Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 01:06

General

  • Target

    20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe

  • Size

    5.8MB

  • MD5

    60feb08011db31607cee2a5bc1f2206f

  • SHA1

    f8f680a3a8ca7eb2058eebdf2f25a95904780988

  • SHA256

    20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2

  • SHA512

    71db5d12fd3717085b67fe93b671e0f5f7124e1cc3141197572666bc2f914c9b67ba661d49007ea05c7b0cf05345e376ec3894af6696d120957dbb6ce32d3a87

  • SSDEEP

    98304:49Aqm4Riz+Hbw3PR/eqltg9yLcYGgtf2euoelboe2u+8zBfjjGMfLrmdxiW4KTmA:lqxRii7AoyLVG8XuoelbT2+bK2rmdADK

Malware Config

Signatures

  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
  • Detects executables referencing many IR and analysis tools 1 IoCs
  • Detects executables referencing sandbox artifacts 1 IoCs
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 6 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 10 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 23 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks for any installed AV software in registry 1 TTPs 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 7 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 11 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe
    "C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\ajBFC9.exe
      "C:\Users\Admin\AppData\Local\Temp\ajBFC9.exe" /relaunch=8 /was_elevated=1 /tagdata
      2⤵
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks for any installed AV software in registry
      • Checks whether UAC is enabled
      • Writes to the Master Boot Record (MBR)
      • Drops file in Program Files directory
      • Checks SCSI registry key(s)
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Users\Admin\AppData\Local\Temp\nsyC370.tmp\AVGBrowserUpdateSetup.exe
        AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3068
        • C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserUpdate.exe
          "C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"
          4⤵
          • Sets file execution options in registry
          • Executes dropped EXE
          • Loads dropped DLL
          • Writes to the Master Boot Record (MBR)
          • Drops file in Program Files directory
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1616
          • C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
            "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:588
          • C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
            "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2724
            • C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:2084
            • C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:2092
            • C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:2216
          • C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
            "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezExRUU5QkZGLTE1MEMtNEE4MS05NDdELUQ2OEU2NkZGMjIwMX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins5MDRCOEEwMC03NDlBLTQzMDAtOEMyNy02MjQwQzMxNkRFMzV9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDQiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwNCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5N0M2MUNBRS04RkM5LTQ5NjAtQUNBMS1CRDQ0NUE1NUExOEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzI5MiIvPjwvYXBwPjwvcmVxdWVzdD4
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies system certificate store
            PID:1136
          • C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
            "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{11EE9BFF-150C-4A81-947D-D68E66FF2201}" /silent
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2232
      • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
        AVGBrowser.exe --heartbeat --install --create-profile
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Writes to the Master Boot Record (MBR)
        • Checks SCSI registry key(s)
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:2756
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=109.0.24111.121 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6486b78,0x7fef6486b88,0x7fef6486b98
          4⤵
          • Executes dropped EXE
          PID:588
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:632
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1456 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:3000
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1592 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:3048
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2376 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:2640
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2384 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:2392
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:1348
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:824
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3440 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:2624
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1112 --field-trial-handle=1180,i,10963008263380258700,15943309300571522082,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1652
      • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
        AVGBrowser.exe --silent-launch
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Checks for any installed AV software in registry
        • Writes to the Master Boot Record (MBR)
        • Checks SCSI registry key(s)
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1428
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=109.0.24111.121 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6326b78,0x7fef6326b88,0x7fef6326b98
          4⤵
          • Executes dropped EXE
          PID:2512
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:1260
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1464 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2208
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1548 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1056
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2560 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:2212
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2568 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          PID:2968
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:2
          4⤵
          • Executes dropped EXE
          PID:2708
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --disable-protect
          4⤵
          • Executes dropped EXE
          PID:2828
          • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
            "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=109.0.24111.121 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6326b78,0x7fef6326b88,0x7fef6326b98
            5⤵
            • Executes dropped EXE
            PID:668
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1832
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2452
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1256
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2576
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2012
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1652
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3672 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2444
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2808
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2588
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1680
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4172 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1756
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2112
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2672
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1352
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1424 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2532
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2072
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:1824
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2692
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2108
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4176 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2036
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:2736
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
          • Executes dropped EXE
          PID:832
        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
          4⤵
            PID:1508
          • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
            "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
            4⤵
              PID:3052
            • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
              "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
              4⤵
                PID:2732
              • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                4⤵
                  PID:2388
                • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                  "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                  4⤵
                    PID:1612
                  • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                    "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                    4⤵
                      PID:2516
                    • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                      "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                      4⤵
                        PID:1048
                      • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                        "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4160 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                        4⤵
                          PID:2172
                        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3532 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                          4⤵
                            PID:3036
                          • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                            "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                            4⤵
                              PID:1036
                            • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                              "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4524 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:1
                              4⤵
                              • Checks computer location settings
                              PID:1732
                            • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                              "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                              4⤵
                                PID:2368
                              • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                                4⤵
                                  PID:2424
                                • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                  "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                                  4⤵
                                    PID:2612
                                  • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                    "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                                    4⤵
                                      PID:1388
                                    • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                      "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                                      4⤵
                                        PID:864
                                      • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                        "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:8
                                        4⤵
                                          PID:2564
                                        • C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
                                          "C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3788 --field-trial-handle=1220,i,5411757553981203696,11436749583613082273,131072 /prefetch:1
                                          4⤵
                                            PID:440
                                    • C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
                                      "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
                                      1⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Writes to the Master Boot Record (MBR)
                                      • Drops file in Program Files directory
                                      • Modifies data under HKEY_USERS
                                      • Suspicious use of WriteProcessMemory
                                      PID:2064
                                      • C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\AVGBrowserInstaller.exe
                                        "C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=iexplore --import-cookies --auto-launch-chrome --system-level
                                        2⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:1808
                                        • C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\CR_09439.tmp\setup.exe
                                          "C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\CR_09439.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\CR_09439.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=iexplore --import-cookies --auto-launch-chrome --system-level
                                          3⤵
                                          • Modifies Installed Components in the registry
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Registers COM server for autorun
                                          • Drops file in Program Files directory
                                          • Modifies registry class
                                          PID:2488
                                          • C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\CR_09439.tmp\setup.exe
                                            "C:\Program Files (x86)\AVG\Browser\Update\Install\{E456941F-F3BD-4E03-BDCF-4D6FFA9A7D11}\CR_09439.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=109.0.24111.121 --initial-client-data=0x14c,0x150,0x154,0x120,0x158,0x140097c40,0x140097c50,0x140097c60
                                            4⤵
                                            • Executes dropped EXE
                                            PID:2028
                                      • C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
                                        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        PID:2208
                                      • C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
                                        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        PID:924
                                    • C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe
                                      "C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:2872
                                    • C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe
                                      "C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:1664
                                    • C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe
                                      "C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:1500
                                    • C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe
                                      "C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\elevation_service.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:476

