

C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll

MD5 6132ed3dca37c996a165901b94fbdf28
SHA1 bbb8014556f584bf5b2e20b5bde56413bf781837
SHA256 6f6e34dba095a2159937fe266b9d1cdbf0e02f89beeffb494274e4ea012bb6bc
SHA512 ee9951d04ee9b871dde74f668cdf6ea67e5715c9e8e20f5db95d508d5d56e136a3397030c298af749b6522ff4d24ef10e85f44e62e1d530071a6f1a4a8a3fea5

C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll

MD5 48767f47183430bc8a766c0a42fd0ace
SHA1 7ea2e2d9e7fea8314f417fb32bc0fcf5b14110c4
SHA256 6d7f4743f99c252845455bb648eee23c81aec5ddf37e81a8b2a1c8eb557973ce
SHA512 90eb9c3432e88611ccd4306d944b86fc1432a6d936963dedda5d8fff1985dfe6727714d107a3ed400a6565669be49fc1138045b1d3843d440f19458632b1ca7c

C:\Program Files\AVG\Antivirus\x86\aswProperty.dll

MD5 5fd9b38c4905620efba08451acfccad6
SHA1 356977a59b60577f480a30bda7a20e546d8459c1
SHA256 e8701c867a5d7c23418540397cdeeb52de44d918ff8a833cc8ee02b55a3c2149
SHA512 cbd802cfbd0676346590b7a29134d99bceed0b23c3a3e2197220d8597069496c95252b3ead02a9596d096051e5db6948fc83ae5879dae0c98a8fa6de9fb82f1d

C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll

MD5 29042e26983b64e3529a705de8b62a63
SHA1 e848eb98dee3d78e467fa686238db5797077f7d2
SHA256 1ea8efe87962a33ef85a60ae98da76aa19068d9b3b759bca2259cffc97efe59d
SHA512 9056198a888686f4b474c37fa1361c0d9953612b788eabf0f38165e8b023f3f3396f686163c42ca030b1f8e0fd535c4c9872075382e14b1835085a003547dcd1

C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys

MD5 9ab0d3ffc699f57a48b71a2e3f8e8f02
SHA1 518cdc37397c95a8756813451aa230ca0f745920
SHA256 ba9254e3df94c7beade3dbcdf75c643a0ee7c4b5db380b5d06758c3065fafd73
SHA512 6a0c77943ad52078a2ed43139c3eeb394127cb7fa29b091b42f6fb1db78c1a9034fdf385d593524031d7e6060aa9c809f632df9d3ebfbb95164ff4ff860ea9ac

C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys

MD5 03dcd84ac908a38570bb1086e93250d0
SHA1 9de5a93aeff05ddab77a47db6227a4eb36f0dc66
SHA256 fdc14367f38175bad08cb974cd18415fb5bc172ba40e1abcfa4f7b084f9b7139
SHA512 39728827e09566c39e526df9206d66b5c70a01c40838e17dc02d07367a7586c020ed56fd3b61b33b2f4b01d4cb104b976be094867485721219208d4c1dbb25de

C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll

MD5 4a0b7932d254e15ffcb098f6dea23244
SHA1 caec3d2821d1f6cc7685fa2d88b584bf135d42ca
SHA256 ff182c009c666499ef0b2ee8745bf695b66f5aa1a4790d473ef56308a91f0694
SHA512 0856fd88c1d3bb75088b2f1c23719b4bcdc885053f1c885037ab0546ff8074a23d71ccc21cd4522bf5e9a0dc82f5ac57934bbeebc3b9525f6d1e295efbff69fb

C:\Program Files\AVG\Antivirus\1033\Boot.dll

MD5 0cf188737cd2f710929b99e493811471
SHA1 619c5127dda6685a97d63de09e85f96c86ff7e6e
SHA256 5c876055a8df893985d19d4353b478dad38f5f7aba72db63d48267cd35274913
SHA512 37ea59a6c4a1cc2ad56c57d67cbe0da55403374894a7a59de098c82c5446ff844986cc78df52ca14faf6a6d3ba1fc2b68a22f0d11cda534df522a23da239b6de

C:\Program Files\AVG\Antivirus\1033\Base.dll

MD5 79334c2b577f16b5a2958db7f0c2a79d
SHA1 0030cdb0e22411476f52902111c03fdc703f9ee4
SHA256 2741d0aa90871afede3a42668af42d4111fe749eef8a11f8074cf362a3758dbb
SHA512 fef3f0f9de445804a20cd53d8d9797caebf80b27ecdc2dd1dae8b785d200bc15bb0b9a2859041c6e4bd0e6bdb092d7c979aa8e23021b168f9d5dd99f298c2c26

C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt

MD5 20511513a692ace563587fd8119f022e
SHA1 a3a058154b7f3370ab07026bdf9c61d0487663f0
SHA256 f0215ceabc6e0fa003e8079879956603c35466b7e5d998cc84789ade5cfb9119
SHA512 189efac592953ec4fd30263613e67abb7412ef11ac3a5802bc8f27b01a24e593493700226f012d43999e9f53e43623a209d230741327021946d8e79d62db2b7a

C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm

MD5 7db7dbd7815bebd69c5005b16f191731
SHA1 94d9ca774f6e0c153666e7179bedddc1d0771d3b
SHA256 14d52b2db6114ec914d5a43b0d8dc285911da75044b19909c914af874ee54a90
SHA512 ff6052349bdc78d96aa1491d8ea8c764e53c9ef02ea1f2a446d90c153ff9f921fd301afe83a6f5c65fa03eee23a76c7a0cab72f73e41b5bfdced0ca2ea6adcfc

C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt

MD5 f27e56279b0de10cf9330dd15c36f997
SHA1 3aae430d7f3248afe29a4e70919570005bc4743a
SHA256 f49a2735886ec0a1199973160b88ac88dee576588f4c0a211ed5ebf44c566067
SHA512 bbd01eae02dacd6452a1edb191d1aaf00f2009789676cedbb5e50d39627ad7d86176763294c63c48a8e84bb77074363c5855aa42c4e601584748318751f6b7cc

C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm

MD5 4ebf04faf20dff03f5d62d5af5f32151
SHA1 7088e12344219071c118ddc11415c7a8643e52da
SHA256 c27d162c8c40c816e09a3a0093e7fcf30df436e3266065633450595ba156ed53
SHA512 b784cdcc2ec75da2faf00ccafc211cb3fc874f085000bdb6bbd2e05fb1d11dd966cb04e5a1c8f4c91b0720e3caa7a8a82c753c87546005a969d27ece581af163

C:\Program Files\AVG\Antivirus\asulaunch.exe

MD5 ba2e7ff498c60cb81284c27c0dbe74a9
SHA1 4e584c42a217cfe09c79fc7acfa5d25cc3a9d5e8
SHA256 7b3f36ffc24eb8196064f37145d5c4ffcd4f0e0853e97f7d0bb9db8d58d4da95
SHA512 517fa6c62fe30a2aeb3d7ae70bf94d77c1c9ec1aff124afab540cb3cce51bf0e977d5a84f110ef8ca5ffe2caf3dc2cfcbe693ed874d17be08720b33c62ba81c7

C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys

MD5 46b040e581b06027be9debd3e370f10a
SHA1 18c0214c6a110d1ca0e81c7beb25093ee12f7731
SHA256 245e1931b7801104d78ac3771543a7a283d2c179a5a5468adb7b54d74c640055
SHA512 4c03b544612195b3bde552aa1eb7aedeafdf3d0adac26f05bf27cfa50d3771889850354f3bacd3689f1eb37cc58c7add7000110456817fa099ae17f7ba302316

C:\Program Files\AVG\Antivirus\snxhk.dll

MD5 237c41ed54bee126accd06c6967be0df
SHA1 82f649f23c84398667830603a08f15a5ce19b27d
SHA256 5c4abbeddd36da46ab78c4ea5ab92a4e186941d534f65463051d79a8f86c5e46
SHA512 ce0fde17e585f566f0a54a018502cef199840870774bfcd0b0f094dae6a864dc831cc5a46392db282317e361177d6b34f2f0b274d9c4c49fb1dcc7f12de3583e

C:\ProgramData\AVG\Antivirus\snx_gconfig.xml

MD5 db89473157a2109d2cc065b9c62acd27
SHA1 d903a0ed7c5aa5a686c883a597894657a8c0beb9
SHA256 2b8d115e38b1ac4ea4fe0ea24006e4e2d7e6429f469b4ff0f1ea45fee4e7e8d6
SHA512 41486f90632e52127358b7a6046b347d47ffbdd62970ed67980b56c247f68ece4d7d0250e19c28c7045ab3d4c9d7db40e1aeaf2a4ab33d6ae4b591f05ebe3d3b

C:\Program Files\AVG\Antivirus\x86\snxhk.dll

MD5 717abc57a53ad7cbf977e6e198f1add6
SHA1 6ebefbbc88299db2988c201aefdbb44633529fb1
SHA256 2c7b420cd78ab2b584340ba0be15b6204e6e64b6390ed58ab3bdeed4189eaa09
SHA512 b06ce49dfb22e3ec89495d009e1e3cc4358ae2ae63d0df84b75534c44f434e492b4e79900ecc01f64df5b03b01106cd2bb90fcbd0f0ff5e4be9cf69b5f4e0ac7

C:\Program Files\AVG\Antivirus\shred.exe

MD5 52f97720db2574850126b5fa5f469e48
SHA1 1c3f9bd3e4fbc9f6a3d50c9a5359d5c218bd15a5
SHA256 26350a4bede1ccad14fcb4851fb0be7bf5f93309cbe04a48d0d9dcf202912662
SHA512 bd9a4d185205412784bce2cff41a1f3e3835a210c4075c24cb4b261b0a7586199df1dd2364bce5e76a6573d1ff8036eccd679beed5e27e9ecb6ad2d838b14b8a

C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll

MD5 2242fcc9038b6751388ea5c3d3fe7c4d
SHA1 7bee974f4573d2e718e6b3274b59b054ed89d847
SHA256 bf6ddc8da511cb35e7390d35072db0c4a1d1d4504adc1d669482d0f826831646
SHA512 fe9c31bdb5a029268bcadfc260408bf39565ed7c20957ef5ee87c8b094f80757038e2a4ac6654fbbea0e1bc68ed576fd94d2697d1811d5d6dc96f1cdda80f8d2

C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll

MD5 6be3312340beb58df3c490f717ec4b36
SHA1 1e45f5d386260d8a232e7c990802db2c3c2fa233
SHA256 19bb793140d369fdc1e94e79aad0afe90a442eeaa4945b978232b86254b38642
SHA512 a1aa942bbfd3773f7ec1ce027f6f9a7296711bf27f96eb4a5398bd9fb510fe95ff9bd00f41d767b3982a2fd1bd1442368241e6e336c1249a030c31e6535d30e5

C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe

MD5 6cd22fbe5af12626bf8be5c927de5240
SHA1 fd69f462bfc9875ac13226be9999a70de53b2b9e
SHA256 2c8762921585ebf4f1f81fa1f69622cad0951bec36b1a29d447d66d6f37365e6
SHA512 f63516a1646fd557411be862da40227981a7da5af7f2704e54a0f4a5d458c6d62ca47d52b52a36bcde2a3c53f267f85905913996d65d5be6cb92f6bb9d3f1fa8

C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe

MD5 f7ac0aeb6171d85bcd0a31bbe9252bb4
SHA1 1d13984f9a575c5d09e933a043fa41ec83721ad8
SHA256 628dc4791b934c1cf29e32d11c00b51577155aa452bf41fad3521109ca15d0dc
SHA512 6cb9bf2a9d57043ee50b7c7a0a015a4a1a414ba70d114718b62fa6954c6f428e0c1f98426c7235fa9e78a726663643d2ebceceba9b80dccd85ba2ce56529d6be

C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll

MD5 39567859a0a06e38297083ac629a1710
SHA1 dc8be1f89e04eea6fc00da8faa908815834a21ed
SHA256 7054801ad0ef0bbf2b423736f465c3c0b9a8f86c855ddd25331401af66f074e7
SHA512 2424b35945f4ed52debe2363a04164e01c31bf6cf745912aa26e6fed38e4e58eaf6a593b575d663b102a1e12385ca1b15764254ae19abc2bd1649c5a3dfdbf21

C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe

MD5 9e8aeac76db6b4a6bca83837120f5e02
SHA1 004a161bb09c760de6ae7efd9be2ceb7a3f87149
SHA256 98d2dac0a560ab3a153303d4780c8c14f96428cfd320cd747a38c62651d36634
SHA512 f0e6c43ef136e217e717562ed3f5bc33335e1da1d86506f1384f4e7422102be4522bb055c80959d5a78bab956518c4bec781aa3ed5879d4f96d92337d8edff87

C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe

MD5 b4510087582c7d369a3a77357ed73bc6
SHA1 3d476cadbaa8a072f786ba1adbdedea227c34ff4
SHA256 464189ea3e6b20271fad7f943b4b2ca0d1b81aba05a6ae26f460659985a4733a
SHA512 dee075b1233a57ce894c1fa245300052c63e4a1dfa9f357547879e6bd3ae8720e82ff9a2bab02d77addc559606cbbb8c5b338d045ae0dccdbfc0bbac82374152

C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe

MD5 a821d77c999a05a2f7158773a3656bfe
SHA1 ddd8ece2d75ea0c97b095049a5c84eb120a6d959
SHA256 f72e934fc9e3a30ceaa1e35c086d28e13b1b9db464b5769531579f85bdeb6ff5
SHA512 8043096299d751d53c1acdc9a6e5a3c2712ffc92add1f950b67a4f0a675d2a68d2bb8aa72bb8afd0e9fd92a38a2a8e9c106b6fb672f40e954fc2cef278ee3d81

C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst

MD5 ec82d1081d31554e75d7e72b30d31d78
SHA1 ff5615640cda8cec9fb0ad3fb8a4e441bcc8e398
SHA256 0823905ce46355fe514ed547d5c639af39b2b3d28a5bcabd1846997c7a4208b7
SHA512 2f36323db92f1c1d4e3b8f18f8258830a6200bc7061eaaeadcd0a655e30276592376fa4c4f706f497d5fcd00a1e5c5649e20407d3860910a184ccbe4b36547b9

C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png

MD5 ead968e4266725709fc170ebd749f760
SHA1 bf99c488beaceff8ecf7734bf1a9fb481d3ec434
SHA256 5f0799aa26c5ee902f26875c02bf0ca3cc884e0a2722dfad89624659e03c4b9c
SHA512 cfa46409bf381e4c52e35c9f2369b9b4f377ec68c62609829992b9bd46e440c66643a8b457a98834336d1ce3c7828fbeb9c2ccb4b9ddfb75ad2b74d77702df6f

C:\Program Files\AVG\Antivirus\RescueDisk\background.png

MD5 d681f59276007a55650501ca31715f8e
SHA1 5156ede5ffbd33946dcc2b23b2c1d53e8e7bf702
SHA256 f800f6f5e01405b463ed0cf798029354c405fa54c0d8da59cdcf38a2ce9d73ab
SHA512 c1be5415b87fe1c97dd1315035034815c1cb4eb08f71c2e0e9141eae7628d25045829330207fe4cd745e3e42bdb77cff7db09cf0e2e982665b59a7493f026d6b

C:\Program Files\AVG\Antivirus\aswhook.dll

MD5 17192189de7f52e91137e17051336ada
SHA1 4915fd04e27d5f2cdd6953d55b03c598560e5610
SHA256 6d9e64a32a103f8063fd50ab5321fde2026b27b0d0b5e8d3983ca69206bea0d3
SHA512 add52fac45f97440b12c0b2fe54de4587fdfad7840984d2ca9641a016545ec5e0aefa441b8ce6ab2cd387f2e88be84f9e2404c31bf374d0fa3df86fdf2411611

C:\Program Files\AVG\Antivirus\aswidsagent.exe

MD5 05b1fb69331dfe6662ac32b6cde03767
SHA1 be84e65a7285666aafcfcbee512e211a208403e8
SHA256 268f0ddaa19b4ec6dc58afa1a24d25bbdf13189b4c837582fdcb3816f3b86c63
SHA512 8bae5cf931d2ef041bde79b4fb70b0b0b2008ee86325dbaaede230883f62914ecaba2d01deb09c08182b469df2d19d65715602a0d3691e93ec581882b6945f4c

C:\Program Files\AVG\Antivirus\aswidpm.dll

MD5 2cfdac04ce7de149a9fc7c69b7c0e7dc
SHA1 bc84abbdef2b6cd96a6b4c770291e7b5a6088552
SHA256 dff8ef275132db26e6dda69e333069c552cd52d08b8779f26fa3b7d576adcc68
SHA512 270c7a49c28c0e500d9264d22d5d746046e2b4ac1b223461e29555bf1687f46d2ef6e668c96ea6f9a6857fc64e4d651e859c8c7c61baf0c711ad1fc4d195a9eb

C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys

MD5 22029c32707438d7a4323ba3b4df913f
SHA1 274c88c28df76e8a04692c498d823d49a0c62a43
SHA256 a9a9f895264c22e73ed3927559fa98e2f9b4a298c5ff8596e4e97e508317d2a4
SHA512 3b6183a1faf0a7b8e549227495ce8b95888ec268b9156e7959c72fa84f97b88e0107a5909ebed49f144265cba6b15e287fbaa0caf2f2a1e7473433745e746287

C:\Program Files\AVG\Antivirus\x86\aswhook.dll

MD5 547960ac06c1d60c8f5c40b07ffe3e24
SHA1 1fc500698905e0b471fdfe3fc2a4e66804aee310
SHA256 c55d10bfcb12d78eb0bcfdddcdf01477ca2cb4f631e6ebb9c7f135f903557ee3
SHA512 21f6e6d6a8eb392bb00b709b2013e84bc9fe432dd0855e45349b5fbbec790228ac4c376c418831262df14cb2ba52312c621e4dbcd92bf7de6a61db3a6271a873

C:\Program Files\AVG\Antivirus\hns_tools.dll

MD5 adb59748749a874b7264caaede568d51
SHA1 4aeaadff0e180b79579d96e65e408ad2a3584f6e
SHA256 01ae398f1b462c91502a47154a90e14f9661f05d35f2b56c372b3d85f8a7f378
SHA512 68a3d916ded8479cb6ab417a031f170df59a922a106b9a826f7ee7ae2bbf655392a68b201bd401df645ec5dcefd782813226c44e26379b685781b3d812f4b188

C:\Program Files\AVG\Antivirus\dnd_helper.dll

MD5 4c4093d7a1f245f5c91ab60b1adc7eed
SHA1 caf3223f429ca86f4031234e12d4ea052f921220
SHA256 e303342996fdf1072b30a843ae34223517e17bd7ad571a88469a5ac7ae5c8ae0
SHA512 71448831d4fec8c9b7585642a825e7a4a8becb040499df114a918e1ef3f89b7926976f7069b3c8ba6015a4efa44832654454d5c1fb95f89187ba1ead6ccd45ad

C:\Program Files\AVG\Antivirus\gaming_hook.exe

MD5 8fee492672f023518802b168a52ce60a
SHA1 de7687240d89ce14836d7fbb7004eca71fab20f2
SHA256 016c35c22d5166eddd69963f9ebfac0c5fb370e6ea89bcb990948df8f377daac
SHA512 15531d39e6ce001265868a780744808320a27e793e9686c93d8f589c872b5f2186340444c55ebadf841571b3555c30e670f5f713efb86ba538979571ea58d9ce

C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat.ver

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat

MD5 1527c1fd5da898c3bdb68b8a105937a4
SHA1 d0f9fd4a698f91f54f78dd2043c1349a7e4ae7f3
SHA256 c269c9e66b2acdace62e8ab631f39c24801c4644193bb3934a8dea3c43f669df
SHA512 d574498392a55b47dc81276d63a33e9870232e77f60ac0d78c9bd29e3d419d015a19241e86a7963191643f6c0d0fd2db613ca5290d559c3801358a60fd5cd27b

C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ver

MD5 9bf31c7ff062936a96d3c8bd1f8f2ff3
SHA1 f1abd670358e036c31296e66b3b66c382ac00812
SHA256 e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb
SHA512 9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat

MD5 0bd42763975dc54ad5efdcd321c750cb
SHA1 24202455a58c7ced31240a90603c6489728bbfce
SHA256 4845a0d7b287399933536c12ad5549fa4f4d49f42500c7311dc2c3c108480a7c
SHA512 9204678ddef894657c0f6bd5451294e104ffdea90dae12fc3f642547debb80435b0cc9d08680f50482bc1236daf5ae1cd79c322eadcde7765e9e251231753e79

C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe

MD5 e6f40714b11d58ed0e8903ca723893c5
SHA1 67573d4f21efbf25f48d527f55a715eacde8c1dd
SHA256 a0d99b06be395dda45dbbf51ad88cae6cec1d11a36ad51d11064c022112aed8c
SHA512 a7a8ef4605b04b014c67536d530c5bcaecf655e44d19e2b9e59f8b604c9b2db0ab03f688c4575fb1572e20e341b20bb62439e1ae3ed6bc016d861503bf21750f

C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll

MD5 75d09de53073ee10aa792289531759f9
SHA1 1c0ab0d0ffdc1556b5a69a862e3d6d0cd221717f
SHA256 884f101780bbc40dbd8888c505ac8352ae82e64defc1e2d4a50286732aff1ce9
SHA512 759d39cf57214a339aa59d5256bc987200ec996daf9823926e1f0b596a530d1b105e7b8d141a9a1e2dc265fa35b93313c9ef151fcc20c26a0cf305673ef12c5e

C:\Program Files\AVG\Antivirus\afwServ.exe

MD5 cbe3f161e591625f558f0da08512739b
SHA1 cd134004d8a83b7e5f9cab4854e54ace8b9d9dce
SHA256 d9f24b58300440a1ff7f9493c53b78c0c7f49933ab6745d50c3eebe9cd08f400
SHA512 ea36ab6ea28cb95253599db4826f43d2819aeb960d2e240ddf7135a2973a7e4bef5c2053de49d83f9318d5f501190bf94ee5b31c71de904a7ffcd3d051fc5afa