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files (x86)\AVG\Browser\Application\109.0.24111.121\Installer\setup.exe

                                      Filesize

                                      4.6MB

                                      MD5

                                      3154bd011dbecd86e6de6db6393b1f72

                                      SHA1

                                      914b3a63458f2dd05432bb5e4d8fc53966ce2ed7

                                      SHA256

                                      f5d036674fbeb5ae3b6d6208054151a1f280994cbf8ef80416d54cde1864d119

                                      SHA512

                                      a92a5246ccdcaabe370c0eb60f4fb1d7dac672db1ee70acb06f6cfe227d343551cd6f45919906717ec29dc213c56436ff4801bc08586e6a679fb1d42b85b2987

                                    • C:\Program Files (x86)\AVG\Browser\Application\Dictionaries\en-US-10-1.bdic

                                      Filesize

                                      441KB

                                      MD5

                                      4604e676a0a7d18770853919e24ec465

                                      SHA1

                                      415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

                                      SHA256

                                      a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

                                      SHA512

                                      3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

                                    • C:\Program Files (x86)\GUMFA08.tmp\@PaxHeader

                                      Filesize

                                      27B

                                      MD5

                                      fc8ee03b2a65f381e4245432d5fef60e

                                      SHA1

                                      d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f

                                      SHA256

                                      751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4

                                      SHA512

                                      0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

                                    • C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserCrashHandler.exe

                                      Filesize

                                      149KB

                                      MD5

                                      f73e60370efe16a6d985e564275612da

                                      SHA1

                                      2f829a0a611ac7add51a6bc50569e75181cdfd58

                                      SHA256

                                      9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e

                                      SHA512

                                      2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

                                    • C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserCrashHandler64.exe

                                      Filesize

                                      170KB

                                      MD5

                                      deef1e7382d212cd403431727be417a5

                                      SHA1

                                      fac0e754a5734dd5e9602a0327a66e313f7473bb

                                      SHA256

                                      7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088

                                      SHA512

                                      6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

                                    • C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserUpdateComRegisterShell64.exe

                                      Filesize

                                      428KB

                                      MD5

                                      2a3ad7362e6c8808fbb4d4ccaba4ed4a

                                      SHA1

                                      3f896f7df7fe202f4a717713c503665bb4dcaed6

                                      SHA256

                                      4dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759

                                      SHA512

                                      892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679

                                    • C:\Program Files (x86)\GUMFA08.tmp\AVGBrowserUpdateCore.exe

                                      Filesize

                                      512KB

                                      MD5

                                      dd5dc945cd848bf503862d0a68c3ea5d

                                      SHA1

                                      9b277a0c733ed5698b0656da8c3b99d2f90c7ef8

                                      SHA256

                                      8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f

                                      SHA512

                                      f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdate.dll

                                      Filesize

                                      1.4MB

                                      MD5

                                      04a6438c50564146e880c5eb9d57905e

                                      SHA1

                                      edf5d454de99159d832cc9bd0d8dbe132d749804

                                      SHA256

                                      26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812

                                      SHA512

                                      8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_am.dll

                                      Filesize

                                      42KB

                                      MD5

                                      ba03b29d5d44341084eb06bea8f1e702

                                      SHA1

                                      7d8dd7556ea5e299b55ddc7477ca758fe2c64f48

                                      SHA256

                                      6a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b

                                      SHA512

                                      29f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_ar.dll

                                      Filesize

                                      41KB

                                      MD5

                                      9c77be0843f0fe4864a04f8d5f24a593

                                      SHA1

                                      be03adb4d3c33520e652c7a6ee45f09d5ff54a54

                                      SHA256

                                      39547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1

                                      SHA512

                                      f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_bg.dll

                                      Filesize

                                      44KB

                                      MD5

                                      c0b41217fc33a6a53ec69ae7399460f2

                                      SHA1

                                      d7dd8d543b7297f1a1e138efa1806972c9489c3f

                                      SHA256

                                      d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b

                                      SHA512

                                      37abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_bn.dll

                                      Filesize

                                      44KB

                                      MD5

                                      aedf6d96ccb64f488379bb1fe65f697a

                                      SHA1

                                      901bbb7873d8f698f49c4b6be74fb50b353d7b5e

                                      SHA256

                                      941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90

                                      SHA512

                                      d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_ca.dll

                                      Filesize

                                      44KB

                                      MD5

                                      f951cf3ca93e5ae5fc1ce2da93121d98

                                      SHA1

                                      15bc869406857437babe41cd3f500c356913499b

                                      SHA256

                                      eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746

                                      SHA512

                                      b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_cs.dll

                                      Filesize

                                      43KB

                                      MD5

                                      7f3dcd851645d3d75f636c8440fb057f

                                      SHA1

                                      85debe41ddcb46555a0d00795e41e460a35583c2

                                      SHA256

                                      0b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043

                                      SHA512

                                      d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_da.dll

                                      Filesize

                                      43KB

                                      MD5

                                      9a421423686559027e4301d36bcf58b2

                                      SHA1

                                      9669424f4e7c765ddb917a515d5a8b1486f87daf

                                      SHA256

                                      9d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69

                                      SHA512

                                      f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_de.dll

                                      Filesize

                                      45KB

                                      MD5

                                      1c15851d9dd22e4ae3f3bf249da79035

                                      SHA1

                                      60fc5652b5e1c55056c961d4d3b961492cb3432b

                                      SHA256

                                      a9dd72a08c0c58a71b2289d76efae681a5c8eb5faf73e49b873f15ba4050baa6

                                      SHA512

                                      6da386c35b317f39613da73340631f927606bccd0a8c626537eda896eb32c9a2ed1d71c7cf838f1a4b90553f3f788eeb5e02fe84774fb0ad2f574bf4e4d7e248

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_el.dll

                                      Filesize

                                      45KB

                                      MD5

                                      0d15748f01df49dae986f1e27dc098ef

                                      SHA1

                                      35a435bdaaf47795977b28cdae2e4ea1fdae73a3

                                      SHA256

                                      df13c38061cb0b02dd8a9023a17da0bbe1cda6fdedad5203129fc702c7fdd9b1

                                      SHA512

                                      290e9936f50e3bd11c1b9d28decf3b43f5e23bbff16801e7b0491690773d057b6bcdcf48c48a7ee16fa2400723b3e974e2b74e3899590a8e660c2e9c78b9d141

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_en-GB.dll

                                      Filesize

                                      43KB

                                      MD5

                                      02465169cd873c4492196e03457f2771

                                      SHA1

                                      837ca5e54a8c12577d0d05a32996dfc04067c5ea

                                      SHA256

                                      4eb9edf550bf1f66382e5d8bd4958438891cd2ca46557d14f4b945dc176ec025

                                      SHA512

                                      e73b5f3951050f2903b80b89d2b9fd9ebf69adb922eb8238ef4c01f413ae67727d7598d4ac15f7ac8b9257aef0139e0924c70c5898357142a303d7e2b15394c3

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_en.dll

                                      Filesize

                                      42KB

                                      MD5

                                      418853fe486d8c021d0cca2e85a63d63

                                      SHA1

                                      9504500a7b5076579d74c23294df4bdb1b7c517d

                                      SHA256

                                      4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3

                                      SHA512

                                      dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_es-419.dll

                                      Filesize

                                      44KB

                                      MD5

                                      3e5971e8559c77e8901ce30d14034730

                                      SHA1

                                      04cc21ac4a84abd29f7d7585282345881fd81721

                                      SHA256

                                      613418b8779f7440b88f1734d6c514706df9dc9a58a623966cc1c9ba4e29c28f

                                      SHA512

                                      b4592b25cf676db6d6de1be811c39bdeecc24bbfd4dc72fa4b3f97de866f9b0fec7c85f7d56f048f61829c1d8b4109e4a0c7e14a9e410e30a6a8da702941e00e

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_es.dll

                                      Filesize

                                      45KB

                                      MD5

                                      5f8ea18786d5ef1927cd95537abc3ae0

                                      SHA1

                                      5530650ecc719d83b7aa89e0b326b5698e8adda2

                                      SHA256

                                      fa416294b078226a8919dbb8f75533a6ef96d63d5bd17aac854eae68791433cf

                                      SHA512

                                      577dc7d19e4443e8aede759a781826c091c17d12fb06e89b1306133f21e01dab919045183a916e1b5647ddf485134a8459745a9199df5c7e36abe192645d8e25

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_et.dll

                                      Filesize

                                      43KB

                                      MD5

                                      5029406d9202d6f2f279fdd3a06f55a1

                                      SHA1

                                      dcca8bf9392faa0038c6cb5d25929726b16804af

                                      SHA256

                                      cac545e04d701c39f4a730aec4c3dad177d8ea4baca10651f150925644874864

                                      SHA512

                                      519538e05f8e21966e4878291692cf25057bba3c993c0034a33b1da7c9eb0a8fb881565717ceb6c1139fd601b73b1f1e2aa46e20aeb6b93f897cd2ef93172934

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_fa.dll

                                      Filesize

                                      42KB

                                      MD5

                                      8564514501256ff045cf7aa6c1b5a797

                                      SHA1

                                      40b9aa8d04c48fe2ecf193c2089418ccc938676d

                                      SHA256

                                      f3f46a6da6c8ccb3ce7fdd0cb5882f45523decca95852b8c775bb90f8e92c1b3

                                      SHA512

                                      701077c8a1c70c1bd0c35f54aa838dba7b7b6f832e0ef2776673092fca546276166c3638676451c9655086b740b9e193cd54f952fd5fca481b964083b881bcc2