C:\Program Files\AVG\Antivirus\afwRpc.dll

MD5 fc188d2767d9dae22f7d5df3a231dabb
SHA1 18fa47c2baa309e37c0ae0bd1b8d53472192e1fc
SHA256 6a103e0e780b1a58c93bb92e5bfc94789d90267acb2f94d1bf23e89ada4a4a74
SHA512 5f1977dc6a118a31572590ceaed647614a29c3d0e09049f3598eabb2dd373697e4a22d924cecb1e6d63d7871c1abad20d0b9911239f5bd56718c10dedb7605b0

C:\Program Files\AVG\Antivirus\afwCoreClient.dll

MD5 11fdeb3fcd7645fe983613beeb10d16e
SHA1 f566f2be21cd2b43c8ee95f4283377219e57f5f1
SHA256 cd30f9cfc98b63b0ef500a8ad17b9d398b88acabc80d9430d2d44eba48c6793f
SHA512 74eba7d7dc5de1395bd9e00e181c62f9519d9ef025d73fd7e9a159c720c4ecb0b20b2b089c0b2c6c537cb12cbce5ef330f912538fa6c50fb0e09c9e61436483d

C:\ProgramData\AVG\Antivirus\fw\templates.xml.ipending.901b3990

MD5 8a30b27740546e1450bc36d66d5c229d
SHA1 80018e8c66a14aae7c014f5fcd2435419917b7fe
SHA256 425012b48ec1638d0f3f29060ea475a37152994c841c47dc0244063dba2ef254
SHA512 0053420ec01554849abff44b53265b8176223826d43046f377e8ee7ea42ec0e0295bc1f0c1774e34e223d7c976e6cb9695f9986c70ad93b8673473705749e13b

C:\ProgramData\AVG\Antivirus\fw\ports.xml.ipending.901b3990

MD5 b27bb54e1fce83e05eb13c960c19b357
SHA1 5b7931054732cc7cea414b90cb37aa329122d7a7
SHA256 6c26bf93abfd6f2878b608f6169e46be2365644e9de78c0b9e3177f3d0aff0af
SHA512 82a5f72ebe55e79a6cdd7449aede0945db9734146c4b6d08249bc31010393bdbeb65de861e6cf24168dd25519db7d55498e34eb3c85c6bc5a1f707e2a0149e90

C:\ProgramData\AVG\Antivirus\fw\networks.xml.ipending.901b3990

MD5 75128eadc720b56babb24ac629172155
SHA1 83bc1da43e4f51326713e43a44625987507b4467
SHA256 130a4428ee45f3a17252aa797cfaa35d8e71070dcccbc6059b31eaa087c5f5f8
SHA512 da45704247caf68c7deb59f587f392eb431a1ad89a653b78b7d6af286f6c6af7676575fcbc310679e4043040038f5ca3e0ef0167f6f6aa199bd4007291a39c57

C:\ProgramData\AVG\Antivirus\fw\macaddr.db.ipending.901b3990

MD5 4d0a40f5714712c5f1175769a93666ac
SHA1 2c57f1bdebe1bea9ccfa06bf42c967154d35dd41
SHA256 397c21a562d5824dd87e2c34a60f2b3e8b678d52a7bc7297ba5828e4d7b9cf4b
SHA512 953ead668e3f48e820209674dd894a1fc6482bc53d3143ddd45a37ebf416982f126825eeb7f8a9f43644d53c2c47b420f95c95289427765ab14b28ec476f1e89

C:\ProgramData\AVG\Antivirus\fw\config.xml.ipending.901b3990

MD5 60424032333d4723d7f4ff7543a7aa76
SHA1 1fa9fa26b21439adcd5258727f9cd0b954d0f5a1
SHA256 be79affc10f1d93f9ae438c6320feed7846bcb0950cd32e8a564eeb59203b6ea
SHA512 859a800dfd2de9f0bc0f5e81a8f0ab80eefcb56fe0a9e634ab8cd13881ffd26e13448529d9a0d096a61d5f1e410eead06dac75a91b09faf7f692d8884a41456c

C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe

MD5 629346de556b180d84045cf9dce54c9e
SHA1 6eb2ff1db2c3b10fe34e3be0890e020f32be814d
SHA256 fa92e51a7beda4c56a1efabe443c42d07a2af97445e441410d40eb68470fd0b2
SHA512 cc93f043efb5c2cedd90ef1658fd5a64b771ba964ad56116f11f25f2b8fe0b8b0387d95c6acd708dc9875b6d26a360608f8d6c030207c650d195730bd36bff44

C:\Program Files\AVG\Antivirus\su_worker.exe

MD5 987950158ce5e328ddcb8c765e5aab26
SHA1 94d95fa6e1ffb57b39b86bccbdc3598c055b071e
SHA256 2a8b62ee24f86ce599287612b59da657a7ae4cb60e6a04c5be142c801433f616
SHA512 9c7bfa90b0fb9d3c13707bbafb42baf4baa9b389a347d8262275d0fa390a29ee296ab250c2b7bb4322070438ee0c81b15956671be97813d0f87ebd2ea3b3352d

C:\Program Files\AVG\Antivirus\su_controller.dll

MD5 57a667ed9606a1af4b2d94a681386eb9
SHA1 96ff515ab664bd92b8bcf60a271b37e117ac3230
SHA256 4d298a1ee2b77fc18e31f01ff973e6f3581b0892f406068cca9841e9b81c6079
SHA512 9b226356948a7268bfb21ecf9fd8028d231aba520420d99c18a3d697db34a4599b4264fa013de3e85ab58907b58c9e1de9892e350dab80aebaeeae88e1706b3c

C:\Program Files\AVG\Antivirus\su_common.dll

MD5 bf35aeaaf4673e4c1a9d710d3a6db913
SHA1 f30666dcdf0c2fb4d0d1925e3d566e8cd6ddca42
SHA256 8f9878770d47dbc6643c35a140a59f3f0b7720e97a2afc1e236021ee7b06382f
SHA512 f1327a2cb6a27a12d0ba0ad50af37a0ecbaaeed5fdb486fa43238c3f5ed0c4221ead8378e91037e5932a5488c131ce0d65e06706d079791988b29c584fe070ea

C:\Program Files\AVG\Antivirus\su_adapter.dll

MD5 3d43bb833ecbefb259db8b7dbde899db
SHA1 f0b04bd2fbc1b4e1a4e28bc88a5cfbd1dd58cfab
SHA256 846087e49aeff91336129ebe287af8bd8799cbffff01b64e2eacbfbfcbde7ae3
SHA512 4661c50181ed1bfee0693c49c5ebe4a9853ba1822c8c75de9069a629682aad3fae4e1f168339a417b0072caed3b546eca1d233ad0247f86895e0f915dd8eef5f

C:\Program Files\AVG\Antivirus\libwavmodapi.dll

MD5 20de2b0cf46b6444c9f737716b405ede
SHA1 1447375fe270ce8d373ca6c3cca7640cafcf5e07
SHA256 9ed8d1eda604626976cdab7630026d6e8a99251bef76df603f7756e9cae9522e
SHA512 fb571bb9f5964c7ce2fbb8dde900efe3d7b98427b51a731d1d8c29293298342d261a44e896259cfca0397b577eb1f83ea3f0012d20178133251d292083ffd0ef

C:\Program Files\AVG\Antivirus\libwautils.dll

MD5 d2f751eb184cc4f4def9373d6c6c38dc
SHA1 d596d8417e527cac09ad8a3b199450d2de8f96db
SHA256 79ac971f89fde28abfe39ecd019c28ad4efe01ab74b2318bbf22d4eee98064b2
SHA512 f3fd3a752034db9fb749502339bb9da1cba3ebc1c5e492b42b5f532ef7ea79fc7591751eb960748e1bbe89e3e482cdb2d456ada7e3411ecdbfdbe84c1555d673

C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe

MD5 2f94f054cbba4a4b4bd21a3743f083ae
SHA1 77f4b735acbe38c9484d6abedf813c9acf35578e
SHA256 459521b4999a09c02410943fa634eed4ff3620e4ed84aaab992195ea53195606
SHA512 f658dd515a464c9437d7fe6dd435ca77626bb9845f96812c66c10a72fab8dcf72cff38b71e76d94023646804473134dc0978ce0117c0b2722da992255a841580

C:\Program Files\AVG\Antivirus\libwalocal.dll

MD5 276e204111de9122753f6428456b44cf
SHA1 f238934c46e04de8c067e2566e1386ed7a7c0ec8
SHA256 62d33fdbb21b8a73468f3621c21e3a563d9c925e049de9eb9511c2e86f81819a
SHA512 be18a0556f5894a91424ad866b41fd6c0e5ece7251625beefdab5439bdf9d0a511a9d943dbee0cfd5218e32ac844164d40017613b414f2962ef49dfc55e844c5

C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll

MD5 cc605307b564316cfa494f7bf2b7332a
SHA1 b41733f02e20a3d68117d51a4ac2d80ce39b7928
SHA256 b8ff91e668ef579c2bad4e4424bee306261b225e9dcca3a43df5b57acb47a0dd
SHA512 ff3d602db1c4f97edf70928aa2ddc8438d305031e0ca2b2f34da905eee0d574e3a8dbcb907a7fce276053caf56eadcbe10976dc7ed704c2db04342779fa0ca37

C:\Program Files\AVG\Antivirus\libwaheap.dll

MD5 89596627664198f4e7305c5e3a48b66d
SHA1 03075d336e645d74781119aab7bceed48cfc055a
SHA256 adefe1dbbb2772deb5b4f1589b7918bd664c56288a0ce0aa600b6f9a0507ecf9
SHA512 f51b9ef7ed1d49f3bc93e162a063ac98a9f0fc22dfd1e440f4fd3c08942035c88b759929e390c6c744c047dfbd3a241c68b4de2dfab1677cc03cd00ed652e4e4

C:\Program Files\AVG\Antivirus\libwaapi.dll

MD5 a1da5eca2083a2236cd67054409f9726
SHA1 1caad745fd0b5208ff3e5a01fc03428bb9bba977
SHA256 ee65f1c31daa969baf1ca06bd06792ae83f360dd97aa264de03e4d5ab4b2d1db
SHA512 0f76b4e802a010e12ec1290c222b0d78833e41230ce1a7cd2ee21d181c33f5f183b9df78371a87506ce3bd97b157207f31f40e0e935de6e3128d7424cb19d077

C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

MD5 d3e41736fec68c39993cfcf59ff0bf6d
SHA1 81830bb5511d4fe4404d650b51a8d0155d8e59be
SHA256 4e6c3cf4e4053fabc2af13226be7bb72af54e2b131f32b6938753cbb834d2d43
SHA512 5b82a26468da8b182504885751c457a31f645cdb4712024e9eb2a0425def4e2ad3113a613e4f439cfcc34e869a05df9bbbc1441ab1f460fedb83ad10b0477932

C:\ProgramData\AVG\Icarus\avg-av-vps\icarus.ini

MD5 3c28e285db12f32a88606f5c0a8c424a
SHA1 3112cba6bb525549022aa28bcf55952e168e4f93
SHA256 226bf72377b3d4a1046984c2ec7ddc12d073c43d48e37448cd5d4d5d5d2aabc7
SHA512 35d923ee1093f3c3090e9baa48464d8866c22d116ac92f0823ef7e98c6409330b06140c1d2b1fb51572ce187f23bb3e9fdca49528b1f0678f4aac413a0df5b7a

C:\Program Files\Microvirt\MEmu\config.ini.lY3704

MD5 82ad88a19a8999cc4317342a0f8a1f15
SHA1 04dcff031f05c916385625391030d1738e8d9f8b
SHA256 551676c8a63b7ad2efe22da5b444d4937a61b78657b38db80d66a5494b7eb39d
SHA512 d0596ab960bfa1ede27fc98ddc4b0147b6838b9ae861e541b445bc82d793e3a1aa64766d9bcb333dde58945553233ed102799b0d6fd61fc9d45cfd9ca84a49e7

C:\Program Files\Microvirt\MEmu\config.ini

MD5 a61b1cdc51458fbfd82841a86dd1e2b2
SHA1 1320fb63d7ae0d194beba59429fae1c26fd5f5e1
SHA256 5fa515ed35ed4bb6a0de7068f49c94bc83b3ca4d904f1313a42319b9da4841e1
SHA512 76f8a44781985a8d72f29e371182071ca0fbc72dd63ab0f8aeeaf3f1282ed213f094c2821907e71f3a309e14948c9092ac2b38e337f90e02261f9dfb10389b59

C:\Program Files\Microvirt\MEmu\config.ini

MD5 69a806f54f5dfcebe8fc709e48253ef0
SHA1 ac0db0888c3839c43eefcef9d1e8859e5bad9ff1
SHA256 b506c1f9fbca6b099499a1d4fe9e63ac12bba0be81bc275ba8c39d9a3b8b1059
SHA512 a04f6b3921624769aee12f08478bbb49b1bbe8d7040cd391bbae88968cb9f455d4d59109a8d91edeebc34c527afbb3cffdea3c74739201b4ba17a4a98575043a

C:\Program Files\Microvirt\MEmu\config.ini

MD5 94390efc0aae945bd08ff875ed1e4b33
SHA1 19d33e478ac79c8ce88b0366b8888716541c98f5
SHA256 1ceb2a5b699f06a54a38098abe71f54f831e0092855ee5e14ad62dd96359a752
SHA512 3ae1249f99c944f92ce2ad0261942b24d0be0bd471d39b6a46e464f5fd1e9be4cb4a58368ac02fe6c5cb41eb43e5024075875b18c2fe9fb2c039b641bab4557b

C:\Program Files\Microvirt\MEmu\config.ini

MD5 920a8aa947c18a604eaaf081b34634ff
SHA1 9fb89b09272f13606e548c84aed4fd798ea8ea5c
SHA256 57bcd5841c8279327cf18f422724980b5d97d8c195f0d1f657243048d923c20c
SHA512 e13ff5d7f45e250f4d6c75793817e7c8ceb581e54472640d611ac0e791708188f2c53e023fc728054ab6a4bfe440f40b03037b4d77b8aaa354e24556f3fb97a9

C:\Program Files\Microvirt\MEmu\config.ini

MD5 35901c5ba632de4c2adad14f7a3d8152
SHA1 63f06018857dc30209cca63de01c3b886ac4f4cd
SHA256 654e8bbc07ea2e1681f21e910dece58ef13678455b8e90bec5d81e09f11a1256
SHA512 ec604226f35aa5570caba147793a697c30079606a0426fd1c9ffc896a2246b9804cf2a48eab91589496d0bb7757ae5243466a1fc8fa5e39b0e42b2447c101757

C:\Program Files\Microvirt\MEmu\config.ini.lock

MD5 cb3249d323c9dbae564651c31bde9556
SHA1 18aefd25055c10b4b7dfb1b87644b551e0834ffc
SHA256 2201480111f9a47d63465b43cdda796a10b68a21b76e828119c4ae67f19d0a78
SHA512 ac9f19a10041c5bc9ec03d74aed955b039bf61abf0b6412f45455ae83c802eb5712ba6bdf5426bfcbc512a7811ef6437d47c6e00c1529111dd2050bfcc9928e0

C:\Program Files\Microvirt\MEmu\config.ini

MD5 3015b6558f8374e0ae7c598d03653805
SHA1 796d17e424d90b96b6e9f4104eb7eada0e32ad2b
SHA256 8d816206657c89ac51bbbcdbdc47a5b0dc7c95d879942ef27a5c2f6d7fd9225c
SHA512 f9567a9c7e8ea18097421366f936ce85bf1f0a4ce8b0323ec9e9aaa1afe67c15b7b5d82ef1bcfdd64988d95437ef4ebde78bb9d6e717c19ace468417dd1c2550

C:\Program Files\Microvirt\MEmu\config.ini

MD5 cef79a18768e14b85dab6ec7fc3fac35
SHA1 8ccb7b8a0ccca758c7f8c26fab3032f75c4391f5
SHA256 140bf719b6486718f3ce98021e2140e17f1c4057c7d547db4643a0dc33fd51ab
SHA512 3dcb845055d18a9f415c96d749a52f964b21881951118c8bd9b49bda7ae94222a371883fe1fcf2142228ad886348a014135ed3cef82480807252490e2b355a05

C:\Users\Admin\.MemuHyperv\MemuHyperv.xml

MD5 8bb8a56f4a49b84aff77a9ba92589d9d
SHA1 6b8c3b265748b0ddd9248326fd8ea20fce812634
SHA256 2860e6e5c314fcea9b0fe060dc3905ff4c6d9cb46e9e4f77a64049f1f0476518
SHA512 44c7caa155f1156d606797a7a79813749470fa2210e37f34cf15007df58c3100e4e1d465bdab096ad975df0e07d89422a0bdc020962201fda8a3293c387f6ff3

C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu\MEmu.memu

MD5 5cd164baf02516466c7c45d2e941687f
SHA1 a3e58144ebe4ddd57e7dbac8d1ef04d320e5f5e7
SHA256 a391b296744d986689b5a0c92755f04dfddc0a62eaae21ca17e7aa733d6619bc
SHA512 ea4722b2eec6410e4189837bea623124ab3f4f86fcb8bff8f12734ba0b429b575b22cdb4b85bdcdaa8de257c040fbc322e18e07ceec30dee3d787074039cf294

C:\Users\Admin\.MemuHyperv\MemuHyperv.xml

MD5 f22f04d1493099da79f136713ce1eb0c
SHA1 ccece69deb957d1938c0c9947e96a3c7216df90e
SHA256 ff0371e0d86c8a1930ab9db2404c9e3f840d923c792de68356653ad7d8a75be0
SHA512 9ebbcdf993688b69377e825ed8e9c41e00fce62d88dd9ddf526b395c6351c971cf0c39cef8f41eb58b0c75fa5996a572bed23bf126a0b7642a23e7f7297e29a6

C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu\MEmu.memu

MD5 8e7e4d17b89cf86da582195dbe29a8b0
SHA1 603509dddb38d1d1c45cf869571f82534462ae12
SHA256 44798d381f11df989306a9722e6aeff61e96c0d7d7b930957026d4239121660c
SHA512 77b1a34e87ec6601ad4080946b731e23d4bf003778785fa27883896925e33296be8b076a201454115d6c47034141878088512ceb7d98350e3685965ac92f31f0

C:\Program Files\Microvirt\MEmu\config.ini.lock

MD5 5da028e7b7c8cb643a079090e879c25f
SHA1 7463657e989aac42fe4a790d017b215de1349e85
SHA256 75b710c4ecd0193d63193af947c7f025505a747abc6e3b0da15699ac8297100a
SHA512 f51e69b6fbb4e5f2497aa623ce65651e9ac45a89affccfdea27b6d6800a2b35d54b0820109917e985853fd42355ba8889207929ff05bb2bbf02374f9e30d7e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 1546071385820916333ecf6e9f1a6c9c
SHA1 e40fe51bbf731d2f791b20b3755fccf391f348e7
SHA256 99ab7bf54771779dbf4906d24ec0221ac983865c298a0670d93e8515e4eb0ed4
SHA512 be5cfe8dda4fc26b8f0891d256b7bc0327106394bdb2018095db8aea05f940b5d4184a5a78a7462e45475728034fb23e94be4bef3569f7074f1014d6b65fa0de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 1ced9f353ca3bfee605f78a8e643675a
SHA1 62a6deaf438b5524d1db32e4f851aa0b67bf9520
SHA256 d6a992c7c242b1276bc64dfe973b642c3a54de60e8412639d54aa4ab3cd04191
SHA512 a39c0506d7a4b261af1af5ff336e06f836212a02b9e0914bd03eeea58d3f442bdeffa008d68afb6985e810d2151ad2fb873b509ae4baf269b507e8806d1be9a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 56cf88a250e483d0b17bd6b3a5cf245d
SHA1 7ee18462db98275a742167c02a7bcb9b9cd9ed56
SHA256 287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a
SHA512 23ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 48d1c18e85fcfea27ea3cc03af096856
SHA1 8ef1ad9c6117ca85f4c6fade480b7a046a26cf65
SHA256 d197821560bb140fad520ef7939c2210ab062fbdc78890c52be2b90412b033a3
SHA512 5b900d8eb0f0a185cd637ee16bea8e3458a53f5b300e1133d8274962f596036d90546aedac9044fd4ed9a646db5ff4fb6e255d328998b3c4cc9f32ed5b475848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

MD5 69bb229618ff9eb73f1445da9342cae9
SHA1 e4ffbd77ab5c7e1dad8efaa364275405790f457f
SHA256 3709a34e206c92eb245b3e51a37c109b5ad132ce1bac5563531a7b55916f5195
SHA512 1948b7bd4c850bee4a354e534fc082d5e082a4ca194768393a852779b0f374cb6cb09efc1b8e66b06c0c3856046bf356f3d81f9efa948979add5bb30a8dec0d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8e65e0c6d712b49cb272b026a592cb2
SHA1 634cbdbb6d7b5ddf9e92440caceab599468b5805
SHA256 5f82e61daf4e41f36078a8644281e979ff33d9e691f18063a576391c00466a1a
SHA512 f89c18839f7f38b8a9f569e1517eebf6b14dd07af924e00e417f60904e46514e731e5497feaca58181483f2a3823a1e1ea2848da8eaee8d4bef4f841637d3501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16ed8978984a116c3071be0b3ca50c28
SHA1 63fea147aa7b3d4f0b5bd3c2ad84e22c15438ca1
SHA256 a54b3da8e89a7cadd9fab80d035988c0098a03ddd53173d664d3e8809bc1d547
SHA512 c9da04d2cffe764b07be33b76d74e3d3ccd551ae5e478ec4b5bfd18d93d87ea7a8eae25d03b91fcb7fe74d1e5d7113644c58e4444d63c39dc8e80290b269632c

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 69941d55ded0889d74a510e1ad9492b5
SHA1 9f1eaa84629ade1c24cda31d8065c69ba640f437
SHA256 41e0b9183d2d51620092e4039ce154328c7e2e1ce3a81df29e9d120cfcbadc23
SHA512 91657d943126d5a0892fd539e3eab9d595b6351727f5de132a9ae098987349661998740f4f5e9aa9165319431ca1dfbdd0c0cd057449d58839f6921abb1264b2

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 0e4e180c598a20974e2043bef15b870b
SHA1 7217102c131192eb6bb484bda30e1eaf6514767c
SHA256 d10b9e0da0b6b9aeb23a64f9a0da4dd8e743421aa221172cd093a86e7a13bd0c
SHA512 ecf7bf58d5938ba6be26ef770940635a9d1ff202e61beb889752723ac05ea98fe7cadb4b817a91c70a466f4954df3b0eec56dbac0e73ee716026d1aecff307af