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_fi.dll

                                      Filesize

                                      43KB

                                      MD5

                                      57dad7c22bd635a5af8fcdcd63d4e530

                                      SHA1

                                      8aa11ea5c1cacd9b23c29989f22e82c43c827d0e

                                      SHA256

                                      1e0d05927a455115265db9308e0f78ffb7bbb5442f36b8483549efbe415454a2

                                      SHA512

                                      4236609e37ec41bf46d0f45e228c9021c1624e2f98a642eab513d290a4482da13764fcc2d044f78ebdc09e0cfc63a251678d169cb33e251d6f6d5de9b96c31b6

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_fil.dll

                                      Filesize

                                      44KB

                                      MD5

                                      5ed0105f4043466a99557dde1f70e97f

                                      SHA1

                                      c57c935cc4b25b6375ab3fcdfbb265f4c586ec3e

                                      SHA256

                                      cfbe0120ddf8d5574f7c44c85488f53aecec4df9bfb25f1cefbabcad5af46096

                                      SHA512

                                      4fa641810f758e0031388ec146467fc130780e2f2cc8495b6a2fff0679d7bcbe7526356f85a97b5338e84d791ba14e812b2c182fdae01763640be3324fb59526

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_fr.dll

                                      Filesize

                                      45KB

                                      MD5

                                      8ddc3f7276c12ac407cadcda6e2a3e12

                                      SHA1

                                      78c5e802f67c8b6ae3fe13202e6a54d3cca69df4

                                      SHA256

                                      7f2f0f9f443a022f5aedacc40c28d0654fec488f34435c75979118464256a8b7

                                      SHA512

                                      0d05bdd2d5e9f36eb09182e8b13507ba03e256c4aadb77bbfedf29584a47fd1e0733a825a3f687d3058e53c8075caf6dd9d24ec93f1bdd58ca97106827323540

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_gu.dll

                                      Filesize

                                      45KB

                                      MD5

                                      a4061e8408cc59cb898adfdc4f173278

                                      SHA1

                                      ae34e3058a40449481590bb3a63aa0225b4f6f98

                                      SHA256

                                      e033c950ecc6333dfcb944e70622e77a6498ba0e23fd144117dbe9a2a0c15be6

                                      SHA512

                                      d8a847e9a21c86c7b9b072e16914f42185e3c0e1d99f6ea5259382eb0fb89578c7a7f9f62f892f1d20be180dfc327bc076ea038057895c8b92cb1f0c053e0b2a

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_hi.dll

                                      Filesize

                                      43KB

                                      MD5

                                      38525b8a1b15a8aeb4fcfc8bee8358bc

                                      SHA1

                                      ac2ba33b8ad778a8165c87b579dad0dbef5bed75

                                      SHA256

                                      271e83bc86e490cd5b6cb9cb34057c7684d233c56a53f4f553aa07507c9dae52

                                      SHA512

                                      ad8df196174ceeadce4588dcd365066665267b922078d92b328ba661a4ebfa6d06b4263a4b8a28e4efb4d86e1140d71a3c3bf4b7b60970aa20552aa7f0c73acb

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_hr.dll

                                      Filesize

                                      44KB

                                      MD5

                                      27c0dbd61a71420bb4d1a0be2373a175

                                      SHA1

                                      47b4c107b711caf5a6b2978bd6fd6b53ebdec5e3

                                      SHA256

                                      43191a4c507a112e96e06f959b6cf78406bf970b021ad8d7db59d1b9c52779bd

                                      SHA512

                                      d1f20e9a628bdcbd26b8d5de89b87bdbc8dab871651c86d47c023daea86c7ada0a565fdd05b48c7643a63db044639f4eb89d1640e58c9b32722e4926c3c5e72a

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_hu.dll

                                      Filesize

                                      44KB

                                      MD5

                                      114cc594fab2e564ccb24a826f3623e4

                                      SHA1

                                      c3c3fb4ef6ea6ff0e7a1e0289320b2fd2788b03b

                                      SHA256

                                      c89e223a42d7173f915dd088ebc84b0048cec772bd4221b4b90ce4c0e419ffe6

                                      SHA512

                                      9a7eb5710340cecb2d32de26322dc862812e185b6d260d76c0c7f642f30cf9e43c88aec76b515148ef986db0c77fd0e31f71c8fd26d56a4cc72dff0d023abb5d

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_id.dll

                                      Filesize

                                      43KB

                                      MD5

                                      7e7deef6ac35c9d52410fc356391c7e4

                                      SHA1

                                      43b3d918867a93ba109a3e4eacb45f3cd5c40b93

                                      SHA256

                                      963f4d2ad7ddcdcfb6185521c0590a92f2014897d5f5f525471ac81f3807fc5e

                                      SHA512

                                      9eb0e9be0a973693b4bd167f6c1118dd9d702b1951a90f0a3a6103e77c43ee6afa173b79d3ab21fe94a98c320b17ab0b787cf5b6ec47d9dde9e3e8c14b8cadc7

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_is.dll

                                      Filesize

                                      43KB

                                      MD5

                                      dae35fa037b6248876347521c5298566

                                      SHA1

                                      8358fc05a675ea56f720052fbb4b384d97b94d86

                                      SHA256

                                      ce0652b8dfaf21b6192b66bf75e140b3d72aa545e0edf62d9e82e9b0878ac5c5

                                      SHA512

                                      4158b8fef0da76ead12b5d6e421c5709664ba84d1ddde44ef6bbd1023084cad3820a37abea03b206635a945a2435b301234cf5bac3c8e2861a852b2699036ade

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_it.dll

                                      Filesize

                                      45KB

                                      MD5

                                      3ae3106694098f8420b182ad5e3354ab

                                      SHA1

                                      bc9dab621b03d4126b97c260becd7f4525255462

                                      SHA256

                                      59b406b29538c3c3d0f060b5fc0ccd36556f8a6278327935a5475c6b21741dc9

                                      SHA512

                                      f3625be57976083d642b01a41a53d6db6cad3bfc584a50de3565fe10975a5d7d2cf4f8b41bcdaa5ac70f8fc4ada113084de07e2ed45f26401dc2d4f8f4c322a9