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 8f6058cbc22672827dd9a26812dd5c76
SHA1 57cf49757a31d782de03ba3d0b1be89402de3894
SHA256 7391dbb84edf5447efe38309d8a26b6b891a34fcf34f481f81145122c567e3f2
SHA512 31ff50073935902499df147fc7295e335b58bc451ea4fcf9bf11667aa6ff3ddd63b8be061e60c5066b50a0e4195584abe82e16881af82d2e165a0dc4ed9bc816

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 191a0f59f70a0d1896f891bf0eeb91af
SHA1 6c124fa20c8132eca281243d815358dff8cba559
SHA256 0055848b293cdcaae9707a5d88c907d4a7088119d1538402781f51e1135ecaea
SHA512 ff2b50b3177da171e54557a3f62b747a1bfc0e54d1b0cb80a606934e61e1370347032117066995caa0eeb2eafc7a4a5a14eda742a53f1dbe33c55c4a6ffea4a7

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 429231113a5b016cdace49417f1ef08c
SHA1 00740244d0540d4cda592ddd4db8a2097b94bce7
SHA256 870f4b6b12425280e5ccf3612f7ad22d4ae7f439a572e430ca54df003a309b68
SHA512 8f4771e0dc62f4108f28e2d4711095316e77f7b94174e1f2b2b22285ebf0bb5fbb94543a914e04f81df5c9055764def7be883686a562cde1ed0cfec451c0a2ae

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 38150faaccb4d33d0b27bf1c438dd009
SHA1 e15436766b6d8096f00726169cfc218f16b02618
SHA256 a29462d7ca29f1dae42aa424da722e2e81a8913a50b55eff7eb207d196120bee
SHA512 fd37798597327b9f73372072eed4206f91620d55a299c3b12e820b32f854f0bddef0b942727f203e0b5bcc5123bb9005e090b98f30fafd83b0775d9f8467aa9e

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 e2628a2d2ff494de97eb2ddfe122200d
SHA1 ca8c1363558c0886cbf20e6416d168e87a1731e0
SHA256 1d292bd6c7c0773009e9c9b80a4ff4051f7c37676def11dd77640beb70df4a84
SHA512 16313162ee64bfd115ed3aaa43b1686d42c826435ca429c9ae34d3e8765aa6ee3e27f5b31a46e4107d3912d037fa42e329cb683053b66ac1eadb458c1ed19c6f

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 d2c53db53a6c0991d1cb232f7913c39e
SHA1 fdb0c35f77269d3e32233caaf9468c6474da534b
SHA256 949871fcc2a74ad1a507a1e80aff52012b3462134ce453891fb411cbbc5eb5fc
SHA512 ab64a724c050a1ff69a0da746a240aac9fb767071ae7b1d376fa800ae7633da76cc20e43c00446ba67d3b31d1e9c16c2d5062289f764d43563cba9541dcb7807

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 db7ce6eb5abea94719f5b1f502076197
SHA1 c836cefe6dd226ca936c02b4025254e0aaadc1d7
SHA256 10325ee91bd0e1112c284aa68eab11b00c714f93981c5b06088a169306858107
SHA512 ac9505985267496aad21e40da9989c71269c2142314507049d198408da97a2ca653d224919cef95558c5a5f40f23407e453ac3f7f575c5464165944cc07f4452

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1bbf9516d40dfe571c7f4c62e73eb90
SHA1 9ca2a23ba136cb13e003c4c44d908bef7afd9efc
SHA256 29e9c3afb2d0aca99816ac5984030f77463d2957bb413167079e81a02887b2c0
SHA512 ac544f6ad0da4df522feb05cbe468d12b789e70ee5ee9cb8ff30e4b108873df8153bd212e5c3a677210f69225fbc1643035a3d05812f92e8c4848c2ff7371288

C:\Program Files\AVG\AvVps\Sf2.dll

MD5 e82a0550d0869c7999ecd97b8956918d
SHA1 2bba1db7c3d5b401de5a506120df402d428e4ee9
SHA256 6a6f0f036a180634e18a5caea81f848a4dca35f889a107401bcfba1077d8100d
SHA512 f2a775de94d6367d3b6be4ae8a49e169519ad1b9c1ba56fa06c8c1af7126734d55b8dbb9c03b90c80a82f7c3fded383838568600d992eabe52be194117e5bee2

C:\Program Files\AVG\AvVps\aswEngin.dll

MD5 76a62d20410e8b95a6d155272b52c418
SHA1 2fe4bbbee15f4b01a8ce4505006b3bbb4fadb918
SHA256 089da20b53f8c380daa0c0c1353e92e6955f004625d1d8e8d2c512b2cf3e0a2d
SHA512 0d5aea66c30d13a79afdbc4a37b67442bf293bd2408738883ef2f396adc9a6612e406e3fd3422d8b638f4fe4c417e44a0ad6f4c9367948ff71bfff854fee2c67

C:\Program Files\AVG\AvVps\list_d.txt

MD5 dc98b3db8ace65d21d245fe6e6f24912
SHA1 22d97ee15ce7522479b991dbd3cc1ceccae1ca7f
SHA256 b531b93b13ea77b4c3d06837fcd0cb4f0784018ad123fc397b56993a1015ca53
SHA512 5a661bca956a1ca907cfcdf15c2ce462c49c120a2c20f4c6c4bba2cc3f3125d3d49fc3b0ac54145f788ad8d1bfda80b2a56aff70d0187f8eaf849942503b276f

C:\Program Files\AVG\AvVps\db_el.dat

MD5 af0b80fb8a97bd02b5af0fdc838bd05f
SHA1 c2587ede6f3fe3ffb62f7d2944e5ca8b900088dd
SHA256 232867c4cffd5d252960f7b8a87c084fde65ea9edbb377231202f8f060a6a53f
SHA512 3b7f32567b36240a271bb4d99815c9416c94bd9b1549e5f96dff8bc00546ba054f102f00cd6ba0fef23820afde46bdf68de11771dfab27e1b0262f748e064de4

C:\Program Files\AVG\AvVps\db_o7.nmp

MD5 4cda7bb093891882d73fc11f5b51fd5e
SHA1 92037edd04997292fbb8d40d32d0cb3251a68428
SHA256 743e5b04db92b88a9470aa7e3fd0696304baaa32c9f91193fa8d8241b13779d5
SHA512 4d6194c88c23a4b831331835e487916226f94577bc37b637e46083ac331113f04370a5bad9ed1ad6cb23a091876932992b50cc5a47a28d444256de956c741ccc

C:\Program Files\AVG\AvVps\engsup.exe

MD5 2d85667134e6cc82bbb33ddcf5eb47d3
SHA1 d8cfeb86f57004cd45d9cb332c2d4d0eb9b25ccf
SHA256 5cd8dc58f7486d88f60e1018b6f4bbf6d6b03524accb9fa70e4d50f0704828ed
SHA512 0c1005d1e539af20da258d3bdfde952e249d09dfdd07f17cdb173d603caac31e3267dff3e194c53cc77d194ec6d14b8ed659b04aa994a54721c4bdf6df9a092f

C:\ProgramData\AVG\Icarus\avg-av-vps\icarus.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\AVG\AvVps\db_cf.dat

MD5 81b2dc7bc1955412e248a875183587ea
SHA1 26cb4642275c250fe2b1570c8919c06130c1e06c
SHA256 18d9a2f00627b4904780d7cad598937dbb1cc3c2bff86a91128815ad311062fd
SHA512 790c4c27eb20caf95c809f23169f1a6b89fe8875153afd6736e81896f7503cdcb195e7f0295894ebf1c03418b93c823eba60cc4e7a82838f87efd8e552c8123c

C:\Program Files\AVG\AvVps\db_pay.dat

MD5 13cc2cc12b2752bf14d49188a1195da6
SHA1 8adca3a81e9a7748881d73f0d35a93f93fa0775f
SHA256 e24430528a9707173f08c5a2a4b327b7d790fca2fa44b7be58d8e3fb31d9d8f6
SHA512 baebfeef682a0f8cee62b5d3fd1af0c0aa64b9a93f07db8e2364cdd39efa424d5c49baaac66def8d137bc4c74c8b8cba0986b16466d75471ef9db6f2a9f76066

C:\Program Files\AVG\AvVps\gvma64.dat

MD5 2cc2d23049fcdb5eec40a682046e5e53
SHA1 17a424656203cc4806f59005841f96f9b4d2b21d
SHA256 bec097dd1efcbc2df3fea15587e40547487b2ca00bd821f79e1b9da37bfaeb91
SHA512 4ed4600c4943fd60f342934013590deb12d83420b53c73bcb76a8e1d3fc9579d7a76eebc36c421d714d874923cd637b557caec41d75b99adc069a69071143ae4

C:\Program Files\AVG\AvVps\db_agdx.dat

MD5 ec31008e738eb8b36da94dabaa2dc3bf
SHA1 ff9a10d2a5117fc2067b95eb061d4d7dec95b329
SHA256 c3897b5dd4f05623650d14fc1dea1dab1beb4cc648c094a832707b8f0cffc035
SHA512 941e40d58624a9742848895ea011e7aaaf85e2b7c4553df779cc040193003fde245c219609f7754aa927fb5311f82cc1a73aa5e732dbcb2da8b5adae9a1faf2e

C:\Program Files\AVG\AvVps\db_ext.dat

MD5 d9e702b0770fcde0e8972ef908f407c1
SHA1 1dd133a49bdbc660555e6b1817e7f32b86cea207
SHA256 80462d9f317d92d6a30859cc7dec5eee5f0831ae3314a6028ad75363e64dfeb0
SHA512 eb1beaba3e6acf231e24ed339b505ec9fcfd5391f5e79b2328f612212b01e281dd17538f74e9b2601dc157da57f07c963fac5549e6c23c92571d42f182ea886e

C:\Program Files\AVG\AvVps\db_qcr.dat

MD5 ee2c4db4c43b35af66b004f9840202f5
SHA1 63c47ace690172ca06cd7ed7eef9c5b494a053ad
SHA256 41c84c80cc3199942a9b5cb48f7c5422ce71dbf9d077fa68564aca6251dc149a
SHA512 10d94bae563c1c234232c5613a705bd1ec1e2a15978df7b9a0beb29374f4d376744b68ad7d228146202415db9ac31fc571321b2e3e2a35a2b566e710821bddaf

C:\Program Files\AVG\AvVps\db_sp.dat

MD5 e0d5307218bbc57e439b131118e73e9e
SHA1 2ee1957470c515547605cdb1e2533450c45b83e5
SHA256 5ee939871616970ccf35b492fdcd74ea5703a51af6ccfb602bf60d6e2566a478
SHA512 1149212928e720acb4ade31fc665e079e76c5ea5f8be0206f51a6fa9bf10dc678ad02828c5fd490ee952d271a3de10d518a39706409e6cc01920c641de4f9098

C:\Program Files\AVG\AvVps\db_dh.dat

MD5 c61c0b77b8009efc8bde570126389bf9
SHA1 83821f11a8e4c0393a33cab5568df97b935e418c
SHA256 d38dda245575053077bd3d3504cfa2c6d0893a399050f937c409d8524bc8059e
SHA512 d4923f09990379dc042ca144eed20b3c47e307977a5f71664a4a71d1a5df6b91d2a54dbb576fbac742a9560a9eee8f2aa49696683be53357c5e88fb26e382a23

C:\Program Files\AVG\AvVps\db_conb.dat

MD5 6f83820d0a82731ed73212eac2becd4f
SHA1 5e5596c219c88222b55b1008160d3970802ab24e
SHA256 0d4e1bc4fee8cecbf096a23b5e6bd0fd407c625c8415c0d35e4d5d8d747e1762
SHA512 c2ce28f2fbd6db710f1cd6f5fdf16d2860f5d14d1899839dcb64b5f33d949f5e1b41f82f96805c65a9838193bb0d57081520e839e1ea33b58d81f7370a45d440

C:\Program Files\AVG\AvVps\db_array.dat

MD5 7732e403b7a9d018e07af6984874dcde
SHA1 254d7b0d3355a8f20cd3a62fd0efce21bf68072a
SHA256 36d6da4b2c780fd2d0b869ad62a36c78f97329d1c94fac466a70ce9417dcc7e1
SHA512 a4d31672dae988ac1edd966b8b0691e860aacb9951aee4e76b196695b65c68c6be48efb22475a9ca6c8991da4b40b03a7ccffda9050b445cb198e0a22978eb59

C:\Program Files\AVG\AvVps\db_pph.dat

MD5 68737780553d47eb5078556a534e2a8b
SHA1 a9456e0ead617fa70efd070c549986a8a7749bcb
SHA256 bedb46693e7cf93ed4c3e8a894cc7d84b694e9668d30231ecca110ccb83d8e1a
SHA512 28d3ebcf5a9f50e46867bbd419590a715738bbf4b0dc680bee9e66e001115d9b1f3aa49ca170e7331860f8eeeb455266f71cf092e7496c1a2548efdae84c5793

C:\Program Files\AVG\AvVps\db_ap2.dat

MD5 fc274ca0ee29d3ba6912dd5093492779
SHA1 c39604622021353150bb89e7ae5ef20591c3c393
SHA256 09341278516e7bbbd825db1c444babdff17feb5ede9720b397fefabb306325b9
SHA512 899eb82e5661d301dcbaaa22831daf0f7a3ddbffb72d2708ea01daab20e53d55e4536531e7563452c964348173b185933d4e387c9c0b18b0453aa5cae0712474

C:\Program Files\AVG\AvVps\db_cmd.nmp

MD5 fac0ce7704542da417ca00751b35a4bb
SHA1 7c80ff252922bf4defc997495e5972b5c77bab23
SHA256 1a8c5ddc77a88ad68cc1972c6d4d36bfebb27a82cebe9cdc3025c58b4a41f79f
SHA512 222923fcbc987c824465521941b10956ceb1b8fae243a05a6ace146a5c6707feb06205707d3b1411ecc469002afe97a8905530c0898aa929c71dfde83f22eb04

C:\Program Files\AVG\AvVps\db_cmd.sig

MD5 e90d954b2ae01244a7a1e9a663754b1d
SHA1 855cef08b85eee7465c84f7d4fe4663ed5930802
SHA256 66c59d389dc2f3d5de6316c66eb5354df711aa59cdc74972b53f856442df646b
SHA512 8f8fc44286e0e9dae243dfa1ccea63e437848f140c1d9926f95fba212c190a6cc273c480a5a33a8cc441d14f977af25b5e24cb63cf98eccd3f32beabe4886724

C:\Program Files\AVG\AvVps\db_snh.dat

MD5 b6e77bb275347be44a146fd1d1c8b782
SHA1 84b425d4da0e4f882397de15cd4bbd628315dc0b
SHA256 81ff5b0dd9544017ff92f9bab1c48045d3f1dbcb6bd13dd6f3815eca98f94b98
SHA512 a14e78f62596097a6ac42e374c6e6482455d500b871ce88fd923c2d9633b3d3efacc3d2e4ccac1dba8ca248d171cdeb3c1937eeef1f7481bbdb0b29cac99cdc2

C:\Program Files\AVG\AvVps\certs.map

MD5 913882c2f6432412fc7d3b086960ad14
SHA1 ba2cf924b8445bffc554bbe4b607461ecfc7d48d
SHA256 fa59d4919142b167eb4498a157e30f5ba05157160e0358c9520aa1f12304b87a
SHA512 47fe8eadf06ed9fccee959577855c2d86c843e64f081de90a6ddb4b323de1d5d0eba6ac74407e366c2cf8fdd486d27e5768673c7db2ae26aa032c15fbb5a20a4

C:\Program Files\AVG\AvVps\def.ini

MD5 f07163cde8ccb86bc2eb2d243215804c
SHA1 872c81c483c292ee7b996e6cb23d944b0c1ba85a
SHA256 cae188f3414aade1d656c11a3ab556984e02365f6679b0ddf792efd5937ec592
SHA512 1d4604551c70270d766ba3176880dfa401a0e509443244248651b3597c7f0078c2eebedd5d2227f89cec6295b88a2adc24496920418d27ebe59762a1936bd153

C:\Program Files\AVG\AvVps\list_i.txt

MD5 dba448df7fccf70e808c7288b9c2815a
SHA1 e44e3990b8da714806c690fcc9006efd6d754628
SHA256 33e796089ef4b8be35e2304a016a789bf5eba547de43e58257f2b4915690803e
SHA512 14e5a9bcddfa78eb21997ee5087085f4163807864ffc64be49476a07376305bf539a6a10317f774d5f93ddad773a135ef9ea503c9200da9e35cef93131c9ae19

C:\Program Files\AVG\AvVps\db_pe.nmp

MD5 f11a50c662591b78e6f809ae03925775
SHA1 3c85c8cff0052ea78a2bb9fc515b110c0c9030bf
SHA256 7b9eb7a9ea28f75d2400dcf45669518f75cdff421897d68961da6c3f10051ca9
SHA512 a21158748ff90dfade24bda247938716c6682a9aa8dbd47d1e404f944c1437dc0783f83cdc2ed1d75cbae70f9325d2d0690effaf1cd4e5cb400b934195abc003

C:\Program Files\AVG\AvVps\db_pe.sig

MD5 45083df0c14c53818a8f77a651a53f32
SHA1 0514c817d3202e76c1f08c56228181fc259e293f
SHA256 0e242f7970d7df7e8f6c9310239978299d35b38ad02e3c823ba80c49b1e19474
SHA512 fc882e2b5b6fe0ef35d515267318411b035caf163d3f67dc077c3964f53f69446f720db3ee235fa707cb52eb6619863d72a0bb9655af2c6fb45fb6cc097f0353

C:\Program Files\AVG\AvVps\db_wat.nmp

MD5 4a6580a61062b3b262ac49ff93d0a4f6
SHA1 ac693579414cfec883e69cd656795af099321e3b
SHA256 a83d050a35a20b10addf01155121e067e247e1954b31025cf8763091b137bc0b
SHA512 ce5bcfa2e422d80e1ba03c8307fb17245c527244b5cf2c17760038b6b2b78fe23dce046f1ec68b14ba10553397a641fd3c8f8dad0792d41c47627bc56f9370d8

C:\Program Files\AVG\AvVps\db_wat.sig

MD5 1cbcfc4371f1d2763005b2c2245ef5f8
SHA1 aa107183585d95fe6c5e4727b379a8351a8c6c17
SHA256 6bf2fc2799a3e92d47de2f057cf3b975921407e8629cca32b7c27e98c76c10e0
SHA512 71628a4aa6d22192fd215fbcabf8b4d4625efde994c299266d11a6f3112dd3ea4f589755e76229022c64b08f9a08084cde2d1a4ff1c85dc9a73ae01f3440a6e9

C:\Program Files\AVG\AvVps\db_str.nmp

MD5 590c3087b6ecd0520c44cd5ea5aef3aa
SHA1 4f3403c30e51801bf6f54bd3266dd801f62f827d
SHA256 02e6ba829528febfe84cf3eeeef787b3260371bd5620a110243ee9facaa3cdfa
SHA512 f6c9f228fa60dda2fa439eb94b8ecfa6b8a688742b4450037bb504f1b435f29e3514acb6de2f4ad25a7ea4275121fe1cfeb0068a59835547a27735255bf1b564

C:\Program Files\AVG\AvVps\db_str.sig

MD5 674b9c2e4c16fba2265cc94dc5095c8d
SHA1 ac22247420efd8271a4edac1309e35318a62f56a
SHA256 2c143134455ee31af55c60e03ed1afc039dea90c146aa5182b22c593a7fa2759
SHA512 2be854dac08b58d0594030afa62624f6902633a4bb68d8b03f7a0b26ae23b888917af9282bf0a9f99924a7c31ca91d9e34cbdaa860e9ddbc79ade53abfe58346

C:\Program Files\AVG\AvVps\db_w6c.map

MD5 fede58c5e447d2fa7d39b9340d72ef0d
SHA1 4f258d23692d795e2a78d73ff299063a0abfc33a
SHA256 cf52174b647373762150cd11a50eb0ebf1383caf6f641e3f79cbc713959d2a2d
SHA512 d51a55e7475d2d78cc7f79915729e05075b4c24484f60ce89149d1a5a4c598fb260a766b9b5e255d414d8adc3f3d19da1cbbb89a18601ca313f1cefd226d10cd

C:\Program Files\AVG\AvVps\db_w6c.dat

MD5 525f4fe527ca7c09d4ee3cf687547757
SHA1 8332ab48a2ef07033b97d2178442d8c6ccf6649d
SHA256 aad3b0a87587ea79ceb4cfda51ac5c93c565357f1c62b21b653ad5ce916244d3
SHA512 6763281d8aa1a985e767d4d7b8c22ce361ceec646022bfe33c66452548cc519aec23e9afab61c12f5c3e6bc7ff191554f226f3b8e94edc2458b8190056a38fed

C:\Program Files\AVG\AvVps\db_o7c.map

MD5 534fe68a98dd9a38b72506bbda9a9daf
SHA1 8b33da97ba8a55c28745536ec46cc3fa22876c96
SHA256 847756a48e1371ae2a6008772ec5e7993db907c2cef716740e67c71aebd89bf2
SHA512 8495e8c23b463d84513b25d472e31cf8b0be902d9a4f24bea11e4f39f8745d6b6a7f5d26b5e211dfaf9570ca9f16174217a6ef4365c846b1650b0fda0ccdf6b0

C:\Program Files\AVG\AvVps\db_o7c.dat

MD5 cb4a7a9c9143d12d76f5367ab3c612d8
SHA1 02997965cb84d64a8146bd6e47bd79026157a826
SHA256 de92f02c0a0e4dc70196682fcb2e922a43d46958049fa4540ab1b681b2d4784f
SHA512 fdae5e9718580a6245561d9a09f72dfa63cb833cc77963e53aa7492d4d746a1f3acf40e2d263ff1417802116766330f9fad8a2992b9b376fb5374301f6e0759c

C:\Program Files\AVG\AvVps\db_elfa.nmp

MD5 da3eec5b0b6e84eda8e32022826cf01c
SHA1 fe9d79bfcbc331a2ea29b26ff29c6d69c30c9519
SHA256 bf54844e19e3c33053c7b4a6c1993641dae5ff3ca9989d0c949e0c8d40a33c99
SHA512 37665cf709457cdab87c2135f80d5160036488d9025cd55676320185c1c7003da86e08a74a268b785f138c25e4108f6bd194dc84c8dc1aae2474618355d4eb8c

C:\Program Files\AVG\AvVps\db_elfa.sig

MD5 cc4fab9f8cc6478b63aa030f3edfd67e
SHA1 14646011d56a015bd2970f93198063fe08e92a61
SHA256 8ca4a527eee843b489bdda302411a09db5035cbe5266a88ecca569704a8a97d9
SHA512 585c4bb0304484431507dc90f309cdd7be1b9f548f85c15c4003da8412a72cb18eda6ba9be202b8ce6a83e247cd9cb3aa28a4e58c4a648f65dc0efef8f529352

C:\Program Files\AVG\AvVps\db_elf.nmp

MD5 580cafed8f9c2ecafa8de293d08404e6
SHA1 1f28a4afd14c7ea191adc2a668c13febfb9f91b7
SHA256 25fcb6281513efc7b974fb5d080f973ad750f0bc13d1cbb7a91250661254d714
SHA512 601883709af78e27d0aafcd439c51acba0a1888aa002d8b62ec93c15167b9a3b4b00a5c13dd9705f221f6de4d18cf1052f700f946025b52e1b244a3c1d6701ba

C:\Program Files\AVG\AvVps\db_elf.sig

MD5 495b733a75af7fa710126b5c2477ce1d
SHA1 3969fb81f264c8d0cfb18f10bc49410388f4b51a
SHA256 1f3d4c4fba64043aa5ef284d9212e6d00f922668eceab50416c6fd154de59168
SHA512 86e9e07f0dfa588d9e8eab8ad55f58e19fefeac4503fe26a306483f005ee00688075891038f68d0ff9de79564fecee63e45af30641f89a916c7e124272021d67

C:\Program Files\AVG\AvVps\db_xtn.map

MD5 d45e025615c39f7201ac26ecf4aacf28
SHA1 498d1610fd368b8a98fa651d2e88f69f75263e67
SHA256 af7830d137b7f41cf8917dfaef4db17b85a91efdfa13e7248aea75d3bbe2f488
SHA512 7c5bc80e952cf7a97eb26b3bff3f5885693dc2b93790af17ede12612cb141427ec37281007475486a8e731cbdb724056247d09295ace6c9d9975b3bbc69042b1

C:\Program Files\AVG\AvVps\db_wh2.dat

MD5 749969be7b2f0fa91a96c913fe04be83
SHA1 9b8ab4f12bb413677f8790be92f9101792902bcf
SHA256 0236e19f95bba902e8722ba2533b8ad1b266ff69a4f3f54243c29abd674fae67
SHA512 15c2e3b0e4e1964e4eddf6cb9d60696a103286e5a541d1cbfe0f358144cf48b342ea35bdc9f9d34c9e47f00633bbbd7df13940e4f94ff9d7382030714eb01265

C:\Program Files\AVG\AvVps\db_w6.nmp

MD5 c64e4ef3ff866e07bf1917acd5cbcb91
SHA1 69017ec71ef5e3aa0670b6305758c542b5c4901b
SHA256 b412663e37002604bea92b93bcb055b74f282ee8e2c7f3eaaafad57c4c85c475
SHA512 d7d6f7922bfec6a8297b260da7403236c2fc8217a4f4fcac1c12c4f42f54ed4fef88d5349dd0c6ec8d8afc7a07ca0c8bf1a952975add09321c3c342720e5f8e8

C:\Program Files\AVG\AvVps\db_w6.sig

MD5 2a0c2bceb4c6c70d691bfa90ed3322b0
SHA1 d2197e07a0a9a3a3bfee9dc9ee364e37bcb59c1c
SHA256 5da770cab904ba162713695e78197d893af2280aa900ac400ee81ad7c421dbf2
SHA512 c2603d5d6a02bc537263ea7d6186d6e83e2a88f807c3a9be2fea2d92047e0624e620e6c4a3308d5e1aab6aaadfd6400fca4b9e419b23781313b4b3caddce7f9a

C:\Program Files\AVG\AvVps\db_u.dat

MD5 340a67d9fa641c8cb7975156c09c80a8
SHA1 4357500f13ee9cccb7e4d362899943ffb196c81b
SHA256 59e4d96885eef925e5a1794fe7a1af63325f9db5946e12fb1798ee5ff0cab2a5
SHA512 1d7c70f98e368dc63975c2d17b5a2be8819ea754922a4c016c1b58285d6ebfe672b765b46c95b579ef551a6c53dc6c4e7c45b3260a9b6fad2522d59438952ade

C:\Program Files\AVG\AvVps\db_tx.dat

MD5 a25783e0706a0e796cece78c5aa2196e
SHA1 f97e26734361b1f51fed5bb58b21a7cb8f0a36d0
SHA256 e8df184fca795f97da03afba830584e148fc70e4751f270683e4a8c1ba4cf6f2
SHA512 68592e693d6bb0cab40de4b0b0bd93c917a21fe99bacebfbe0f894ee10380e6163e4243c5d507886f0c7babb5af12059dbc5bbbdf98b7c6bd94ed097d61f9978

C:\Program Files\AVG\AvVps\db_symtrnl.dat

MD5 9e8d3d87825897f301fe7f31651374d4
SHA1 53a40c4bf1fdfd4a74e4f0ffe648e92153780c49
SHA256 85f9a442c054695f46d566b783bc97947cef4a4f9525aa438299910d51d36581
SHA512 f0cd3d2c909d2a09d8f17d92a8c7516e13b1d0c40baf45c37cf9fa9d319c3ac12d6a34de9dc0587eccf987cc05932eb80b922cacaedcbd9f8c9100c4fc4ed57e

C:\Program Files\AVG\AvVps\db_swf.nmp

MD5 5e3290253089fdc3769c47bc82e52eeb
SHA1 e6f63f492f9890330be7f5743d7f2e38f5b2f14d
SHA256 febd34ca0cb4b4cf00ba7d5db908e97d4718245d3df684748af7f4432af6ac53
SHA512 7c99ebc2638dea6437796ab4d42bc9bf3c8f77dd327e4788774c0c5c15ac77a5860fa747e1eae4dc3048e51e4f255266e4ce7ee8f75593e8788fef65d58f0a6a

C:\Program Files\AVG\AvVps\db_swf.sig

MD5 89758d5b16c7c6fe93327015443acdfc
SHA1 389cfa66d7fa185a95fdac2c66dad5a7fcfeb9b4
SHA256 906be956b7fd01f329001ca3005b760226c3bf480034af67de89906998774129
SHA512 7e3cb259888ffe3992e9b25cd943c2e599aded3591f274df16e67ae24c3d9fb117b5234e24d7b5baa65d08b6aaf1a615ade04f7e9bbbf65581c1efd38de895e7

C:\Program Files\AVG\AvVps\db_sl.nmp

MD5 6eafc6b178ba81a9b4794176cd2445b3
SHA1 dd5fcdcd18df2d7652dabf500545578fde57f829
SHA256 c3b8286715f98d76d611069d806d881afbf72e5ba139c6f3807080a9fc885389
SHA512 ebe7338c733d2307c7a4b542249eba4588bf47439c3d012794d1700b4e5f805292514126a044b96733904175add8777763bbe254d7590f927e2ab333cb9a7663

C:\Program Files\AVG\AvVps\db_sl.sig

MD5 78d7fdea7754a3283664e889dfc10dc9
SHA1 fe92a0b05290a7a28c26a06b4aeb6136b4bd468a
SHA256 d907ce60bf45494e8bd6935c801e5411098f33b1d3bd0ed51311ccf1ba1e6584
SHA512 0137fa6dcdb3930863602101adeb1a000da7da3073f6284cb2ec9549e530908886fed32b15f1a107667251a51552b7450fd3d5eff584b0620914bbdab02d0524

C:\Program Files\AVG\AvVps\db_pe3.dat

MD5 696ea17a8580ee1f361193fc33b7abc2
SHA1 f89fa541ae5ff6d43d13d95464dacf2cce4651af
SHA256 b9583aaeec6b3ba3f3310333cbd2ed96e42e9f5157ffdcdd23bcad6fbaec4ff0
SHA512 508ba007cebb177fa6691684f5be05f93a92a8634dc0888f2fcf3800ff8b83a949010365b73ff54753dd4aefae20c82f21ee06c987ecf2f2041b263c74aa8ec7

C:\Program Files\AVG\AvVps\db_ob2.dat

MD5 1fd0583231e0c0826156b40031f27b1e
SHA1 2d25d0e3566229338a71e25b1bbe9c41329a78ee
SHA256 048adef2f89b177d1deb1e995f8b9044729579a76e80069021dd98826d4cd012
SHA512 79aba238a3209a5ccc9037ce603d8a0f9220f04465c57f2cb4a1fe3fe808bfb283a1c8d9ca5bf14929dd46662e2417ba76f427d1e231b3ba3192901a0e823112

C:\Program Files\AVG\AvVps\db_o7.sig

MD5 90dd224d37c3dc002add5c4bfce8bb65
SHA1 36ec555fc7975de4faa910661113421e964da82a
SHA256 c5c9e2b4ce602deb1022a2e5925b5632507995f80bab84b3c25e061243c44a26
SHA512 04e721ddaacedc27f5570f82fb8995efa1b8403ccd006ecf6857553ccdbab85cb7ff6d419dfa4a436194da0f5a4c8a1f62981431e61a919db94c4859457c392b

C:\Program Files\AVG\AvVps\db_mx95.nmp

MD5 465f91a75ef2d7472018a610958c53f0
SHA1 a33eaf794d327fcda102ac86aa1ed290b38fab76
SHA256 c0403c76505f238464489c3e94bb7fe9159fff1a9e873b3139fb351ac1c975d2
SHA512 44b92027406aa0141571e87be06755bcf08083e6861ac8e8d87e990b3e1a39c3393fd32f4f50f7dc1ad2cc30688dcbb7bb59a3e9688c0fcb025cf0052f777dd2

C:\Program Files\AVG\AvVps\db_mx95.sig

MD5 3fce04e45ff4c0c9ae2cb8b9e1050ce2
SHA1 29bb4a5bed3610a8e6766072fecaf7cc46149167
SHA256 95c9a9d48e5c92b9c46eb71eebf4a0425cb074b9160c4e8f07d629b771eddc6f
SHA512 092c83b380ac4d345d79af8fc91b154ef841844f12dbca2998a9c3343400fb21b59a879c616828a1c5cc8c873a3cf21104656fcd5e856c5454ad40961fe3eb74

C:\Program Files\AVG\AvVps\db_mx4.nmp

MD5 439915a83c37e1ec343a6f8c368a9448
SHA1 f23e0a126d5320ac694314813c293045f15fe539
SHA256 5733414fe79f5d8e9c282a73e0f1df9e492917883658a5b055a348828db61fbb
SHA512 223a38ef9c9ebafe97bd985d40dc7cae966a54f44fd97fc3276fa0c32801a86ec03f08a9f1f6374fcbc33b67b0b355e1607cb43d48c82358c94cecd4670d6535

C:\Program Files\AVG\AvVps\db_mx4.sig

MD5 78f6548231887e5f02f1f2c6b8b2116c
SHA1 e9fd06a5b48e804921dfbc1331cfcb7fa60106de
SHA256 fdb3e20950f3e8a5fdf374063941ab688e1a4d107d3f1a820c93b93c035e81e7
SHA512 d56ada9ffdadece6d00542724b16e2484d389f8ffceec5d0874d3de6cfe603bdef6f5b041e09e5ca0f2397978a4272e323facc285ede648a56ebc8b38109ed47

C:\Program Files\AVG\AvVps\db_js.nmp

MD5 640794c6ba0095be98b1501930ff2c66
SHA1 8bdc6612d13994866846a1f5f602a1263ff8642a
SHA256 af51fa78e520eb50d63e12d56d5ec459ed0dc4c1f335010829f0de979b6d3d71
SHA512 2d7f68e995bab6192ea67705b3bd4c52e2f4159972e37e544a67a5566a21f6b554852bce64e32e97743d4164f7c0fa8fcea64301053d0d6bc43405baa66e4477

C:\Program Files\AVG\AvVps\db_js.sig

MD5 de246725bf06c9f68a53da487d27feb6
SHA1 8b6eb9c32fd9d5f914cd1d713bb206202c2c5b04
SHA256 301d85015b3a417677d78c067183d3dc6976f7564c0a0ea1edca9d7e4a329b34
SHA512 fdaa274cc39ddaa7c8ed60a21169f4cb6a53360c1cd16549987a39a96784627b96a1a1534b122321f0cfae614b4428a3b345a48404b370da41f719b2c5552d8b

C:\Program Files\AVG\AvVps\db_dns.nmp

MD5 b7396d22570a426a961c36d4fd1ad20b
SHA1 a6e4c67d277210a5db4172cb36a149fbb9cf1486
SHA256 bdb8441f04f38aeaa9b0d80f71411ce30b0e249bb758cbed26ca2b6cfea8f58a
SHA512 b817fc3c464c4f79abe14f937957c379626db9590555b9e28450d881e73b52f286da02742dae0b8a613c30bf226dbf4ad9794df32832982739046a04da9eb4a9

C:\Program Files\AVG\AvVps\db_dns.sig

MD5 5b3d2d13e1da0219ea238a92bc7ef6c9
SHA1 4615ff17262c304be03df7d93ff207c2dbb7c593
SHA256 b13128fb5935ae8b9c6382235a1ca7d68c8e8ec3cb5448eec4e22a50f10b01e2
SHA512 09e9a4532d34376663bf98d3b3419d54c2c4cb8510073531321a072280078df736cf6627a5509b59a4706358cb46f938a2b6b21d3cc35cfb2d448418c20ad8f9

C:\Program Files\AVG\AvVps\db_fn.nmp

MD5 1efe4727e21c519fc93696a324b8bd10
SHA1 d110096a78d7e3272be50e0f5b45f33d99eb6a73
SHA256 7c826e9160c0799957c26e00f3f315d482cfe5eb7b1cde719033856b1e92b9cd
SHA512 637c89b6e388211e6699f54a656397d1791baebc0819e1347816588a1b73193621fbfafa03eb5bb7843140b09d1580f42d1cbf90ef4d32456adb118bd07af0d8

C:\Program Files\AVG\AvVps\db_fn.sig

MD5 5f4deb0060af57f219e15bcc95f0d793
SHA1 f81b16c3d390ddd5a72ea2f1e62bcc830318ab18
SHA256 b450032fcc715d68c4f56a976d6ba0197deccbfcf17816354794a417cdac3f99
SHA512 84c11d2bdf3ce6f57db1aab33799b6f7e3c9de2d1bb1f7e9926242b52aec21764f731abb026e0e491a92e2a0d590a7b8b4d4cffe33d014fc5d7922e92b6ba6e1

C:\Program Files\AVG\AvVps\db_evope.dat

MD5 80e64525a6dbbd670938927c0ce4fd35
SHA1 1fedc71d9777e22904d12d93b5f18aa7c2c002c7
SHA256 2e90bb32498549b3abab64a5014cfd6af92e0b38659f4895507226b03b3f9fb9
SHA512 3ec97f38be512f14ebcd5883265ed806caa1451c18f65882308348c58d18f43ac4b74c3425ce0dd81a0978b7ed03c09b989865961cb6fddebb19930d9e0596ea

C:\Program Files\AVG\AvVps\db_dyna.nmp

MD5 e9d122f43b665553e27201d83a8911cb
SHA1 51d4493fc3d8daa526e54d9bac85b0f3812292b6
SHA256 7b8ed13fdcd8f5257845aeaea7c1ca2503dfaa6fc13073460a6acefafd2d99e9
SHA512 b9bcf7659ca724006aa345317c3b1b449034301497a3f47275689e2131fcf088239552f3402a1f94fb45f1093333fd8ac93bbd17d4a6b4bfd957e6ae8befea16

C:\Program Files\AVG\AvVps\db_dyna.sig

MD5 4e7eb194fee631ec7dbe64580dfb57fd
SHA1 c1937bd4ff28bf7117dad78e3bd37c1c249cd317
SHA256 0888caa211ca576d0f0722e64bbc4b94a97ed9df2211df868d87fb5ef8b84a41
SHA512 865d84f2a6893c62eda974b252255a2f840bac65720fc32f74c78700e6bd80cf0a84999a83203b76ac445ec30450e12b833595356b58e3352c5386f4727258a7

C:\Program Files\AVG\AvVps\db_dsign.dat

MD5 80260d382d6624be379ea0c452c8e702
SHA1 f20a86ab573331ab9337c58480337cb5aaf781de
SHA256 4772cbee31f196af61cfec8fbb6c09916cb275459b0e6e5621800850ac1fb3dc
SHA512 2f42ccc6da16115605244a5154ecdcdc847e2cc35d15499c546394e221ecac258ae9ade7add373e4feb5ac2d8e89bc8f8f97d3258ca5b68d2c8e13ccf8d92f62

C:\Program Files\AVG\AvVps\db_dex.nmp

MD5 997f5909c314f71b361f8749c60d73d2
SHA1 2b7f7debfadc84627ebaea4a5f8cc69409bccb29
SHA256 c42f7e4e44159eba4a0350cee9be4cef32c60323f16b739ac4a5755780e9c576
SHA512 c2bbb63305f1fa1f3e7258a7bdf7a64ebb0f1409b6f03f0696a69f4d7ed68bf703d42f769e05788c29fcc7e497c60a40f828e65525593e7ca46678d6832450b2

C:\Program Files\AVG\AvVps\db_dex.sig

MD5 ee945e0fc8e97f96b787d6d6b1d04740
SHA1 485741589269f211365700630b25203db5e79bd4
SHA256 1b3da0cbbd86ae61a74e8c2d117e9205befb62e0cd99c3646ede580259b00304
SHA512 014b98c63c017366d6352d79791c6227010160a9dcb1f99c430af58b393ed22ae216095f13d7313f8ab52d91adca7b7902b61980f6c047a5cbbedd53fe3412c5

C:\Program Files\AVG\AvVps\db_java.nmp

MD5 bea9558c20d6d1cbd586c826a53405b0
SHA1 12194b793ba86ff7cd2529204d04edac16cb46d6
SHA256 ce06d88bc0eb2ffdc97222b7e174e4d48fc98d1f1b7fc34902cc4ed96ff3e5ba
SHA512 61e64791f70f35ce1699e5afa2a122b7c97ea78557bc3e8604f5c249e18d26ee09d61f64d759b2fcb61f6c72b7fc5bfe4a34198508b10a740138bc8059789d3a

C:\Program Files\AVG\AvVps\db_java.sig

MD5 72a74d7c187bcc0c5240f9ed72831ef6
SHA1 bc63561f328abed3a23db0c249639e9d95904b71
SHA256 80914f82f0bf37c03d6c8bb201bc33cbc28aecd9dc65876aef6a30ab93c3e54b
SHA512 75c82574f28bda630dd0bd68bcda496828ee8661660fca521e63681fe34d9b4c30d5462c26fd89a18dead0944c90575054e4b1f652edc4b8413274a6da74317b

C:\Program Files\AVG\AvVps\db_bank.dat

MD5 a65d7854311248d74f6b873a8f83716f
SHA1 d091d528b2e0e9264a0d377487880607ac870155
SHA256 68484e75c86aed8c948d83a9c55ca4d0b557987063f5e47493142d8e09837e4a
SHA512 fe87aacc0be8e6cc9c05725f7be3392ba850171e028f157ce786eb1ab6b5f06dac99b21394967253b6a7d0148b0013a2fd91d6d55afaa7ace52b066c60d4a79c

C:\Program Files\AVG\AvVps\db_as.dat

MD5 ced1bced491069f3b1fe35cbfb91bb6b
SHA1 836bf0342531aedcd6866c8a19d3e2599c576916
SHA256 be36bd28ccf235743e6a8dd8a8b944956c520d56ad7503f31a157e6876694fc5
SHA512 e882ef19b90843cd483bf44826f4b8df22e1a44df2ec83ea529902280ed532d287ff132701c3acf1b207492c9a8e55f738aa88902c936829d3e8b30d6ba85d72

C:\Program Files\AVG\AvVps\idp.dat

MD5 df7f55d5c2dedd669206a31f027a0ab1
SHA1 5e034265e453fc2cf80605a67443061a06145a7e
SHA256 4c341f5a2cb807640a02c3fa7149c23da73eedd47ea379de7a658717d5fc7597
SHA512 c45a9b01aeae74aef7204f95574b940508b2072c3cbdb4ccc495ab4f44977710330cc2657a04ffbbaeb57fdb066b1d50de0070154df68f86f2d2d6b1e213ff12

C:\Program Files\AVG\AvVps\aswBoot64.dll

MD5 a41a78e18a186321cb6d8343bf8508a7
SHA1 ebf75d393e67c5c395526fb6a87e2d92d66cf41a
SHA256 20229c66faffce31a129040e1b3a965ab2a80ed1922dd306889f5a422ef3c8cd
SHA512 fe056d6e985de590fda54403865861c4c94851131375b408c709313804ada878f19fe8f2910d5252f6cde2d0326913b9bba575940bd48088d15ae75d40fc7112

C:\Program Files\AVG\AvVps\aswQcr.dll

MD5 b552e8d9d02a80b384d22e639df5371b
SHA1 707c28cd9e8f1ad418ebd932460b09f35e0d6cb5
SHA256 551f46afaba0758e6e54c9abadce3a216b9c9ba07b362da2dba4e497b704c289
SHA512 12ec46107435d93ac8c1039e31506e4c1b659f5f5112dd918950bf16f2802dc06eca4f3abd68627e6876a0edd7fe47fecafa4b23fc63231128345d0af5e42631

C:\Program Files\AVG\AvVps\aswJsFlt64.dll

MD5 0fcd7080439d7170135ea62c1a2c2247
SHA1 97d6b7adce394075e191f33b6384f6b83b6fca13
SHA256 c0f7a4b930713268bbf6f630df3db85e25ff581acb4bcf22564b282d7057b813
SHA512 d1e5acde248411e1fad2487c22ff62a72b547273971e0ebe9a57dd2c6cd7c227ce9cb9093ecd54eca8be09157e9ed38ae2eecc96ae25c6a942e8dcf22247cb14