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_iw.dll

                                      Filesize

                                      41KB

                                      MD5

                                      31227325c8617b308ccd268c2be7e72a

                                      SHA1

                                      71e369f26e644e643fcd538d933e4087dd593f1f

                                      SHA256

                                      4a98e34a528eff04c2baf4e9e50489086e58d2e32e1851f33674abbe5e104c68

                                      SHA512

                                      ba8d94dde5b7b74a39ed54a5f3e47a558e0c1deb632018c82423c06806071143851bb1d8c7a7bada6f13e71734e7a29457f3741266972b777cded41c953a9645

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_ja.dll

                                      Filesize

                                      40KB

                                      MD5

                                      0cfc5b7b3f86d6bfaec9a0713da74df3

                                      SHA1

                                      81a278fdee9edc302fe4e7a88c9addb230ce6df2

                                      SHA256

                                      1d7fd1b6a614538530385e7a40efc95d3b8be75057ae03bf999aa2419d1f9f24

                                      SHA512

                                      8b8f834ccee41c69c581f0b80f26b0cdb536f87bebd5a6b1f02cdf6f1aea5cf5b29c356e82c7a8fd591bb16c0938a790ac8f90f6d27edc95fc48a5aa3c30cbf0

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_kn.dll

                                      Filesize

                                      45KB

                                      MD5

                                      49000b4a101e635b05123f21b360b492

                                      SHA1

                                      635f697f41c0591168e0eee10930728d9dec5a53

                                      SHA256

                                      a2aab58a4397c040bff69d45bef4ede6842034bf897799a9347232c4b6c9c7a5

                                      SHA512

                                      9b62c2048e9c132089cce7da02ea5c95b5856f1c6e28d5581f4a0b1748e681bdd78c7d537d273a64f9d476e4ec62da5c6021cc1ccb69f7bee216e7bec6ddc6e0

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_ko.dll

                                      Filesize

                                      39KB

                                      MD5

                                      dd2f783c0017630f9a2969957f4eb84e

                                      SHA1

                                      d42218de12a7c1c48fb5e7d60e61e32ce0cd9ac6

                                      SHA256

                                      07e63e0e3d23f192ac131efc459c2d9f79a4ecdc39403d43fbff320c4b5fa261

                                      SHA512

                                      689f625df8aec45a6343249739ec094cbb1245a9dd8847ffe6bf62fd2d7042d529f77216dd22e8b33830cf21b158f0ef6ea42af2248051c8d97205eb0229a22b

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_lt.dll

                                      Filesize

                                      43KB

                                      MD5

                                      38606bfb6c9bfdf74503f833ee2733e5

                                      SHA1

                                      670abd1279f642ec7b19f663e53f2813a716331f

                                      SHA256

                                      df6c4228da3bf66929d81b99cb35df4a4389418490144630e1d9d5f422b56b38

                                      SHA512

                                      6cc6f2fb0e5bf0241656cce5dc7311f05b8d79633f2176f8c172a9fcfa9813e3963576363d539fa1a8a58fa6bba138dd0baa7562274fbe99be5cda60f4671747

                                    • C:\Program Files (x86)\GUMFA08.tmp\goopdateres_lv.dll

                                      Filesize

                                      44KB

                                      MD5

                                      83c356f6310d51f8ffc1d67d580f5914

                                      SHA1

                                      f9bc318975f288fa47e8426b4c450a93b10af45c

                                      SHA256

                                      98e35cea7cddce15191594a70f8e15ff2dd1c02bde87225af0331441c65bca26

                                      SHA512

                                      28a26cb1d88d072d7898ed27c3e9d056efedaa2cd9eccf951429f41df2c0162be3c14e58cfb4cf50b633d759825fa815a9249e7690d2ab75f60424b30dbe0424

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                      Filesize

                                      70KB

                                      MD5

                                      49aebf8cbd62d92ac215b2923fb1b9f5

                                      SHA1

                                      1723be06719828dda65ad804298d0431f6aff976

                                      SHA256

                                      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                      SHA512

                                      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\566862bc-d4b9-4848-acef-533053c770ef.tmp

                                      Filesize

                                      169KB

                                      MD5

                                      af4279bfe0838ee460bda756579f1b65

                                      SHA1

                                      5801c6f2a9b1f41dec47d9cc88335a47cac1bea0

                                      SHA256

                                      34ac120fba1e4ba7c8de65264e9446e84b37053c01a280809950a0c47486330b

                                      SHA512

                                      67f3104b87371a58e7e72a42754c43dac33f12cf2afa1272d0bc0a7499d0d8d38f49d3b8303d6ce2a2b607c7755cd238d1ca38a66923fd8b3d8c6c541f8ce4d7

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\gjcfnponmdkenfdibginkmlmediekpnm\1.26.0.854_0\_metadata\verified_contents.json

                                      Filesize

                                      4KB

                                      MD5

                                      0e7bfb2084dd49ad6bd4b927d594794c

                                      SHA1

                                      ba3bf3c75cce643968c7a3cb9fe15f9010d938c3

                                      SHA256

                                      e281d85bb3163e6ec3ead28efb084400207b64e690c8302d87f7924b821e0064

                                      SHA512

                                      2f10dbd08b917c8c674cb658e9911202d6f601d089ee66f05972bf03e27ff48c2b02bf691bbd30da83ed9a4aa0f8b9f72dc3c0fad4d3754833713b8489484060