C:\Program Files\AVG\AvVps\aswArray.dll

MD5 70d1b344538fa5d0485038c776eaba1a
SHA1 c70bb473321cf056ccd258278ad06edf648c6677
SHA256 e3df9c6f4c8d1579be9871ad7568568650a266a781e8668f75d22c85417ed54f
SHA512 7340d172254ddbb2865d654444fe901957b432e2e3cf4341874cab6856b164084978acf7c4106755d9eb8a86a74d1e7690dd5100b9f307dcaf9a5af20b59377d

C:\Program Files\AVG\AvVps\aswHds.dll

MD5 616f4517d66250f0b5468f3008eaf8c1
SHA1 c7757dc965b5d68ed4c7d216c516e1919cf660d2
SHA256 f1c7bf190765f0236512bbfb377aa4f8c5a93254765e741b3cc14289e0f996ee
SHA512 083d14a6aebfd4d0d8d4a89805e9d01cba287ed8b83f8f1981314ffa80b3b24f7ec7c8f3df5caf692f4fa3e410effe01bc74697c3ce41d4087e91b62045b4d68

C:\Program Files\AVG\AvVps\PushPin.dll

MD5 c2692b35fb2381d52a4699798529e6e4
SHA1 f3939a12d0f92bcbb5063a300fedb76480fa9bc4
SHA256 df04fd9aad327a95ba4932f360c9984568929ee30fb2f5caec7826a717a33ff9
SHA512 3b52d438be399d22153530dbed0594500e4a42c1f7a368df3b1199ca1f29979baf4beb601ca2e7e6db9d61d21a1b4bfb032de01de3b382cb4b868687e77a7d3b

C:\Program Files\AVG\AvVps\swhealthex2.dll

MD5 db428d70bb86d7c9f658151140b8f501
SHA1 0cd31f7f3becaee78ea1d5bab012e4ce355af6f6
SHA256 767a8f5bd6aabbc8828e9ea035877c6fd5254004fd2591d7c9b2f46f97e37dc8
SHA512 928e553fd94536f2947ddfd1265fea2032f95c9142db4f927b4ccc304020060b5bb68c4750d34d579b2e102d40a2dc996a4f188a2dd6ec7354eeb3576dd79056

C:\Program Files\AVG\AvVps\aswFiDb.dll

MD5 7fa5cbd13790ce17d3e09adbcbbad7a4
SHA1 048f2ffa8ec86d17ff39c6b454ddb513f717f38b
SHA256 5186a1adf1708806b23f5fda5ed01e1e947a9fc16b55796cdb86fa1ea66eb816
SHA512 7c9c4f99a8d207f346653a9cdf5a28508e13b234a8dd9df84c36d0c2ff6145eb507c1f64f63e9b0feec6005e5a23fdfe65e4e7576b0a6d675b8e3318fab94365

C:\Program Files\AVG\AvVps\uiext.dll

MD5 379f91974f2a305428d4b32c992d2e18
SHA1 0e1c8d6c5e52cb7cbd7d1b8f655a09fab5cc57e9
SHA256 c20ea8975a00e857f0769911bfc2e3ffd59a6ff3675f2822c48b7c01f983d656
SHA512 6ff5d20cf87122a30b9451945de4944e5515afa3f99ec32c757aaa654e05bb3fb3d8191922fea910693b3af4c6b233d07d4acaeb458abe650ed8d4a3dca9b4c3

C:\Program Files\AVG\AvVps\aswRep.dll

MD5 1039188650aeaef3c7c438bcb1a8c0a6
SHA1 00590a580655ba8ffbcd573c8b66fa37cb3e3e4b
SHA256 0088c53eaf6dec7bfa971a1c62a5b2bc16cf488d8fda35335d7ccadd13dfe14a
SHA512 7a5cfbf84fe0fbe8d726301e9c23c3d8fb9ee27e6ca9ade85e064717536b7842ba5b36abeddaec8a74dd14eb4a7af09e28527f91bf0100076f68b55f31a0cb42

C:\Program Files\AVG\AvVps\fwAux.dll

MD5 f4e6538cd77478c3e6aa46c197c62502
SHA1 c188f1c64f69c4d12ceed9362460cb76aff3f936
SHA256 74813f81110f57684b355d0e60847004df12cde35758b35d84fc65fc8097eda3
SHA512 3b2c12ac8b624228a9aa56911a1d819cf693325e600fc6df7c255fda2c210a9934331b0ef22d8718055f783ba73652f307f7a8c42319a08bf2c6e6bf94aac8c2

C:\Program Files\AVG\AvVps\ArPotEx64.dll

MD5 eeb1c3fb9e8f9c36e11b1bbb8b5b50a4
SHA1 b93d800485f00534dd2debb5c31137dcae9eb1a7
SHA256 4871ffd9a0428364d55eca34b79596d4a74c9b9ce8cb69c9c8551030dd15ea1a
SHA512 ef756bfcc465801a7ac6241fc7c81e064efed08be934fb28d1d8d4505eb5d4488cc157595a0eb1d57fb57d1f909bcf10b30bc58b9aeb5caf2e6ca524f0e38801

C:\Program Files\AVG\AvVps\ArPot.dll

MD5 1de562b8101ac286ac1a6f6019cbf337
SHA1 2a97c27600ae8767397dfae16a72317a71aa9334
SHA256 62437fc26e9e88d9e5c8148d44706dc6133d2fce99ff4262b4c2a72a58b59fad
SHA512 54afb389986eec314290e614b9fb5a8f55bd515f28edc004fb52fbff74ba9e37d8c965370c2151a9b3b1914c01c2e7856323312c0b79facc984e45dac29ba943

C:\Program Files\AVG\AvVps\exts.dll

MD5 dbcda634c3172021e513472cc8e7987c
SHA1 c4d01f4452bea693b4199b183f494d4ee2b2a0df
SHA256 d868f738267ed7d7c29f7a06d9027adf319f309687af00eb878d87351383a1db
SHA512 1d3f4238299d7a66b660ac020c74402110a5926253f76ef684bb33e6ed6b71da0c9323f9ccfb49e3b6b824f9f2aa3a65cef93d7acfe266a4cba3c074946718dd

C:\Program Files\AVG\AvVps\aswScan.dll

MD5 c51e417de4f571bb3f9f53a544a9bc48
SHA1 ef51eb1fbb25bb1d1a086ce19311d1193be259a3
SHA256 04b8b3094da8563fd401fc1851548cf5d8e2ba08e7a575ac12d2515034fc8c3f
SHA512 df3e22d6c630b249798e1e5d90a7adf1bca9db50cd595641bbb4260710a967b78af2d8a8885f0b5a75dac98f97ddda40325fd248c8eaf2fcc2de6aeba3c7704e

C:\Program Files\AVG\AvVps\aswRawFS64.dll

MD5 3df1e3748d96f240c1aafd86246fd6a0
SHA1 ed9cc0d2d6965381694a997959b7e19d19ca4581
SHA256 598959ee4790854023403e27d808a22905bdc0a08a356a56485e281fec6ecfe9
SHA512 37d396e6fe4251d32e37ffa72c6430cf9a099db602575d4c17a75055b16b0a2e0f2c4a47db513eb72a8bd9f919f273dcbfd2247fbefdaf864df88b31b3485999

C:\Program Files\AVG\AvVps\aswCmnIS64.dll

MD5 f757f40fd54c59a421185c4d39d82e55
SHA1 28df46483cbb7c8cba8a7af9abbeee0cd8de85b4
SHA256 829ec02a8f8cfbe435abf2f3bafa60f6bb02a9f322f94e4b56851bdc30b49f87
SHA512 be71d8efb8bd358e5f4cbd986f9ae6328b01ff21a74b10679c82b41b4553e81fb051979f02a89a1393480b58eb1a4911846aae39828ad20a68bd20be97fd7e8c

C:\Program Files\AVG\AvVps\aswCmnOS.dll

MD5 262c1353ca46fd773852b9ce2e63d989
SHA1 982a1cb3bb30aa949d0296c38335cc1e85b5f6e7
SHA256 1e47056214a2d6a87c97c5c7539470d4a22955d9aa7e57b99eb67227d44039b8
SHA512 d011fc5468c31c6d89bd7917ce3556f079f81f6dd6f1982e8dc6d81eeac30d445e3922070358b668e451c1f01cfa2e8b9a585679e49d451b0a8b83ba3615e7d2

C:\Program Files\AVG\AvVps\aswCmnBS.dll

MD5 c8be610f0dc595a106cd073c97c7cfc3
SHA1 ad48ee55f08a0802f5d21a0f88d198c645b1f926
SHA256 4c1bb7d4176108597a12580299ee971e1cd73a1108c29ac889b32a7d65e57976
SHA512 62ced145aec552765989f0ea31a940e9cadd24b503e8fc240c7c8e4beec4aa3f40e2e0c7f76897e8a776ca554a51be055cb455013ea5bf6d071477b2a72f80a3

C:\Program Files\AVG\AvVps\aswCleanerDLL.dll

MD5 ca1dc465f5e6232f199d442741a98c09
SHA1 46958bd087bb1be8024a02992b8250c817db3a5f
SHA256 ac1998909b7b8f13a17e2f8efb600c83614c8ae46f386c8acf06f06cc3f35051
SHA512 63550c5e32b69a1a91fb974eaba2bf0427366035eea99bb3768b5e00655a85beda23da5f4e314f8b2da72ab603cd463b52e99ffaf7beedde1e5d4a3c82080f19

C:\Program Files\AVG\AvVps\aswAR.dll

MD5 2db79e08adf8839b1da504149837b762
SHA1 e6dfae71dd64660ba7a70d0f2d412b2f1ef1d191
SHA256 3bbb1d5f3c80b199dcd14b1ed915c1bca85fb5388bb5e033e4b8293cd177a846
SHA512 7b78d53449c278786e200f0343c5d02380062eb10da09a87535b71414e8c2405dcfd6e66ba40fd9a16728c1a3bbe61c3c9ff3ce76f01fa14bffa5e7c681a7589

C:\Program Files\AVG\AvVps\BCUEngine.dll

MD5 bf71fbd7f7e81d1d7e6d8aaa7ba33735
SHA1 cac0836e4fe65428c976e87d9889cc606042a3a7
SHA256 102fd8c057349f78830289c602960eaa46b627893a700265d8df20a264f301ea
SHA512 f955628d1e2872cdf5a06a3c8bf7b6a91d2d438055ab0027fada474e97b1bdf4c31c87c8e6a55cd8d47b46bda4d2f8aa34887565455aabf58a1dfc01e5986469

C:\Program Files\AVG\AvVps\algo64.dll

MD5 cb77c5f066154aa4cf794c0b3afa0cac
SHA1 6884e124993934e81ef95e5365222628b9b88a85
SHA256 e07d49193d1872862ff1e53b841b28561227a2293153713d45f9d0a755e3fcf0
SHA512 7934f100f09661b6577ed332ce45f1ba0ae4394da6f0871d800509ca83422894d048509f13ec0194a80f489ed03a96a63913e5d4684f937a8347c0f5ec18ea29

C:\Program Files\AVG\AvVps\ArPotEx32.dll

MD5 b68373b41da6d87a2944632814a333e3
SHA1 665ade3f0d61bafad9158e9ba7261c1fcd1d820b
SHA256 98f034a2d3390ba133609c5ea050b8cf4d651630a66e09b69baa1736b540a7cb
SHA512 b27c0d542b8197bbfa5ba1ad5a36bb16e0290707b083468488708888394c79d622e32ebb9f4df9f43dd02be813e52e429f47b3d741771cdb3234c362f1aac2c3

C:\Program Files\AVG\AvVps\aswJsFlt.dll

MD5 6fb22f5af47c6d980911b73b721b3b42
SHA1 47ec8aab3729b7b4da0b0cd9166e78eeec4a67fa
SHA256 3c8c7460a1cabfd5bb3604d4916d8214be1dc342b5d823b0d2655e808ac32620
SHA512 cd16f4da233eb150f66580545987a676a4dfb485024392d2ae87d89cf13c6cb840b2f5838a64e5bfca8e2a5f3a08cfac69f7c4f311d33b913c5a29d16666dcba

C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe

MD5 52bc29d0fe33bfdb3a73e1bd3331339d
SHA1 92b01a3a8c9963e1860320f8b90e9f6ee5ff3423
SHA256 e9b804593f3b3d733f5ff626d9beb0883bb07a7f81ddc9a707cd23b9e9d1facc
SHA512 68053d6860a458c8fa8e86a9fe707400734105521d316592f559457e646a339423581fd37458fedf24c94dcf22680391113b23ef963aba4e411f4ea394dc54f7

C:\ProgramData\AVG\Icarus\Logs\icarus.log

MD5 8b6dfe5314d1f0f300311798500e621f
SHA1 a9cb04bc84fc13f77b08afde5e6e21a57f4bb89e
SHA256 88012aead97c8836174a8a86b8265d38eecddc2b2c20d75a464503d14914931f
SHA512 da9227e1302278e11f523a23f64b5e54b2dc182331de95c51cd298b073868ed824b973cafb2612254580c1335df878ec87b522811b0e49f43fb719d1c6f7b738

C:\Program Files\AVG\Antivirus\SecurityProductInformation.ini

MD5 04fe5a75cf42177ebdd487c3c300d9a7
SHA1 f458dd47e58627679b701fff99955d078e84eaf3
SHA256 7e4d253cf84feae386f778e9d43cc6a168dd975ba5b96350c854299157fa8363
SHA512 b49e3d0cc7d735985c25b4e7b8fa38104b2aa46e9f1154abf0dc9229b5075564a85956d341dbc17c7e28d7ab658d16060cdb1762612cd628c72e87dddede811f

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 7c420318d55869739c4f312e9410b671
SHA1 ca1d0b29ff7ed3b9481d67f49b49e16e7cf57505
SHA256 1f98aa5fc8bb41eb89eaa3b807f2794b5df0fa28bb64eeddeef12babced7a1a9
SHA512 5d0d96740db0b1d9f58724cce5922b13425f6584cf479574d6bc39664bb6566e81e997195db6ae8ac2200c93dfe6f9242b37e8d10d02381f5016a3ec38e54b58

C:\Program Files\AVG\Antivirus\gui_resources\resources.ini

MD5 2bd6034189730b25487d68b1b2d4425d
SHA1 25bbd5559e327ebe9e3e71173036091b379e431e
SHA256 81154d3927d7a415a35fb1f18e5ee0f16ff1e5e92ccd3cfd1e15abfb7913dea8
SHA512 10f2fa511d12338531041fcc60e11300394b0c27d7fcf25d50dc7c6201ae78671b53ac57577568ac1396035d1f83688e8997d2fe829007847d49dcd3c7add6be

C:\Program Files\AVG\Antivirus\setup\setup.ini

MD5 01b4fab15f4eab859629726194dbf7fa
SHA1 bd4118c6db176206c2165a592d74bd0b33e07697
SHA256 3cecb9adc65f8ba659f392ca102316c01d097a2afa8554324a2544150a7f0036
SHA512 dfb6a26bcc79700e5687377eb7a15266d6e1c582fba188034a08c8ccc9a979665c8f0b16dc07377dcb835cfb21ae32d55d60df89a90b5c5a1986bb161309e304

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6568d6b8a8897b64bf4890ed6f21c31a
SHA1 bd268ec782fc41860846bbf274a28330304f18cb
SHA256 ca4cf3d0ec7b7c84c3be77fc87901ddbe2efd2a2a7de44f14e7f82afbfe76ec7
SHA512 5fbad74dec561a45cad5d9ed37e0e33afc1f25758251b7994c8321eb5554edc97f27cd30b91faaadf556ea66e86f075bdc2824591db31a6b92fa285d851a2275

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 48889759a82a4f55b4a1343fa5ec5be7
SHA1 abefa03db1613e41694bbf4ff1e8ec2c78e0b169
SHA256 d3214be7eed9cfbb160a5d34970d0405e7eb3d48e72e5bd615590dd556b557a0
SHA512 130370643c3978e78ebc4b74e4bad79ffc572ceddd15eedb54c5fec4999373b909090bdddf11bc27d5ce11f89410842e2b72395ee0cc09cf03c87d125c1e306f

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 37f89ba752233c97a79b361713dc0fb7
SHA1 c9cbe6e0b6020d0a6e8cc55bdfbc93cdb7cc426b
SHA256 34885781c4ff9b41f38ee353425cedec6df8dfcabd42b49ff2151d7ff12ad80b
SHA512 e723a4278d76969fe889715750267d4eab5e12e2aa12eb439925af1d03a682b371577f4642bdf94517c8663b3d574c5aa9161caa8878ac24770e17604a09f77a

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 a3d344c2fd9239c1545a5673f273d6b4
SHA1 414d61ae07509f1785d0af3050a4cea69773f89d
SHA256 3f5987f7f833b2d49c3efa1b57e530f4a4183dffca700cbdc108aef2cee7eb29
SHA512 8dda12de7497a723350b64c33ba0395377b04dddf29fd4cc07ecd84b7d30ca490dc93c9455abc1934c45528177b24c33735ca88fe7b92f3e298d87d065467286

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 097de424eccf7d7bb4bf607e0b46322f
SHA1 827973adc2c6b77cb88e8e6b7d84b3aca6a76a69
SHA256 b583fd3fe595753ddc9c197e32e218847a551ce31b8a0e4ed06b32958ff9e148
SHA512 19dd92c5aa730bb61f2637d3a7a118dd5904aa55d7002cb0c5de7cae80317f803afb94834d593d0b19cb52beccf1376a99a36bd52194c28a49d8a35a922e113d

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 ef11d163d3b3f9009b108b42d39a358c
SHA1 8c3a8d4ad6f719f3e0f61a4a0508b64dc9b8f1dc
SHA256 b698f4ddd7575edc623146683983f78dbe27b4811c73b88924b95f0567a754ec
SHA512 6c5ac211c3b40bb325ddbe031092d8cb0985960611b3af82e502d3c5cfca50a34c738c3cfdeda29ca5d6325034613d464f94c70c7b50386fa0f41442d5e45ee8

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 5c7ece44b639a518e466ec7cb722ebfb
SHA1 6dff56847caa1ab7f5f7f24332296a50d39dcf0c
SHA256 efaa10dc6ee8253d64fe990a8282e36c673f19665e49c4c7ff2b359bb137d9c1
SHA512 2fa48a9abbfa60fef8ae1e12413324441c8ef74148c832ce625a21d01edcb048dd63b8030124a3beecbf1d470e4762cedb0aa7125b60a33fc68d1eecc5aeb4fe

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\AvEmUpdate.log

MD5 53641df4555ae2f3e40af65e35ad9d2a
SHA1 9563377be00157683e0dc4362ef39370307dd40e
SHA256 c7461899ea6337f9c94d2fa26ec9941920c049757d1bd781e555178cb348b772
SHA512 6bf17122a53445b9ef9f2822b3955b28812102239e9de3d1258ae020ab022770b29709b898cdac20d84052554cee2ccd24c21dab93642a9628a7129c762f94eb

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\AvEmUpdate.log

MD5 eeba9a7bf971f1cacde4f5da8226831e
SHA1 34a89836c39de3424804d30f1386a0426f11c5b8
SHA256 6225c1c3c8476bd5e39ab9cf1f64632f8c65c73a3e556fb761eca0f6aeae9e41
SHA512 834df680c4fca93af55711fdd9519accaea2fda958626e5f09abfeac06b179bbb121ac2bc03272c6375999f459d499cc7d4708ce1205dbdddfd8eed2838ec1b5

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\AvEmUpdate.log

MD5 3936cb9cefa2f2ba691988d337ef4775
SHA1 1ec2a93c7fc3447e580bab503aa06a400be5d959
SHA256 025c741f3bcf1a7371cd0ac5432701026b917ca5736b28949910a90e83344b88
SHA512 9bbbe8f4374573e6dca5c5e3dccb7925c42f7d57679b6b854c9900a17a7605bfcff30dfad09ab104ae60d510ca8ec58be75c06d4907adec16e6aea900a080ae6

C:\Program Files\AVG\Antivirus\setup\728402a3-028c-4367-92ff-f3431a726655.ini

MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA512 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

C:\Program Files\AVG\Antivirus\setup\6ad73514-07df-4559-b95b-a7a0d78efb37.ini

MD5 12876284cd618d55e4d5ade10e3a82c1
SHA1 207b3a7e6a8d72072a5f56a138ac8e991305441d
SHA256 249fa9d0d30a35e02c9529c323773f6e3d22a5ef30dce1e79b1aebddd6b259bf
SHA512 6c7a5fa16d331210585578646a74424b4e8671f5bd5dffe92e086604bbab88defb167f10449563d47872122cc3ed6aab998ae2917da5076836db688b2cc64735

C:\Program Files\AVG\Antivirus\setup\9dcb7712-de77-409b-b4e2-7e549bae6d7e.xml

MD5 0fe7e948bb558ec2216c51772fa9bc08
SHA1 8f102fba3191b0ea258dd632654433e3714194e1
SHA256 d680068f2c375d395fdef80f44bbc026e59def635de4a4a7bc38276a9e0b3887
SHA512 b9d8b82df7454492987cda6c20171fe9547d8473fb92b11d928d861194a742d6991bfaba958789f030276499d788b130b2f5abd947db6eea414ca147318b8664

C:\Program Files\AVG\Antivirus\setup\cdb19880-5778-4c05-9159-4c8fce9b639b.cab

MD5 dd2b6a873f841f6f55fb70ab2586dc27
SHA1 4c0f51fa386b8ce17383627974304aec72db1e68
SHA256 e6321577cc693700407b28e5a7fd067e8ef23d2b5c0c33d213134e77a7fefb1b
SHA512 25b44a462e80a4cd3f9c3777c28fd56efb7a908f46b828717a059165eb41e4a39406f55eeab33e46dc1ff385ea4e4e0b2d3d77fab7139fde7b8a859884e82244

C:\Program Files\AVG\Antivirus\setup\81f50321-bef9-4a6d-819c-dbd8fd0fd006\update.xml

MD5 9032556f799aff5cf00679301a162bc6
SHA1 3606f8cb150e4cc4614f2d212b84dce177cc441a
SHA256 19cb45e20e5e274ef465463f868b5a5bf2cf88acf4656f3f4c3521bf6f248908
SHA512 06e3b0533dea7a90dd1da0e5e14625454b2bfda5e0703e322ca201db4a2b4f8ba4561a12170c7570ad13a08276fe379a38fdbb053e9da1a622bb8e54794382df

C:\Program Files\AVG\Antivirus\setup\81f50321-bef9-4a6d-819c-dbd8fd0fd006\B50B361A327AA877CE7815D7F3FF550A.rmt

MD5 e2376e66e94bc1525249976d0bf716aa
SHA1 5f78fef8cf2918d4ba3d6d31e2e4e9fc12ad0324
SHA256 2d49aef61c0ddbea6b0fbf3bce23dce2cbaaea1dea76bafa8a844ed6512da523
SHA512 40cc646f5eaccc44d702bbfd20944c0c8ed4b8a7d86ae2fc572a9a88317f8602c5d6786fd231474ce332b6d7a8117683dd424257002cad14007959744dec85e0

C:\Program Files\AVG\Antivirus\setup\81f50321-bef9-4a6d-819c-dbd8fd0fd006\0545910943C477D5AB2634E6CA2B8A25E63AE7BF79487F685A713F962C857AC5

MD5 b4f86abd507e59d336d324c447fc8ed7
SHA1 8c3c7e3b24eec3dcb252495d0f4caa7a2e6cde74
SHA256 0545910943c477d5ab2634e6ca2b8a25e63ae7bf79487f685a713f962c857ac5
SHA512 4e42fb4be1cf129964effaa70ba66666c9a3dd8c43415905b67c05b33fc57cab395f243548b0da66f027aa0b03e9bb36c83f761c361b5176b22c88e6c4b8aea4

C:\Program Files\AVG\Antivirus\setup\7b4926e5-8f59-4236-b0ad-6c3abda71b1b\update.xml

MD5 b6af5e84109b18b12437e08533483da9
SHA1 7c6ff387dcea5597bab213c8e58d72a2ef8d1e9f
SHA256 0ca3a3cd227985abfa72bf0167e2cd198a910720895cd44db8fa46d466d6b745
SHA512 38d1ae671b3aecd7dc30a8dcc0eec07bc63d7b70198e813a297fd907b78eb0ecda82d23f1411d63340fea860e8cca912c4a4dca78aff99099505691641bf97b5

C:\Program Files\AVG\Antivirus\setup\7b4926e5-8f59-4236-b0ad-6c3abda71b1b\83DEE5DE989CC9FCCD60B577503217A1.rmt

MD5 03f2cf4168798e3a0bd60f57fc3dd8e2
SHA1 be52bc50b2eb6dc049aa4f9c6254675e7e17ea32
SHA256 a3a8f7d4f7058d30a52e8f954dde6924fc1dc65e2d880aa2db03a35a3eebdccf
SHA512 4cb58379a792b705673a0510beadb202c55c6b8dae65e52bffa60a7efa631de8ff7b0b202d116764fef9c152a496f0754e82326af3f8eca4f45a6a984dda428d

C:\Program Files\AVG\Antivirus\aswAv.dll

MD5 cceb8fae9e1705fac290a8e4cd5b7e30
SHA1 3b3c7a90ee09a6b7f5d0b499d4988758756370d8
SHA256 8ab74ca850fd3ed52b78a7814d793d7dbf09b8a4d7f260dadb9af5bf4657793d
SHA512 7cbbe79dbb6469a73f20fa0cda8e604ba01f71bb4fe6f9053b5ca03cda09c1366085f4081896c1aec5c342359e689eccc9bd9dce7e40989cfa2b0b9ef7945da2

C:\Program Files\AVG\Antivirus\setup\5fc09fa1-26c2-4f77-a994-437f40cf32f0\update.xml

MD5 06aab898ff83874e0753680c97cf07a7
SHA1 46605618085c1e25454447f2e541dec9d61a8a85
SHA256 edaf5312eb16c13c312dbecae265a411840893e2e22efcc94c7eb752c3926e4a
SHA512 2e8a39ed228a630341ba045437cc49d4f728b7251fa8baaeac8c3578b75ea6e2e2134769df2d3eba1f040d9b9207763a478a0ba97ad93f3d39dd3c58d8ea4a20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87e555b71af0130c56081b5f14164daa
SHA1 b2c9206e219f85aad3557d0f798dfb01a19e80fc
SHA256 09bb435b2e9c0d4928bf88d500c65b3f57bf2c6d42b126ec560d2d54abab7892
SHA512 eb6176327e3f9f5edc908b0dbeb3fa119cef31870d7443dcb1a1402c56510d9d37d310863260fec703c10bf03bb6aba74777576c31068e48d9e798a6e9914a1e

C:\Program Files\AVG\Antivirus\setup\5fc09fa1-26c2-4f77-a994-437f40cf32f0\3CC8C822A624E4D3F5F8525EA889B011.rmt

MD5 04d8fc52ec255f66f4cc826d3c6a830b
SHA1 e217149b69deada71a88267ceb36811bae91798b
SHA256 a584db58fb9a361169c59c69a8f6b1db71dea701807521ddcd834b7c2302ba7a
SHA512 8f0962adbbe45d91891a4d68cdc3040e502c49f6c9c544486724732f615f5280a9d95f60f46a630134353d660089ab94ced61c5e1611ee975e75d369fadb8b00

C:\Program Files\AVG\Antivirus\setup\5fc09fa1-26c2-4f77-a994-437f40cf32f0\B2836C381E35949645F2C711353BCE47.rmt

MD5 937b64d270eaf8423bade003c827552e
SHA1 e5c5089942c128784b91b0f2fcec524d23885a76
SHA256 f9d6185d933cdcafe172cea0e18a707861716f6721a1747a2c7cef30ff18bb63
SHA512 0fc2c5edd61ae78ff877565fdbe975f962ffba5d3a1f5ea1bc8c66b5072cef12b64b3a5bbb0ab3db2dc177bea5c6b2f23d545a5472a937b1d323a0c726f4be42

C:\Program Files\AVG\Antivirus\ashServ.dll

MD5 182f9a5d5f9f5efaccf6dc0999ad8e58
SHA1 33d03d9fdebfa0a1f31b0b5391b05340189a7518
SHA256 c871f3d21aa291f28beb2ed536ca89c41c0f67b8f55c98bf5518d8d22388d257
SHA512 307485a6b1883b1530cba8dbbf66749a8021d01c14c21c33c0cdfb71db7beccbf8d656e79d88860d7bb39f45c6acfd01bed3ecb6202cc860850450bfbb037268

C:\Program Files\AVG\Antivirus\AVGUI.exe

MD5 2bd290011448589191f3e31694b5377a
SHA1 fac7e7c7346c75c896698b50664ad445fa3a99c9
SHA256 97133419751648ed7a8e9097a55dbcfc645c64dbaac73f0523d2d910437933ed
SHA512 3d24e0b5da07b858ec17d17f886a8a79f1ac869d6790179d3eab90268317ee72ea29cab348f7e8f8a8ded9960f33a1b5190c633aff4f1be3fc1c140e9ec4f6ab

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-1a33bb11-9e1e-4a4e-b2de-9f37585de52c\config.def

MD5 ecd73ef43c6b8ff107e4ec2448b73af1
SHA1 01748da27c36aa1007f74937eb84a96de2911744
SHA256 6b0632597e1be1e46d6ffa226e219ee560057a005b82e6b48ac84bb832d075f4
SHA512 28aaeae0dd1e047fc0b0b711c1a05c7d501a1ed6407d1a79b5a33373ab69aacdd1e903d51eaacc2da1f8cdb507208d91f7c58368db5e2b623ee06068994d0a27

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-1a33bb11-9e1e-4a4e-b2de-9f37585de52c\aswOfferTool.exe

MD5 9fc2d7776cbb46e688bd54607d74dd3f
SHA1 e293e35a8a8377d1b22690d09ab83a4efe1d14de
SHA256 de9e4029b799a32ad08c33f6208f5112b1c8f3126d77e6e01f8665818d06a2b3
SHA512 a4852261d0bbedc61bb05c06d7c4895bc288cc330638119f6e8882c007e9650feaf6864b99b5874e2ada7c928ffbe1290c76258ce9b77fc390c2be30a3174727

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-1a33bb11-9e1e-4a4e-b2de-9f37585de52c\ecoo.edat

MD5 3f44a3c655ac2a5c3ab32849ecb95672
SHA1 93211445dcf90bb3200abe3902c2a10fe2baa8e4
SHA256 51516a61a1e25124173def4ef68a6b8babedc28ca143f9eee3e729ebdc1ef31f
SHA512 d3f95262cf3e910dd707dfeef8d2e9db44db76b2a13092d238d0145c822d87a529ca58ccbb24995dfcf6dad1ffc8ced6d50948bb550760cd03049598c6943bc0

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-1a33bb11-9e1e-4a4e-b2de-9f37585de52c\product-info.xml

MD5 6ece98503b5e8324c86f1dea356326d5
SHA1 385bb0d98015326690b40f22207639a8227410a3
SHA256 abc9e28f0a9f4cbe1df3e95b2350900dc264ea7f1dae497057cc609fa3fc762b
SHA512 306132f999d165d6af276c86208d222773ab4d95640f4494ead9e023c4fe06a8f7dfbb3c85c7d3ab69e9b4f2bf068c56a00e69b5e7e4ae577a7c88be2875b608

C:\Program Files\Common Files\AVG\Icarus\avg-av\temp\asw-1a33bb11-9e1e-4a4e-b2de-9f37585de52c\icarus_product.dll

MD5 e44a0441fa4e23101b54a6471dd5bcbf
SHA1 11f7d6e33d606189d109f6b9cf2438c3a23aca37
SHA256 d5581017d21db68d85f6bbbc1305046c6f757f43b5217ab53c8ab50abc8857f9
SHA512 9bd292e92562139001c6ec2361d85e0bb543764a6cbb604e7de60a830e4fe244f5201bf868a95cf9c5f5d644c354e54baac76061987b8aa637f74ec195a221ed

C:\Users\Admin\AppData\Local\Temp\appcbd859d4926ab11.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Temp\app186b43207ee2174e.tmp

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\icarus_product.dll

MD5 b8452afe7c118f483706c33c2bdaa47c
SHA1 b18ba2d83083b7bb96eeadf1db8e64e3b4424ce7
SHA256 f6a127800a219f71fd61a83cd38b41993fbcbf7cbd474d5308f218127f588298
SHA512 b07fadaf98239214115c6c008bb37ba273fd30765e8ea70601208b1032a4934040b572140867845fbb7fcae2fccd752e74a0e5acd7b6f194b33d8d290ab6c6f3

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\dump_process.exe

MD5 6c655fa8876e0bfe83558ad5d9473ce4
SHA1 7b832b603cc3c89f28c08955ed49f7e7e133ee4b
SHA256 35e3a594fda9288667d2db0003e16ef7b8ef46a2c090d7c659fa676181991c32
SHA512 150572e5da68aefc9594e57f5fed8d10acf2ea1964b31fc85a247ba118c4e50edaa6f07248944da13ece0f1cad760379d9fe077bd311eb9ae1b711e789264ea6

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\bug_report.exe

MD5 1d1ae7dd9eca36d6e070f19f6080b62b
SHA1 6ccd71808890b3674a4627949bf95b6c3a2dc06b
SHA256 07720d52b091b20507180e9485539bf6971d834e8e52a686a7f1dcd059f07b3f
SHA512 e2aca0953cf44f3f017f450d08ae252a0c25c69570bec7c8ba6494a060e81f70535aa4b814b491d3f5c02bc98cb588f3848bb4b16fab118073339d76a3ff49b0

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\config.def

MD5 266477917e34fcc238879f788c3a92f1
SHA1 ae451a725b4535bbe139ba9eaef8a9df4d2a8695
SHA256 93f9d63a791be82bad8858bc891591600c7d96768d983f89eef514f9104995a4
SHA512 d285bd26a67dfee6435ddda5c6dc6cdf89037031e8f156638289e2ef62028d007d745808bca3c1398d0025de054e7a27b0727c043f5093374b3339642768bc96

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp\asw-c20838d6-a6d7-4d3f-b818-058ac9610792\product-def.xml

MD5 5e071e53314904cea2a9938313b3398e
SHA1 282faa9f05555d53679d2252072a94e1c6faa390
SHA256 a59345e51f7d00df03727caebab9fe80ca74df51f236d4a5a49275dd7a4360e4
SHA512 4f46c82fa6dfa0cc040a7eec67b704fd6ff691282aa1a096f004ba5ab092f3b73e8aeb68e10be57d38e8df5eecda2399019b79e8caa6252e378e34f29395662b

C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

MD5 599037e28db0fcea485662c8b9a55c31
SHA1 72e3c4631e6c52c82f4c450116ceffbd1bf5d84d
SHA256 e9b0ff3d998ae2e7c47a0aa52df3b70f922d22632ebdcd93f7f6ab99670c4834
SHA512 46758c995da46fd0a0c592d43b7fd9556887a6894aa9bfe7eb1acd7081e387e5c657908e4009d35e1092d941bc069c37cbfcc93e2559421bfe5c8fa70bf34842

C:\Program Files\AVG\Antivirus\setup\config.def

MD5 67f220d35a9b4b50dab565cf1df5c42e
SHA1 9395bc7a4dc33780defcc010ee5e0e7bd11074c9
SHA256 a392266171cdbdba5e4ddbd58f9e8b2d602f1f7155f83581f62d34f20ec5f586
SHA512 3f5427a4e86d789b8be583f3ad5664484a63de65330b5ddb34503dc2d5106f0b5558d5a67e7ef6b3de9fa6182bdc4fa012835579c9556c5dbbb01fd7b6e9d486

C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\product-info.xml

MD5 4dc7d30efeac4287aa44f9815cc8defe
SHA1 d0cec3911d45606957d4f349bff654e0a39da80d
SHA256 44ee629247a8d5702920c17847ff2efce56acaebf1030aec9c83b11a411ed018
SHA512 bf4668e6a1bfc302ee415de63622e794e4cd1fbb75c38db1608e9f0089a2a5049369aadfaaced7da6e62de7aba1ea9f1b8df65ee29b50aee1bdb4867a5405833

C:\Program Files\AVG\Antivirus\setup\setup.ini

MD5 524bd37e505165826a5d7e164f6433d4
SHA1 ec7123280d472a8a58a15832fd7b4ccec49c9462
SHA256 9455c903c87e19d25271b413b6e299c6450b0c10831e088fd5f593dcb9d0b326
SHA512 3a502ffe89c9b1b7ac8e6439b4749d3f746e068aaf5ecbdf4f65aa1b19b44fc1575a61d278e57d306501c3aad309a0b7c06b5b57ff5335927ccae91170bb9855

C:\Program Files\AVG\Antivirus\setup\a2c1e3c2-d02b-469c-8a51-1eccdb79cf0b\update.xml

MD5 79f0dc1b8df718ad5e1078f6a3a294e6
SHA1 471e34c7cade525c80449a11c26c6ae1dde10ef7
SHA256 8ae1465b894d45a133363fd23a148910ae20ed578fe0eb4fe015bb4ba464a5a2
SHA512 f341794344ab8ddb5c9f80dda43bfe2f84fff3aff45bb62f64686e487b31dd43fe6ca6e5f369fbdcf5324ca5ba8fca9e788e99df1937eb979dcef05ced71a7b0

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\6f616401\a7349999_706fda01\rsTime.DLL

MD5 6b0fc0ac95e333697209f27a450203c5
SHA1 4ad1c7e416b932d24c5558e11314a6bb2542a81a
SHA256 68978fb500004f1cc8e9521e83125f16a52c8d3011310ecd7961d557c91074be
SHA512 50bf8179b2eadb6c64d3bc31c58942d7a1c7b8c9fb9e86c2953b3b3b49d8fc6c8bc6e24247d5e2ccf043b7e06549276a4e42534a04acc5c056d3634bec3c5b63

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\nssD238.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\a07c00d0\008c8f6e_1700da01\rsStubLib.dll

MD5 a16602aad0a611d228af718448ed7cbd
SHA1 ddd9b80306860ae0b126d3e834828091c3720ac5
SHA256 a1f4ba5bb347045d36dcaac3a917236b924c0341c7278f261109bf137dcef95a
SHA512 305a3790a231b4c93b8b4e189e18cb6a06d20b424fd6237d32183c91e2a5c1e863096f4d1b30b73ff15c4c60af269c4faaadaf42687101b1b219795abc70f511

C:\Users\Admin\AppData\Local\Temp\3mcnxtrx.exe

MD5 a235dda725878a9170f897fe2a3a1ae3
SHA1 c2ffbe0f82cc9ff9aa20a1d1b43e66557f426ce2
SHA256 3b7d5ea5a81ab8027294376df76f32171433201e3ee43d10924c7d3c40e8bd92
SHA512 4b08625c6797d19cba1f9d004382d57071bd8577330dce0e6c5cf8f6525adaf0fed71f506b3b0a2c379ea5d661f67f026bd03f3a1c26d2616a80f747ea728295

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb91d22862ff5f9be79fede7c8713faa
SHA1 f28bb895fead6e85c8d9280d754a1ae4fc4437ad
SHA256 de5f093e4ac3e7aae77ccdc0f2b8b0d4cb1d8f4943bc8476b153ccbe1ae86a15
SHA512 fd69ec35426d730824dd11b8c03dd73261ea0c357f03d6c8d7c550749863c58f69219cb6b6bc934a1f58115ab832293fcefc7cca351724e6f147e61b76cdf676

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Code Cache\js\index-dir\the-real-index

MD5 2174e399f14f7bed878ab413226671ca
SHA1 0e9e8c0c7c0b87ab90f2e1411d574db11d37bfcc
SHA256 81f6b8c911a90644fcae778e2f7f4ea398d315ac6de3cb2cb5df395894bf03f0
SHA512 7f0718b24e6c5daaf74fd7bfb41ff8a1c5d262006b314740d04a947a351268a01f4b91aca75a5e46600f1f2ebe315e10a651f8ebde178a965cb54c9b8044e63e

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Code Cache\js\index-dir\the-real-index

MD5 930bdcf3c73f8e956ce5d0721a7e98ff
SHA1 0bee76f8f413313d4d5169af6e402f01a3e2bf0c
SHA256 c493cd9b9a7233ff0971be77a9374c78f1639492a8bef985657eeecae18c791d
SHA512 a8a3f9c0ccc457f196646b35c59550a98cb5583de941de29e466e8665e79e59cf190a4d3334358ebdbbb29966483a5c7a4a20380010111850478f9bf89b0aa20

C:\Program Files\ReasonLabs\VPN\InstallerLib.dll

MD5 e245a1396608ce5b9d3cbc9ae407f1d1
SHA1 cb334ce89ae3462643981502d3d521c6a1dc7520
SHA256 720149897fed37870693c6ccf9223c69f8b1cb37d68bfc1e80242633c823ab1b
SHA512 44f8a67a5c3b2931c094bc84bc1a605a49298806fb9e23833481e559d9283f8fee5cad2651bc73ecbdae98a344edef8f527d436b4519b5bcd3bf64b2b3c3aad8

C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll

MD5 729af70bf6779451848a3e971f267e06
SHA1 b2641d87635ae5b1e6ee2c334a573a1984bd79ba
SHA256 c52db37768267d722fe3d77c8ee8c908816f8b3530631d89d14166f3f04c3ec6
SHA512 87c61ba20a98e2c7faf93508249c43d03748cf88cd058abccb3c318b0834cbc574501dc20f9d92e96b569a82af69d1a3714b71db5497401d38a629d04e6a212e

C:\Program Files\ReasonLabs\VPN\ui\VPN.exe

MD5 8c0ae5472f03b0053f1e38dd1418d01d
SHA1 597483af325b87fb513f92002e3670657209e4c6
SHA256 b5ee3f31f09802fa8edb439528a5444935b19b66618d62bc500bbce131de6d20
SHA512 5608d2ded3c855c40121f689e517e2a668d1c4366d0ce5f74bc5fa14586f970f20201d6fd70b51b9f705f247d7d374fc18a65eecd3cdf510e117c34e67ae572f

C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\d857a88b\001b78fc_726fda01\rsJSON.DLL

MD5 aeb29cc609b849e622a9c965eaf77a40
SHA1 7a1dec9092568db11ac30ee9309ab35580106726
SHA256 54ff4a447242ae030b33d7b01b35878202ceac9269ef05e6a3dbee26cb493c85
SHA512 f5941d82640c09366d776282bec6ce5f31cc50b8def08effec0216338f21b34aea567071e9eac99b63cd593cb424598ce20c78d5bc776af1520c53a967e69720

C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\d4300652\d84078fc_726fda01\rsLogger.DLL

MD5 0463cb4bf75feb99e32d7d32ed823b86
SHA1 825ab017a8fb786e0f36f65092757e76d4e72cf8
SHA256 9f25546f7184fd8ffcba37875df6b4bfb554d5dbe0aa12f62a9bd7f823a18de1
SHA512 37f92b87fd2508c4fb7c4fed549ee487f382ede797270e6d051c21edb76586b1d746dc1fb47e91cacaf169865e59a764e40ba85e33f191c3ff1e451cecdaa9f3

C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\9292eedd\0da875fc_726fda01\rsAtom.DLL

MD5 d2acbf146bdfcda571004b3e7923f692
SHA1 85fb4ec3b6cd56d09c74be8329822bc517bf1a67
SHA256 f7350fa966af75df4ef0222f33676d7478546a258574ade77509aab9122e2e3c
SHA512 5aeb3b7d7d32973861e83daeb41bf1443f49b3f5312b308df09943479c4657273eb9a958466adebe042b8fb966e146b83c2120d76ab6a185eb934f5c16286e6c

C:\Program Files\ReasonLabs\VPN\rsEngine.config

MD5 515de64333b2482037bb7c4c0ec9910d
SHA1 a76ac0a855761222f65d0b9c46be2b58c619665e
SHA256 be91706b0a0e8a1856cd5a83b6629ac4a27aac2d2fc879ee5bcddd7fbbcdfbdd
SHA512 838b664d681df288bca5fd134d1a781558eda30b33a73c677eb0bce5d3ab9747fe77064ab6d30a97aedf049fee8353d6fd7c591076ad5163d21ebc555f72ddd7

C:\Users\Admin\AppData\Local\Temp\nspB585.tmp\tmp\RAVVPN-installer.exe\assembly\dl3\00a83cc3\d84078fc_726fda01\rsServiceController.DLL