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\gjcfnponmdkenfdibginkmlmediekpnm\1.26.0.854_0\background.js

                                      Filesize

                                      100KB

                                      MD5

                                      d0d58c54aa20e17a2fc7c90c5cbe97d5

                                      SHA1

                                      59de8f3d461128d40634dd9359eb8fd54d47fd7c

                                      SHA256

                                      c533093e78dd57b7358b779dc5a8f1ee2b2fb0d79e3a38d4f3a9d8cc0b9d7149

                                      SHA512

                                      c3c83771a5d3dfcb8cd03ef10bac4d55408444b17aaa1e6c88746a9950c8fd4051545260b8bea5c01e8f7572a470b6da862fd861e8e12be9bfa235487b0f8aaa

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\gjcfnponmdkenfdibginkmlmediekpnm\1.26.0.854_0\webstore.js

                                      Filesize

                                      428B

                                      MD5

                                      ff713828113f6377533d41a36bff5ebd

                                      SHA1

                                      7157c2333be0a6df2db2dc0c25d36738acc823f4

                                      SHA256

                                      60657bad3b62a195d588178203e25df302ecdb8b51fcc49cc4f628aed8998dfb

                                      SHA512

                                      b55bd6b59b57003785db6a8f7e0f46b2ff4db619b4ea143c09f1e456ff1c5efffa46226984849cd8da98f48c06a79a4d00edccba3b7e1d4423e448f1be001113

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Local Storage\leveldb\000004.dbtmp

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\87bf23da-7e1d-4d49-b3ad-83bf801e9dde.tmp

                                      Filesize

                                      957B

                                      MD5

                                      e975a3b9ec5c16b02734fbcd514c2f16

                                      SHA1

                                      e7fd5f86a62d18e95b3b8db77443b68a65473245

                                      SHA256

                                      2c7ef3c1ebc9f487ed24e63326d377367afd1051098cb740cda2e8f27e676dff

                                      SHA512

                                      50baa0921171d5f9451bf5455b0eb1e97708414eaa4c83e43835a7a748bd562a397df78761c30cc151bffbbab842cf0e935e438efb41090eb80ad0d582240f8e

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      596506ffafc7174a5e66869ede3bdd04

                                      SHA1

                                      7036f3d46b5d2002948adbf5a110c63fa6389de0

                                      SHA256

                                      0d7f63a28ae3bb862da145b29a60e5d9ca5c0b8795c815993cb7b5021e99bd22

                                      SHA512

                                      e709ea0047768f7382cdcb4ea9bd59b3974857cc3e0d333e50e0541696069093857fc2a65456744c17be6c645168ea0e4c2734dca2d1bf02ffed99f2211fda83

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

                                      Filesize

                                      13KB

                                      MD5

                                      8a432f742c3faa6c352a06f88c6b813e

                                      SHA1

                                      c541d248cf86fd3c48eb8d630e71400e4a85da6d

                                      SHA256

                                      76b9e91729285466314684f93b43cdd3cc6261e2ac781b62e96025faea1fe0d2

                                      SHA512

                                      dc61070a52f076c1874c60c02967f4db7d674dd30f5d17e84dca5b1c2e1513d8dea7746dce95c27a89de41c728bec8a88cf88c022b4aacc0086e9ca88fe39c07

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

                                      Filesize

                                      10KB

                                      MD5

                                      3e83c296a256436ed1be25b820bddff7

                                      SHA1

                                      47a96ccae18ad7f54f2b9b55664c9b8c4c18f9f8

                                      SHA256

                                      97fda1867ba33499cad49bf7002a317d4cd024f25a021c7de592730df12958a6

                                      SHA512

                                      14847aceecce45c93cb41a2f8c634c81cfed31016dd3f3918ba50d1817b744610c313fd3daa6d32a6317fe13f0aca82e8ddf8dee7dbdd2242c22d2064f68f9df

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Site Characteristics Database\CURRENT~RFf783b6b.TMP

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Sync Data\LevelDB\000002.dbtmp

                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Sync Data\LevelDB\MANIFEST-000002

                                      Filesize

                                      50B

                                      MD5

                                      22bf0e81636b1b45051b138f48b3d148

                                      SHA1

                                      56755d203579ab356e5620ce7e85519ad69d614a

                                      SHA256

                                      e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

                                      SHA512

                                      a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\bc9d5de2-d802-4997-8760-cea672f93538.tmp

                                      Filesize

                                      15KB

                                      MD5

                                      13162a1332659b3162288d65db3ada5f

                                      SHA1

                                      4a7f893aa99d648b3cf6b65f8c534ecfb0aac9ba

                                      SHA256

                                      5f34b91d32841c7a48de732fd57c01e390defb7c97e564c5d36b53c56166eed1

                                      SHA512

                                      92ba5d17b044bca45a75d01ec04789315f19b426ad7c74d1d1228c4a298aaa055719a1c4960aafd69eee207df0a9dee6f61d4b65ae24dbce2b77b8181ff07513

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\ShaderCache\data_0

                                      Filesize

                                      8KB

                                      MD5

                                      cf89d16bb9107c631daabf0c0ee58efb

                                      SHA1

                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                      SHA256

                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                      SHA512

                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\ShaderCache\data_1

                                      Filesize

                                      264KB

                                      MD5

                                      f50f89a0a91564d0b8a211f8921aa7de

                                      SHA1

                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                      SHA256

                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                      SHA512

                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\ShaderCache\data_2

                                      Filesize

                                      8KB

                                      MD5

                                      0962291d6d367570bee5454721c17e11

                                      SHA1

                                      59d10a893ef321a706a9255176761366115bedcb

                                      SHA256

                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                      SHA512

                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\ShaderCache\data_3

                                      Filesize

                                      8KB

                                      MD5

                                      41876349cb12d6db992f1309f22df3f0

                                      SHA1

                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                      SHA256

                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                      SHA512

                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                    • C:\Users\Admin\AppData\Local\AVG\Browser\User Data\ba7097c4-d05d-48ef-af2b-935bd4b18492.tmp

                                      Filesize

                                      3KB

                                      MD5

                                      5c2cc7ce0950702bf21892f7bc8ccaa7

                                      SHA1

                                      880d9719011a1ec21736b29a8ca9353b828337b5

                                      SHA256

                                      9c764714fc9accf29f0f17c1a2711adbad3eba552267b8f02d2ac443962f232e

                                      SHA512

                                      1ffeb08eeec73358e3e350f39938050d58f83dbb60480b78e09b4f7eae3e04b278854202e8ed39bed7222b1592b1a22499539dc192f1c7ca02972797eb434bea

                                    • C:\Users\Admin\AppData\Local\Temp\96341b6e-814e-41a5-be90-56ac4776e6d5.tmp

                                      Filesize

                                      1B

                                      MD5

                                      5058f1af8388633f609cadb75a75dc9d

                                      SHA1

                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                      SHA256

                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                      SHA512

                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                    • C:\Users\Admin\AppData\Local\Temp\CabF702.tmp

                                      Filesize

                                      65KB

                                      MD5

                                      ac05d27423a85adc1622c714f2cb6184

                                      SHA1

                                      b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                      SHA256

                                      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                      SHA512

                                      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                    • C:\Users\Admin\AppData\Local\Temp\TarF7DF.tmp

                                      Filesize

                                      171KB

                                      MD5

                                      9c0c641c06238516f27941aa1166d427

                                      SHA1

                                      64cd549fb8cf014fcd9312aa7a5b023847b6c977

                                      SHA256

                                      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                                      SHA512

                                      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                                    • C:\Users\Admin\AppData\Local\Temp\avg-securebrowser-web-tags

                                      Filesize

                                      53B

                                      MD5

                                      4c94408946d796a8b19c17df5cf0562d

                                      SHA1

                                      89056150d90683f9548dadc308eb2789a67c2a47

                                      SHA256

                                      68042cb47d900c4110ffc5f46e5f8395b35f42d33fc75e58ee34c7f5d8726de7

                                      SHA512

                                      96a31f0b7254f42fec787233e2d11991709bc0b2514d163dd1f7696015e7318f9810d9811473fc13d6782d65e40f6a94fe6a7ffef3cb962032cff3bfe8b99a29

                                    • C:\Users\Admin\AppData\Local\Temp\nsyAC48.tmp\StdUtils.dll

                                      Filesize

                                      195KB

                                      MD5

                                      7602b88d488e54b717a7086605cd6d8d

                                      SHA1

                                      c01200d911e744bdffa7f31b3c23068971494485

                                      SHA256

                                      2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11

                                      SHA512

                                      a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

                                    • C:\Users\Admin\AppData\Local\Temp\nsyC370.tmp\AccessControl.dll

                                      Filesize

                                      26KB

                                      MD5

                                      c36eb8336b91d277dfa8575eb00d6364

                                      SHA1

                                      9ec81b49e7675548449e010950bc50bff7cbc960

                                      SHA256

                                      4336e05960fee8c775b343209911f14acbfdde1e8d5aa9d1f0ea680fb4407307

                                      SHA512

                                      0abe6e367d1c934fec8a89617b5fbfea5ab7f8e557ada7a667aedb495f637c8782a2f4723c2d68b9edae4f426deb5bbc0536f643fc65ecc2cd33295078474394

                                    • C:\Users\Admin\AppData\Local\Temp\nsyC370.tmp\CR.History.tmp

                                      Filesize

                                      148KB

                                      MD5

                                      90a1d4b55edf36fa8b4cc6974ed7d4c4

                                      SHA1

                                      aba1b8d0e05421e7df5982899f626211c3c4b5c1

                                      SHA256

                                      7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

                                      SHA512

                                      ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

                                    • C:\Users\Admin\AppData\Local\Temp\nsyC370.tmp\FF.places.tmp

                                      Filesize

                                      5.0MB

                                      MD5

                                      3476d4395be1207da665dcda0a6a2472

                                      SHA1

                                      9f491995d1da8d19de2d055f1e13bdd0dea295e9

                                      SHA256

                                      f96ab4ba458d267608cc847d760457289317883f0a5add517be53f39a6d8cf97

                                      SHA512

                                      23011454397ff897211779e8a46ec0a2a99cf302842bfd6216980fd8b7d6c9200a1fc0cd3f47bcbebc2112c23877decc4a52d3d32afda97f7c1aae9db0d21949

                                    • C:\Users\Admin\AppData\Local\Temp\nsyC370.tmp\Midex.dll

                                      Filesize

                                      126KB

                                      MD5

                                      581c4a0b8de60868b89074fe94eb27b9

                                      SHA1

                                      70b8bdfddb08164f9d52033305d535b7db2599f6

                                      SHA256

                                      b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd

                                      SHA512

                                      94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_106061592\CRX_INSTALL\js\options.bundle.js.LICENSE.txt

                                      Filesize

                                      2KB

                                      MD5

                                      4e994bc011dc4913520bd9f4cefd135a

                                      SHA1

                                      de9aa409a953bce76c488dd9b7297a23f63eb909

                                      SHA256

                                      923090b15eca2d9a8c7f02431cbc23961b45e34a33c6ca0df8c162abc6f91688

                                      SHA512

                                      2d64ebcf3b135c6249d4883c54de3f9bc0cef36c9c071b1295816ee416481659ee1f62d06c92c1b4a92e48c88cb29312398d8cf4e54d3dd5112d801ef3b080db