MD5 42d12df87f7eb986f6d526e8c13350f8
SHA1 2c0490cf5e3da816bee708ffbd461a8800f562b1
SHA256 4bff209e202589b4c07c3b342f43aaa27b436c3fabe652ceeed23ff8bf52dd85
SHA512 1c88d1433c66b4aabfdb3d630b066e0a801d23c6e4f6cf9ca6b48a0ef1baafd73056c5cb912b880993503b0441c3140874e237bdff5250ac60f8121eb75235fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dea85738531f0fba6568f35fea98abf5
SHA1 af857d9ff044ed6a926f1b03093f6cce68280e28
SHA256 b6d28b563df8178f2e6323438fa85885fcbb1dab6dcd04098f7358ccb56ae22e
SHA512 9d792a3f4e673cc6281c103ea43a4c9ff8320ca1f7ac77f113ec88bb6fb1a97f7c79002136e988db9c8c6af72d5b746dadb44940a29c7b0a9e12ebdf64526dd4

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 5f2d345efb0c3d39c0fde00cf8c78b55
SHA1 12acf8cc19178ce63ac8628d07c4ff4046b2264c
SHA256 bf5f767443e238cf7c314eae04b4466fb7e19601780791dd649b960765432e97
SHA512 d44b5f9859f4f34123f376254c7ad3ba8e0716973d340d0826520b6f5d391e0b4d2773cc165ef82c385c3922d8e56d2599a75e5dc2b92c10dad9d970dce2a18b

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 db3e60d6fe6416cd77607c8b156de86d
SHA1 47a2051fda09c6df7c393d1a13ee4804c7cf2477
SHA256 d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd
SHA512 aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 a8bdc7d8304db4fedb08961f0fbd0480
SHA1 38aa4f3f69fff9135a670ec8a4999d5babf0d0f7
SHA256 600fcf2329beb40c40d6801148338fccbe59be255974746ad294366806731cc0
SHA512 3046d7fb4b3d9152ccaca7cab31e3ba2c85ab411709a560cde20623597590fa9296555fc77a06f2b17faa3f6e456cc5c0cf3bc25fe4686955a998d73ea7bc6f4

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6575b864-aff3-4307-89f8-e20c46eeb5d1.tmp

MD5 dc11f48890ae78d3e4c78c3dfded9727
SHA1 b55571bcca6122a1b3fc0117cfdf7c3a315fcf33
SHA256 1c9437e10a9958d90f7eb6a2adbdb885c82fd7e3de14704caadfb65c6fd67cde
SHA512 3a6e131af759e30463945fbec960eadb6438ba6e2a6e05b0d0baef457b7b7f84cc95a9c1ccb5a9a47dcca8c9cd7fdd0dd366a78ccf6c8cfb77381726fe6cdea5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a9ca5caa0747b5a3f75d375fe432cbb
SHA1 1b83739e5c19d684f9353ce0b6cfe2a7102c3707
SHA256 3928e0e71ebcb0b7a8833bdfdadda328975d88d8e49304ba61c82b045af82509
SHA512 f3f0c72a607ab5f8d36070514c4c2bb678cb58665618f44d215f9b485eaf2f6b0c3ad7075d8c57af9cf13a4adcae891e9e96ac6766d8f76afd4189264c999887

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

MD5 60505a1a58419980603e1af8ac106944
SHA1 66442e407ef400873c69b76a53aa7440fb460c77
SHA256 ff7feed1ef0b56afae9b58489072fdb3fdea59f9d83c8e911221e4ac6ef4da34
SHA512 e242d54895b0de99569bccaf7cc4125457842baf6d42c72b955f14878b62bcd4c0c94fc242cda7b14453e71511ac69531e53c28639d4947c23d7eb97bfa76050

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Temp\ypukoz0w.exe

MD5 2a42b7b3a4096535bdad9ee48367cab3
SHA1 2577b1e1141b78298a4969506a0745bcf4b6c870
SHA256 45c1812af351579c4f6350f2ecd16777ffa633acb9e144677630143a4a468cea
SHA512 62e2b4df961733d1de795f9b1005d34a379faf8031ce619c8cbe60cbeb379e2bfc65182f80acace1d2a941825ea6e39e95e3d6ca5f199b36f8e89fd46e53beb6

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\System.ValueTuple.dll

MD5 29e6ae1a1af7fc943752a097ec59c59c
SHA1 6d5c910c0b9a3e0876e2e2bbbce9b663f9edc436
SHA256 cc9bf1feeab1d76221508d6cc98e8bdc1603d5c600c5ed09c108e31b8bd3a6a2
SHA512 cc6d55e5fd23c89d73ecbddfa92c102f47f8fb93f2f6a41d2e79708e6a8d7c13c1961dcd07810db3135d2f8ddcbf3535fb3ea3d1fc31c617ca9b10f6b867f9a5

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\System.Data.SQLite.dll

MD5 42e6e9081edd7a49c4103292725b68e2
SHA1 62f73c44ee1aba1f7684b684108fe3b0332e6e66
SHA256 788450452b0459c83e13da4dd32f6217bfb53a83bd5f04b539000b61d24fd049
SHA512 99eab89bf6297fda549c0b882c097cd4b59fd0595ff2d0c40d1767f66fa45172ca5b9693dbf650d7103353f1e1fb8e5259bbcde3dfa286dee098533a4a776e8b

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\rsTime.dll

MD5 f1e592a7636df187e89b2139922c609e
SHA1 301a6e257fefaa69e41c590785222f74fdb344f8
SHA256 13ca35c619e64a912b972eb89433087cb5b44e947b22a392972d99084f214041
SHA512 e5d79a08ea2df8d7df0ad94362fda692a9b91f6eda1e769bc20088ef3c0799aeabf7eb8bd64b4813716962175e6e178b803124dc11cc7c451b6da7f406f38815

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\rsDatabase.dll

MD5 d9cd9c6486fa53d41949420d429c59f4
SHA1 784ac204d01b442eae48d732e2f8c901346bc310
SHA256 c82540979384cdcadf878a2bd5cbe70b79c279182e2896dbdf6999ba88a342c1
SHA512 b37e365b233727b8eb11eb0520091d2ecd631d43a5969eaeb9120ebd9bef68c224e1891dd3bac5ec51feb2aee6bec4b0736f90571b33f4af59e73ddee7d1e2ad

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Network Persistent State

MD5 134c3050887e81ebafea23dda6dd441f
SHA1 54d4bc58c8ba7370a1a2e3a844b2b367fdb2d4b8
SHA256 615636eebf051915e5fc48ef2b8202762b37c138564f16c94eb3adab495b0c73
SHA512 2a46e2e59d1345b072bf16f7fbdee0a40850e724725de7f164d9f4e68305bdda790175951b0c30a905197810e237d3ca2357511b486fcd06b3e445f12b3a31f0

C:\Users\Admin\AppData\Roaming\AVG\Antivirus\Cache\Network Persistent State~RFe6ce0a5.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB

MD5 6ae52a5bbf940cefdbf8eed04b8a3306
SHA1 3f90fddca75b8988a07255e8d91095444d615660
SHA256 cf72ff1ff7a95f1932afa8ff7af9454653f1ceb18d4afd28a4500a7760939145
SHA512 f8d6629fbdbc559cf88313fd9b9b557e642611c6852c4546a613c43dfe0315f3a4eaaa21eba830927ce07095db34f416bd4756b28d8cf5e1867310340cd645d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\no-scan-notify-icon.svg

MD5 85be03700bee78ba5dffd47c18f5f796
SHA1 49dd78d61b39a013b4759b8789fff70e720d48bd
SHA256 c289ac227906cd11b2178abc616f7c12ce72e70b089ab86043b857bf44f434f4
SHA512 8e440d8e060cd8c080ed45364e84e124b30ed72878e7563c7ffc5813aec7fd6487dfeac4e237674cdfd7f798da9d1b3e2c7b2a23ac888fa890176606c312eb93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\logo_with_name.svg

MD5 7077be1629422619bbe5057dea2afcf6
SHA1 dccf730b9bd0ba9fb7c505f350aa2428457bc952
SHA256 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa
SHA512 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\logo-blue.svg

MD5 acc37544364375fc67b44f027773c94f
SHA1 3ea1628a0c300ddafa885e6252e76cd18a952355
SHA256 8c05fe44d139e67155501cfa73c8ec7d683dc0fc42d17869eb8c2e28c8072d5f
SHA512 178a6bd3a043546175468957aa14dd81f2fa8928d6fcd787eb4a5bcc590557bd2a0cf376f5b0aedc7f5215337d5d9ce2dc8b9e4d6bfa66361a2cdabe815fb2d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\info.svg

MD5 59e2f9e145b1500bf20fe634eacdb14f
SHA1 8b30ef06bec1cbd4704e156f2a7fb01803d9cd8c
SHA256 69739b12cc11ac6e4b417061d3fb46f63cb070a756fa55463ef018ac684248a5
SHA512 fa125384590c831b85f4454a80ffa60fa9dc70d2c95ae4083e045a0cb8ba64a5bf7d3093e8a29fbf1c798ecf777e08824704d9f52523e2453451c8877042b9fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\crown.svg

MD5 0f77ada07f818277112ef9ea68d42851
SHA1 8dff529ff78faf8724400c3a99290794f5be411c
SHA256 c9899b5a377fb16bfd7e641092dd1d6d986ce80300d14b1eb8107d78029865e1
SHA512 ccf41cfb6b96d33ac64123482b0794632a8ddda983e03fe9ba012ae6920fa80205549e828619d95059aa2eda7379dfeb722e480b9a961b7bc57b6302a4fb15fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\close-icon.svg

MD5 af135c5a307c0929934ab179965e9e53
SHA1 7798a6f73e13fa7226363db06ffded4644028524
SHA256 947325c209b02cbf029b7197985fbf55740d1b4f65242757889827699f646cc3
SHA512 e83c06bbf1a253235c681b9bb29244891b0d8449e809231e5adb2251bf0fad6a1ec8333e1d31803d5104d45c10e72621ab68d1dd4666e7d0b75c316c2c3f3b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\breach-notify-icon.svg

MD5 e37aed44ee55c3e7be7f983a83449078
SHA1 070bd086accd4bd04146a32ece09252bcab4387a
SHA256 371c49b23b1602f3e3e79b98428641f5a316de0ed3ecb2eb73cf9d7e12a01cee
SHA512 3d45277cfe5644db11598c3a6665f7b6b0eab38eeceb5846129c43bed568b3b2fdcaae0175103eec840697caee659d0f998b66a6f3fbf2b5e5353fcc922ae6f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\attention-icon.svg

MD5 42783644ebb2a199b3618c043b46f0fe
SHA1 c372cc134ab0970a6aaa15f529363aa3a5cb9aec
SHA256 ec38ff640365f6003f28fc3cc54d78c9883147610ca3c395edf4adcb2af91594
SHA512 7eb2e91b12eb1398d22391480574079f22a3928640be3f0d7c4e5230db5f2ef1c48977c1a7e6877f1f4e9a3a236c4410f875fb0f8006a312cb30189d6bb9e9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\images\arrow.svg

MD5 098267b50a118f33b7492712af4fa9d3
SHA1 5662445b9138d268cced9ab71670ea69506e52a5
SHA256 0ec47a14edaf377afdf77304c710ca0021201cb4d815c2883fb06b0253a0286b
SHA512 15300c0637c00480416ce5ad6191015df45686393bb3bd3c75243ae60a2572b1a4d2c5d411628aeb271b73880d4f091558f39c9a68800523a77ce9f5f86266eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 944cc7b993253154878990ae8d949f99
SHA1 63bbb58e604b046a08b0e10de8484343922d54fb
SHA256 3ecb29ec9d6b71e2be72715e0649c965fa2b10ab41d26860913b25c774d5e0a3
SHA512 1f3869717809e7969ce4391afab9716a49593b0d136d0d4b62b00e35734c73f85ae1460c66a2341a2f19487c8d68926fa183420cc770918f45b9fc1b283cf1ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\_metadata\verified_contents.json

MD5 cb81bbaf965f60e4ca017aecdf99b3d6
SHA1 27f9f6200ac72aaeb14703a15f671a6943e7fff4
SHA256 00d2190b2d98a901018f20dfd0fe00f1e13bac3a4c9dbdf2281201c210b941de
SHA512 24f09c1563f7d50768d1922fb8be4456dd9b44ca79b04f887b55f057310cb4fe87a963c8e7ef5a224b34f49b3f8744f1ac9653599abb53c12caf999cf054c858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\segoe-ui.woff

MD5 9a2931180d6b1dc7b33052657eef554b
SHA1 77b8f3cb5410c779206782a310990c19af2b02ca
SHA256 f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663
SHA512 e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\segoe-ui-bold.woff

MD5 52382539737f4e9913e4bf6b9966bee3
SHA1 d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6
SHA256 d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28
SHA512 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\rules.json

MD5 5736d36e31b7bc0d59788d30260281ea
SHA1 c2810c0335d1760d2ab337db349c362596df06be
SHA256 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3
SHA512 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\noto-sans.woff

MD5 0a66f097fb9215e828bc0ada73d19e45
SHA1 f962197011fa900ec29b4bd14f624a3309854626
SHA256 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89
SHA512 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\noto-sans-bold.woff

MD5 a65fc7725f81daa832e2ac5d4820c2b1
SHA1 a5602a3cb911cdb6ed538c22f451763d884092f0
SHA256 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df
SHA512 f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\manifest.json

MD5 f10518e47f0eb508b161e82d8c8eeca9
SHA1 557e1caaa3328548ac06b69f2f5359d5077de50f
SHA256 e70e1ff729054b7b56af649a727e5a3912673f7354e4214e023c9a409a9f07b5
SHA512 2d421d10a4cd63f4204fd9c146b9969583d6febbf906668dd673bb7805182e4e51f3429fdf68415b3f0ba5e10a18a6dbb1f80dfd9fe143d9e205ea0e406b34eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\index.html

MD5 d343ef04bba048e61bed6f6aeec790ad
SHA1 2c91570ac1aa82b2117f7358b971e799dadccacb
SHA256 b8b984df05113f680b46c7394172758ec3a171060b201230f9493d863f9e79db
SHA512 ef9fa5c88702ef4e2de2a1849a205cdd653cff7172c2135db595892dff072f45cf50f7d8cc5bec3e2a77665b5f8271d6f62a1bf3d138518df24819ec46031151

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\index.bundle.js

MD5 852c3d5d8d86da708877ac6b9618d6ca
SHA1 eabbb78dd6b38f9d51f9b8f8f54f8d60da0c1c4d
SHA256 9f0df1ee4a93f6d708a1bb2e9243af6d9e9e854ae5534796ada4da3abe5bc6e1
SHA512 68b6ceb5452d41d4166e0bf0b9c896e2813fc39dcebbe9e75e433e92f599f1c68edf27454a7175fca53b6846138c016a1aa21e97d46980e93acf8a664ba0e53f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\icon-upgrade.png

MD5 8f0dbfccb36007d663b552bb84db01d5
SHA1 709b15810f26fe075d1037b7d90e196f4471d574
SHA256 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be
SHA512 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\icon-threat.png

MD5 d7be3dbfb6c292dc440d4f72d073715e
SHA1 cae4a585577f6521e1931d09457694e57b9389b6
SHA256 cdd148cc2f8b3d7f008e2827367ef48a2be499ae34dbd22263854cbfeba903f9
SHA512 14a80c3602ec6a50b15baa23d74e894021a733eb14f541534ce51e1b847e4c25835591a6ec821deca093d384b849491866a340de832d6fb138e51330dc833f50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir3856_2006660611\CRX_INSTALL\icon-34.png

MD5 15b14e66c46e0a83449fea81f4d0e59c
SHA1 c3512dc47f25eb700e21a04f0925aa9d6996f08f
SHA256 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e
SHA512 c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

C:\Program Files\ReasonLabs\DNS\uninstall.ico

MD5 beae67e827c1c0edaa3c93af485bfcc5
SHA1 ccbbfabb2018cd3fa43ad03927bfb96c47536df1
SHA256 d47b3ddddc6aadd7d31c63f41c7a91c91e66cbeae4c02dac60a8e991112d70c5
SHA512 29b8d46c6f0c8ddb20cb90e0d7bd2f1a9d9970db9d9594f32b9997de708b0b1ae749ce043e73c77315e8801fd9ea239596e6b891ef4555535bac3fe00df04b92

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\2d8cfa57\4dceda31_736fda01\rsJSON.DLL

MD5 4fbf28ab8a37a488d9977b9953fdacf5
SHA1 f956b23e0072d6c0f4ddcca06248164baa8bf0aa
SHA256 0c4c1bd5ae6f069c310a8a573171759efff27ddd986f2fd9abcdec92465b1049
SHA512 de7fe21df1d6062b04a670c533ae7f85080806fe450b80dc1ab7de23ee2a7d379ebc81c0157bd3ae5c888a1429efab5166528a175e3edd355c4eaac63e8a31d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 54b7c2a044d00920f6aa8fccda8caa39
SHA1 e50616e05c987279eb2278a3f164cd8be0c07043
SHA256 f329a1cfcdd51118c62a3619fadc791b1a48a3bcf99b2c629ae111de2b2f808e
SHA512 ab946830cb099eab26110659b5ae5a6bf69357bbe1d3850061ae681a5c89605fd551efd216db4f248123e5eed1a3106f909411530ffcdcd513705c5537099204

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\f8b13163\4dceda31_736fda01\rsLogger.DLL

MD5 34d1913338ee6535fc54d110d207aa45
SHA1 9b64cfc2afc31047b3fae98e5bd37d819c589a98
SHA256 b4bb345955ad8fef66abb6dfa622889ff1a21d122d4536b0d78487eb06c3b916
SHA512 f9d563025859922d324545d0d61880e8507db9ac530bbac84ff783af14289df3363dd6100bb90ae0ba43e16e1ac0026ecdc2c7976e883364e07d781c2c610d85

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\50233ca7\58a7d331_736fda01\rsAtom.DLL

MD5 574c235d2c8c863142a416fca77b56ef
SHA1 94243446bf206e0016c9a2be3e743ad81578855d
SHA256 111d7b95ed7deab9e2ee9ba05f719fefe5907b58e7ffb7d9e76da96e266b83c6
SHA512 6a280abdfc09b7c66f7e8ac88215649eb8991eb84b4a4dcffc3016ead403f9b023c880b9b3fe516f8e863f954e4cf54a4a6400695ace4274f12c670485f47a9f

C:\Users\Admin\AppData\Local\Temp\nszD703.tmp\tmp\SaferWeb-installer.exe\assembly\dl3\67307908\4dceda31_736fda01\rsServiceController.DLL

MD5 dffac5c6540238457d747461f944f282
SHA1 11d5f809bb972c0693eea5f1b6227cb8f8dab5dd
SHA256 64cdd30df31260b1a6ac650446256ca5a411b2894633525e3ba04beecce6db76
SHA512 8ac2a74d2b13f0d8ebf4b4f1399f9979bcb4c2f15271c906c61de66c102e5e8ca3f38856208ed24f7ea93c79fe53d7a5d691d5182accaaf8efdcb6439cab2637

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.InstallLog

MD5 6002495610dcf0b794670f59c4aa44c6
SHA1 f521313456e9d7cf8302b8235f7ccb1c2266758f
SHA256 982a41364a7567fe149d4d720749927b2295f1f617df3eba4f52a15c7a4829ad
SHA512 dfc2e0184436ffe8fb80a6e0a27378a8085c3aa096bbf0402a39fb766775624b3f1041845cf772d3647e4e4cde34a45500891a05642e52bae4a397bd4f323d67

C:\Program Files\ReasonLabs\DNS\rsDNSSvc.InstallLog

MD5 c80d4a697b5eb7632bc25265e35a4807
SHA1 9117401d6830908d82cbf154aa95976de0d31317
SHA256 afe1e50cc967c3bb284847a996181c22963c3c02db9559174e0a1e4ba503cce4
SHA512 8076b64e126d0a15f6cbde31cee3d6ebf570492e36a178fa581aaa50aa0c1e35f294fef135fa3a3462eedd6f1c4eaa49c373b98ee5a833e9f863fbe6495aa036

C:\Users\Admin\AppData\Local\Temp\HWVirt.vbs

MD5 d52b94d2b232df648c44372196b7f177
SHA1 82824125f29e10702bd3c622ee8f3fffdf22a490
SHA256 f0360ff79dde94ef2625caf1f28c1bf64244df6f28ebfa4bc772fdccc639ee1d
SHA512 b31dc1f8fef290d20c441e44a40831438289a4dbf37c46e17647750def3f3331b414254615f9e03b1bf5a9b33e1872cb4c49f200ef05fd6f1c02739c6490d722

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Program Files\Microvirt\MEmu\config.ini.GEHpVa

MD5 c237b0bd4b69c7b0daaa210b49033447
SHA1 4b2020d5e3df2beab5bd7b27853bdb7a4b6fac0f
SHA256 49e42c88caee98b012b322b4a71fb0a355ee1febe7a59535b034921689f593fb
SHA512 09de24fd83334295c7ee5ee052a52b29ad4f8eb0b82a8f3d14a6eee701e871ad7f3b68cd013276dd9c2060899dbe9f0acee918ac7af4d4c6e0767996fd132561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5388a3fb288acb0e5cbea6b8489782f2
SHA1 1b65c85da0eb2ececbca5199e2f60eb28f5885ed
SHA256 d98dac843dd79db69b886ee7cacfe07bc94e528bd19fe8054e752d5a990687ac
SHA512 088d465e15cdcdb588381d612d0c610556fda60f4e897580fc29f314fcafa69a20c066f0af8b6a6f9b990fadfa9c0d370ca493659b484a97e57a646071c4d97a

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Network\Network Persistent State

MD5 8eb459331b137fe26ca03a5a236afb31
SHA1 20199ea059dd14aee6c21ad06de561c42964bb30
SHA256 d34f680529654b9303ec08f04d0da872cbd1197161b3292c92f3c7a04fb6cf38
SHA512 cc27a600fdaef1ae00ce7368e42686da2571d507f3b230054c73378f747c78a3a3ee858730f4c778fe64acd8f237cbc14cccb26f1bd4f20b20c8aee632abac58

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.25.1\Network\Network Persistent State

MD5 92b5b21907587df986787eff7bcf0bf5
SHA1 de55f2d8579758b9110e2a06501fd56cc7c01d83
SHA256 000f592a3acce3afad47f9389a621358537c8d97639f413f3eb13ab3259ea0ac
SHA512 7d5189ce286b1530f9c34b1bf5f6c63acbc4dc8309961b13c53c42cbc7d3864ca8e7cbab92556ec459857246fac9f4fa4d556e73b828c53c8abdc83ac573e726

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 0d6ff31cc15570ffe0eaa310efca61f5
SHA1 dd5599ddb31d1a207e838f29ca479ea06f9a67f1
SHA256 7bb324b93215018676b4fd13f1f6455a0387fed6bd6e8a89c5aa7e8c40285696
SHA512 bf3bd75cd7a7ad1d366e2ecf61260447bf1a8053b4e911ea286b0d9208e028012c01b8eb7d0e598725d3c4385adf7585561fe2a1805b50cd0510ef409c8981f9

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Partitions\plan-picker_2.16.0\Network\Network Persistent State

MD5 789ada2117f7bbdd32203f9644de28cc
SHA1 23916d152a5ccd85b5134a8810de1466026a20e7
SHA256 804066aa4585f27019310ca9b96c468e1311626a05b5849ee116cab3600ac7ed
SHA512 4c51ed4c316bba73d272844afaf099312573175074583bcc574a6d4eac3902d28aff88af0950e52c34a601c457ac77ef83ab38a4d86e04c78b1b90f3b47acab8

C:\Users\Admin\AppData\Local\Temp\0b34fce2-da6e-45ab-89b4-f1eb1a2fb988.tmp.ico

MD5 ce47ffa45262e16ea4b64f800985c003
SHA1 cb85f6ddda1e857eff6fda7745bb27b68752fc0e
SHA256 d7c1f9c02798c362f09e66876ab6fc098f59e85b29125f0ef86080c27b56b919
SHA512 49255af3513a582c6b330af4bbe8b00bbda49289935eafa580992c84ecd0dfcfffdfa5ce903e5446c1698c4cffdbb714830d214367169903921840d8ca7ffc30

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_D3087807C2B3EA3E461C951E109CFC05

MD5 bfe82c36bcab888a4fb1240e467b4800
SHA1 3758db0134d3dbfe66bee14d2e82cc1cddddbe3d
SHA256 ca8b77d5a63c2a29220be34b50b1c24e99f93527f10022cd04af9cd4e7e57187
SHA512 0c60dfa3f1da722e4c752f55390f01365275d62522954e81e3987c4c0dfddcd4f7bff9ce1cb0cc4c1c1884bf7a61a57893f3409adc11b0778b593242bd0028c3

C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS\222a98e0-8b4b-4c08-9deb-58d4b51d9674.tmp

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Program Files\Microvirt\MEmu\config.ini.lock

MD5 36115411732d17145e3d0c2f390e7e1d
SHA1 9bd5c57c4a11789d07c03448e8b053b21a08b979
SHA256 f822fdea8628f746fcba0609948a1ebbed10fe21a97f08687a75f89dbe64e365
SHA512 0afc36dbad2dd265fdec49eca566ea6f361bbc5cc460263098526829a2f63c3af98f23dbaaff72e9b82f34c49bad67f44c9b075a11b6e817f8cf0ed7f68fc05c

C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu_1\MEmu_1.memu

MD5 45d128e9094efe1ecc928306d809cb32
SHA1 db60046c71e1bba8bfccf5f43f27fdfa7a426d22
SHA256 f906b20dd98ea264613590f304d917cbe6106501092f66cfa23a3a42a53783e0
SHA512 b9b267d6ae35a26ae24effc224a36672604a48e5c0a64a63fd9ecc933bd030eb3b2377c5f31bc16f5589c9999a7f69ebaadccfe08b2017a4536d4faeb9d3f6fc

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 6260e2d6ae0583216e883dba3178e9bf
SHA1 34012e6f56fe447ec76bb0bac13e6adcb3f4d65c
SHA256 c3400d1a1c4175ec6701f584d5be1af40cd4b5cc0315d67078446ef68eed9d7a
SHA512 9af5ee1870d4361dd0963bffbf41b7cfc67b557b70b296ab4869b2d053ec0bed926cfd7864d1a7c298b4df772742fe9a2c29c15df9ca638fcd85c79adb44dff4

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 5d927bce0c7cffa6292c158030748f57
SHA1 8c36e19f243a4ae033ebd0912a212379c8b11b7f
SHA256 78238f5a360d75316f74abcca330a8cc564cc713522443b2f33de84535610c83
SHA512 0328ff8836937ba72b2b5838549031ba59d1b76a392d324262c31add78e6293b83360132cff29eab819cdba9769a62f01454cbf1d13e8742a98d1788fdcfef78

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 0c9f4f2dd503c6dbdf05881c399d10cd
SHA1 86b58f1956d8e8a9e01c3e27d42b5882599a35be
SHA256 bdc5c673721d34c072effbebbe29840129f80e581d6ffabfe08b439cd159b3b6
SHA512 273730ca0dc2e0c6b11376bb91ca6067a3df87dd4cb9110cb6774b1ee645230fd6f226ba8281c2c5a01153515484259678c61f280e47019e14a445d8767cba3d

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 3eea0f18f2b8c69bb0d719190fb7956b
SHA1 c456ece8b7240171cb21f5235d4e51802b8531fd
SHA256 acdbad314acedbd36920ee5b2c5c4a24c863a9216649bd0adcd610ec05aa9c86
SHA512 4eb094092e9b3e18bcbbc0665636dd67fa8691882e63b8352f5a62f4a8b6baa3e35b0f388c0195b97bf12845fb36df7ef828d64ed6bd77e636f482b9827490be

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 a1ddc33b8fdac9dcb7ee514a854d6ced
SHA1 22cf2f0c3836436b6e6a55879635dbd82dbd3e00
SHA256 8a3a84889ba8818cff6bee3ebec32cf05a169726528f7ae60efe045238ad75a5
SHA512 7f4dfb5ee1793cdb5ece3d612e943f84f1f5a6a9d47c7720d00a66e15084f93088402e8a07bdf52d4454a5256e29d1fba4709a6f1e1d77967b90c6c0a736d5c9

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 be0012f79bd9e944a8f87232a3f251f3
SHA1 23c14d6f72b373825eda6e37980efeefc98cb869
SHA256 f2d9e115fa2d63ccedd62fff83c00e5160f829a6f7a4002950f66fd970d39fa1
SHA512 ab338cf8c6ee88f359d2c68b2f8d27be67331d93d9911c430e3b30c84af72cb512463c28d4afb0bd80c83dec7b2525e53d0f1497e31d0be4eba4af0777723d12

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 60090aed98107e5e8d858560d52710bd
SHA1 d15eaf91d1391b85f0d5fa33ff5b4ae582375501
SHA256 3046542994b6b3e5d36bb7192715783b2bbcf05ab89b8cdce7bb4f2cead64c78
SHA512 fa29ff05034c1b711ce49ab280292886f3051a443d1c5d331897dc4067946dac62e321397e1fe7876eb6d55ead3fb4ccee778b523fb0133df905ab46a2d32673

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 0d671c6cd70ecc33d92bd016bd43de77
SHA1 245ae1c0ea70553d3d6cb6a1d806108376c81c35
SHA256 54292f21c2c1104425e7539260f2004a92457128e56bc60d6b56b5ed2a3c0b25
SHA512 76ec781378a657579e9ee1e7f7239c094464b29c0319a747f50b42bafbb9dfb010592e276c9989f69729dfaa872aa0d2f2fd799fe2b93f1d208fd4c4187ee292

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 954a92155f2121643fc16ee3d7ec79ec
SHA1 fad791694c3f0488508e3c8595d9b6478e738c25
SHA256 f7e680cc024f371183fd099f436a66f0ee5c04b0f0292e01f392e387068ca0d3
SHA512 6a485374f6149abd74f69e8c51d1a5e05f72d1cc9423ccffe4b6853b61517bb794545c3dfccc802dacb831c73942e7822ac042347031d1a8bc67aecdfe8500ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7eb9f9457a2c42c99c2b36ae1c2e0810
SHA1 979ab09d727460c7298b9badae8ebc758b79de3d
SHA256 09814408f89a8761cfe9b4a7ff5f044359775d4a08529dea26e2d9f528472f38
SHA512 2a5ab51e97265d89590168fc83ba48807aa1e6802afe28e97c06f2c59463fb1c14bfbef412f9a017de9e4765fbdb08ab96c2dcf56a492e97eb0eefaf1d529ac6

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 a49e549caa76bbfd46b53c0a4a965784
SHA1 8134b275bf8d0f30a2ba58f0ad3d827686928465
SHA256 017496030559d6aa4850ce840bd1e5caa8a63d1abfa5d96069a0a8d7eb92b7c4
SHA512 7da9de33591daac6ede91f3270c7220d97c268bd9cfd4166f095a2e07e7e41c0fe2a1a1bb7cd40f01a995b86ce90489331f454a5398eb39deff89999adc9e528

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 64bb8bd48334d0ebb9468013179a12f2
SHA1 71a5a961e5608620c5b27800449ea6bd38a5fb04
SHA256 dd93b720e44625ca1eb68f98fc70cf66b01aca5d124a835285fd9fcc9e8cab06
SHA512 3f91c4516e0a2acea12dd77e98dec53343da1e6d2e91f11b6f7b68d204c2f8c72121fdb89c0e0daca9967c52ebd8bd58ec279ec4fe085b943d6e7ebd29076f20

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 e34b03cd04db805f828bc57e60ebfc11
SHA1 30a445a3840e7473b019ba5105890a4605b3ccd9
SHA256 2e09e6fa224fd6d44cb00ca862ab038da45ef38d7360c4078d2dab2fb34a6899
SHA512 c2392619c1702fdf2004cd449c713d5fbd666f90a8fc1a6be0f1695eb1a706211d0035da93a2e292f0e93472f90299cbbc17ab2024a9acf137f0c820e3902445

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 169e2706bd3bdc405561e8390eac5af0
SHA1 9eecc432c85511ec23be5eb6130ca8fef4015bb6
SHA256 1d69942a92ddf03d19e471d371994ca6a576d73c6fef608e2219c5b0075aac15
SHA512 8a31e7cd43929938a33437694742b3e4ab67fcba0f4fbe0b7615203e8eaa1450639a902c47ef1085cf4cc0f7b02e9788a5f490244d8164fb96c24ddc7e891121

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 2c2a14e6627292c586416971bcefe2b1
SHA1 c8e4ef54a82b8e682232b2f4c52df8cf74b8e86c
SHA256 04ba88165393649867315e9c7773e90c7bc358ff6bf0e9796bc01a20b43bd918
SHA512 3b94f834839a981be67437db6c813599c15cd075b18d12c31030220c0f8ad5fd6bdef025fa23eb145e35657f0ee36f0b3598cd5e965d0077aac519b0ed7b1378

C:\Users\Admin\AppData\Roaming\ReasonLabs\DNS\Network\Network Persistent State

MD5 4e98db231086672523a1d5deabb752ef
SHA1 e6557888f116092a1def5da2c5f9a4a12e54b15e
SHA256 0120691406894c7da455c106e5beeb7bd5d9ade97fad93d7d9fc4f85119dc0d3
SHA512 3fb94fb9acf3cc28b30fe7a6bca2a9af2b72f52a5072a9f31597d6ad68b825c8ec20d50a9031d900794f4db7d641aa6a34e522e4835bc7745de48bca16837ea9

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 1f8958663d6e4cd54333ba2ceb3af7dc
SHA1 a7c446fe6a01c03cb4d3054849b3363cca866277
SHA256 9cbbbbe10bf315cc984f882b47669b83dc39d6f8dc92efe8f2850d198c74a139
SHA512 462f63b211fa034fb91e7ae766b373f45bb689c0c187e60ea145f3b1601954a965fc3218816b872271b34dbbf7e92c5f5f757bc368bf30e773f6ab1c5a54d14d

C:\Program Files\Microvirt\MEmu\image\76\MEmu76.ova.setting

MD5 ca9921ae82a91c027747a49b21f9de2a
SHA1 9dca396139551e1235f0b801f261bb55a0711773
SHA256 8865fff1adc2246cbef2c942a5d2a12a4e5eb49829367170912a1c0e443e1c97
SHA512 9623f26eb985a04c9f4508dceb810bba8be6d8310c0e84e628761cddfe9812be02bcb8ed0586986caff56c9b916f12e66dbd86804252b5456828c28d98419e18

C:\Program Files\Microvirt\MEmu\image\76\boot.vhd

MD5 0a9aaf0a45573b4e99f82ff656531620
SHA1 cd987f0d0a85a6c79e4e9337e606dac5c232448d
SHA256 46786f517e8b8778e7e0aa2986d1ccc46150fe761be7bf027db0237d0e6b8b0d
SHA512 436bfcc91fc5740a9e3a698fbb18b834b158156f081543253a6af5c1a634641df0f3cf6e075f01ef61f7357066a9bd5fdb1063cc33d91d660d0831d1a2c84311

C:\Program Files\Microvirt\MEmu\image\76\hyperv.json

MD5 8de1bd47700734f22fb9e25512aba248
SHA1 a333de1b2eedec209bf800364e1a1277b4ed217f
SHA256 6bee1284e364cd634cafc4c53ffd6d96c29e318a3ad253a7e7497a585f1eac81
SHA512 d16bd577ebdb7c8295c64447114228954d6a9a7b98eedfbc578049006c390687ed29f8e903000a71f412fce49eb368a8c2cf5e19f131657a0f319483d1e68eca

C:\Program Files\Microvirt\MEmu\image\76\MEmu.memu

MD5 e1c2f9b76eb29e8d18db83b69537b877
SHA1 c75ae36104f576ed7479d69bb11ca940bd05b3a3
SHA256 da8afd3fd73f2c8516296e221ae3287f63ad2ba9f66284dae52ec30cd0ff2272
SHA512 545f450562ca4a62f5349f2035a24263354402d2c4e7259880c6e9af3167d14777b3b502a3be331125633da013e45aaded2f74d0f351cda7c4720bd0ff63d27a

C:\Users\Admin\.MemuHyperv\MemuHyperv.xml-tmp

MD5 48873c525939a809df60804ec96baa3d
SHA1 8da42a54b38ff908724af62d29605bf19b4b981b
SHA256 4d2d591ce8ac0e1ef3a5ca9a0b188f2af33c6d41005334148428abd4cd2dc2cd
SHA512 8685d57af51ae35dc447528ad2a55972f2c85f88cb8284c2856e28bb9e0e0aeb9a8fa3877e7f2d5c061515dad8aec7522ecdf468cc0191b062c94e062dd104c3

C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu_2\MEmu_2.memu

MD5 3b9da67ebcbd18eb48227a932f06def3
SHA1 a02216061f5637e9e91a612fb497f2b197c0461b
SHA256 4a42015c64494b3f13a82d51f1e361a9663d975080c83dbc69406a4baa8529d7
SHA512 e5c3600a0151a430f5332bf04cb7f879d5a21d4f9ed2246cb3edf3ad2431b604fd5faaea8b9057ccd7af605ffbe3cd7d1e4a0db734891dbd8a4c5d3564763258

C:\Program Files\Microvirt\MEmu\config.ini

MD5 0729aa92d7232e096c68e0f1d5e41635
SHA1 b5c8eff83dee1c34d4ccda89d45f11033125a96f
SHA256 74dee47d4ad312dc8344babb67ec618d162e718e4118c8288f7064cfefa26492
SHA512 4f025537a4ae29575f009ba88389271fc58504066eaffc09d97ac4472344d3b31cc0e6c19caab14dc3c87129fa95d3d64947f7bbc2324e3a3431b7169e18f1da

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 b0018c7a92420049c8018a76e8b4af1c
SHA1 611d4643c24e4c31fbccac2d8a1875a91a09506c
SHA256 0a632293667239b15ca0b73860cda7aaa27b51b6b1466968ba387850558f419a
SHA512 1a5d797e1aa50ad0845465752d22951c3aa9a03b19017fb390ce07fdcfbfabd96bc9a3e64cc094516e35bc64e3cb3528d36e6237f65147b6aa3a3e67e7f478c8

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 17fa7c0b1b2abadb7e26f37284439c62
SHA1 d683ce2473dcae86359e04978322ae29ad450aa3
SHA256 cde85ad6000305ce7a58c4c3ef7c175e4dc909505e9cb1c231766dd86662332f
SHA512 7d4149eea01efffa4b74103abe2424d37748ecdc0ab20dffd5d2a465dcb5b439e23f8bfbcc14f112294eae8c9dba97a184733ae97647263def7630eae4c8930a

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 bf6efa1916e25b0bddca2d76cd7abebf
SHA1 e1d9672431c8a5a7bd778b6949690a939dc5f146
SHA256 f0a1f73c324da7b47b0e6c0c5b761dc28f3d71fd3cda2580e3bcd45c91078ad6
SHA512 e29b0e37c87bed25152f334e917b34559c915f408db2f42b3df090a84dc93880b8b5fe57f9e4cc505f0392f743b405477313f5f634f60a8f9083569ecf5f1542

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1f7f755d1d1fa1846d850b29c5e8e13b
SHA1 f6935e64814ff05b687f59f0038290da752a4919
SHA256 4a4e1f9a9becfbbce75c8629dc330f21ebdd409f135fc86709c15581b01a6399
SHA512 24d218b5275e4c6df73832f95a78b4182d3e41ab14fb859345d04af8f1b0d70f88ccb7b4a20fc98ed4604128da50a503de6411749a27e5d814de2857bce4d0f2

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 2babfd7ffe951b4044d84d5b37f331c6
SHA1 eec2fdacdd15e881d494ccda9a07270ac225998a
SHA256 07f1473b58ef32f4f536cc00ffe3e70bf85e301ab3b99cab1973af087f476664
SHA512 ddaa2fbae9662f02ddf4b941a0c962f7461e931e5324b02624d9d7c29fce3c2e161d7aa65b733a96ac15149988d2bcd6408569a2e418442e0193e874819ce59c

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 f26cca428f8236887ca0ea7f56cbcbb3
SHA1 01dd9d28194e15620b3857a1ab28b7e3f045b6c7
SHA256 79ee3fdedc21284977b42a5f3fa723c693d6b1fb1511a6469c2b9400ad4f2090
SHA512 8f8f78ebbf5987498979b60f922397dcbc16be87ac13d42da7b4fc8ea3115d49fc19826aa6923a1a88bde6b0fafb44f63a56136f3724cdcefe7830f045983778

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 2e32a57f1da7784ed42ac5ec96b582c8
SHA1 6546c911f4a7d4bc406e21cf39b3827a94ca9943
SHA256 d3c3aa6dd1c7b9bfdc0327248250209af4b245237ccba4c6fe16f345c82f2574
SHA512 e7107a63ecad58c3511036cf44e57e89b495ef4216f697a94c5f35f157dea56c66f4726f04fa46cfd5c31798e31d73fdfe8b0e27a2066d09fe3f6d6e2ed94098

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 73abfbb69b5e21fb84f1f0083c48068b
SHA1 39dd5e7118e4a1430f87ede2ef79ece91d8f42c2
SHA256 0516b398f98d995a707bca450b129031a77e0e5af56b8ca8fdd22f05a3791b5c
SHA512 0a048fab85cc8500c575e22376831a37d7e8bc5084137030f7b281a33b307ae95e6b3e60b6cbfe495b1440f18c5c56dbc6555f3e62321a0d81b83f843b6d25d9

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6cbefdd82cbe587b8ac72cc65b51df26
SHA1 2f512f5869a6e19cee9517ac8e1cfe00a8409ddd
SHA256 57b5099dfd02f45b34e2dc783d439d2f555a02ee02179761b64882c179ae83f7
SHA512 9cfa9e9012b3cc68686e3a9f3fd860f1e9067942af05db725f42712e91a4af37730e4f9ee1244ec601e4ee86647a6ddf1cc893f2a11c1f9de39f837c5d2692c1

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6ac8c9e6cf24314f5a291033e6b20e19
SHA1 c4ed27d83830b76b5c6f0ce6061f9a74a1030320
SHA256 efed03b96bad858297d4be124ceb47adef1328964d8e879f62a3d0a89b049533
SHA512 8436da65c00a29129cdf3af642cc56908851ef6013c5d1e4537a18d0f433165b70fb3d4e566ef00e6c0c35e16d2962387b5a3807a3c1553b93c3433ba79b363d

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 7ea73d28888913892599ed33b881cd11
SHA1 3f81ddf6271af767cbbcc3e945a7b81a74e98ccf
SHA256 05c506094a7ed6d2b3939b5275fd0a10966a5ee87218b5949511c1cf569dcd80
SHA512 13eb22ba9838cef8a8c18f71ed74648fd48f471c1a9796f51fabfdf4f15cf89e92b02d1b48b0aa1f40ab35df0c43d107bed036e2cc7f7a73ef0b96863f334197

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 df1f1ce288f440e0ff233340acdef9c9
SHA1 05b97ea9b35ba24aad08265bd371c295c70178e1
SHA256 af20e33cf213dc85bc9d257772855b2beff39037c3d7cb2b50e2682081a67c3c
SHA512 52246d338a367f58f4fc9af5305c887d5d60684c6a823fee66964b551af77cac4c493ebbf71fc4855cbb86ff7733b131ca6bb3131ae7aa3fb8317f1c2123c869

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 f372fdda97dc169cbf88d2e1289cac6b
SHA1 13a11703a723d5626f0369729d24db6720b8c9fc
SHA256 404afeaa5ab9386f48823ef762063ad83b81c2ddfd630c3e025c2cf4ceb8ae65
SHA512 c9a8503e3e0b5307f13e44bb735961feb7f2bba51871fb83f666a5927bd530da33176f5e963fe266c3492fd17b925cd886184c0385e21955a77855947b1b28d9

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 a1364623a9245ca2a7867bcb4c0642e9
SHA1 fd0bdc13f77d296c4c8beb1df06e6845af04a518
SHA256 a33229df7ead68580f4d635c6ebe6550ed6df45f9a216d55c58fb5f0ba56b461
SHA512 daf238be91ec721dce4679d7263a522aa8d48d2a35a27940dce19476eb8580695086dff908d5e870a3898e44d8216cb213ca1927e1df2f730a465edb8886bff1