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_106061592\e63b9093-6785-4a4c-a7e3-edea51817497.tmp

                                      Filesize

                                      1.3MB

                                      MD5

                                      06d466a1cde4306356506b35153c5ebd

                                      SHA1

                                      c43850528e8150e1f0e253653d2f0155d00585fd

                                      SHA256

                                      6b1205e9b435c6241ab9c244b1dc3c309c1d82211268501e71e43c4425fbf590

                                      SHA512

                                      5d79ae61fea7097ddf4b5f2c639ddd1ebdffb7d0e69b74aac47e166afbe94e88e3a4dbd1cf34d55c6c8b0fcba3c30b676c8460b120470c17278caf22896b0b33

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1440326505\631bc258-4ff6-4833-a29f-f1793bc3412a.tmp

                                      Filesize

                                      839KB

                                      MD5

                                      f50e00df362d5a597b9e7f549df2587c

                                      SHA1

                                      cf6aafdc3f25bcffdcabd3a5db2e40d1cf42dbc9

                                      SHA256

                                      1518106d36a5770684ce0cd86279e19ee601225d9222f7f555421990a130eebf

                                      SHA512

                                      4691ef983c58d2f027bb0a283ed0a3b11da972588c4c4ab3462fd2e4546f0df85ed1c1f56a481cd86470e3ed02ee8859f22bd04c75a47ce1fe5cb5c983e64577

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1498056949\9ac3efa4-7f8f-4151-bca2-5e41d733515b.tmp

                                      Filesize

                                      2.8MB

                                      MD5

                                      f75cbfbb5eaa5f46574955ed6651da78

                                      SHA1

                                      4ce276c03898e57667b401761fe1df5f11304a68

                                      SHA256

                                      643962e7cc16bb8e9edbea5f05473764199c7179d06a65bd88a0d101d1d5a9bd

                                      SHA512

                                      287847c5caae39fc80e90ae105a5fb0c9349f402872721c599eb9c9ccaf171437879f0ef8bdeae923bf4520befa316b60acd3e975caf8496f05dad24e1b34e40

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1821403576\088dfa76-ac97-43d8-8ee5-ce67420d1e5f.tmp

                                      Filesize

                                      90KB

                                      MD5

                                      65a028a0d2831eed0228ecda4ab9ef2f

                                      SHA1

                                      86d5eaec3e1c7ecde3f37ab36a017599ddcb2138

                                      SHA256

                                      5cae2b06bc5525e26e08cfaa43be7a5f8df88053397676cf81a5402a1ea0059a

                                      SHA512

                                      edad812dffcc0c8b399d3c5c216973bab2fe9e9dbc0d2c6efffc8cca5f1c58e126b83046c4c90febf003f3afd3d3c12c9ba46ad9d18975f2a6c5094643ca4f87

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_1981639573\aab6f44a-2a08-4fe2-8f5e-65369a053cb8.tmp

                                      Filesize

                                      2.2MB

                                      MD5

                                      ffcff8e2ba102530ce54f9ea1529ce48

                                      SHA1

                                      0d3ebcf3ca535032d825b6a0c5a4c5e45733033a

                                      SHA256

                                      bfaebcbdaf420eac93d20ad94680fd13fa391bb8d4f7a29603b5172628fc093f

                                      SHA512

                                      e5c8aeccc919a8b07442bb291b1da38a0f82f5a1352b8ac1edbbf9b471675b92cfae53d118c819ed32dc8992ef8efb943e8ecea73d28706a7c88b8d83fd025ec

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_397505502\6eb34c42-16b0-44e0-9b10-93af30c4b2d3.tmp

                                      Filesize

                                      1.2MB

                                      MD5

                                      d343a7167bf2962f27b54de17ec166a9

                                      SHA1

                                      cec2497d5ea819f05be656b8e15f79a6eaf27acf

                                      SHA256

                                      a00f73fe6dedd17fd34252c40d89c6be5524027ddb2c0effdbb298d7d7065de3

                                      SHA512

                                      64ada12e0bbd202c2f4817bb804d7583baaac469eaac0fd8db0df6bbc9d8d33603feb0cbeae6830b205fa056765da835b0e35b0733e3ce8964b8890aba382a4d

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_884216614\072a144d-7ff8-40aa-b96c-bfeaa99e2ce1.tmp

                                      Filesize

                                      936KB

                                      MD5

                                      79e1a051e0bb64259538622f94be9988

                                      SHA1

                                      9b53e95bdb4a0923ed84a69972dc7168bc2fc942

                                      SHA256

                                      5bbcdbe935746ee78233c06331293ccf7a62f359cfd2d88a910cfcb8d9ec65f4

                                      SHA512

                                      6beb6aaf5afb4b5f36cee371a149ce5dab8a4553446553a1341996affe10f888f6ec2de19cf3ef355552d71287844fa8cf988d90bf050008f4a7591cfaa31511

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_884216614\CRX_INSTALL\img\common\extensions_page\icon_16.png

                                      Filesize

                                      540B

                                      MD5

                                      67816b9f9f56727c41d64793d0eb4902

                                      SHA1

                                      99dee423dc2ec6ddb923208240b2fd13409c8ca5

                                      SHA256

                                      7b9847ea5d27c37df0430ff4056ecf18b2248d18a10d7ee1cd7f8908f0a82d5d

                                      SHA512

                                      6fab420866894593620e95ce3cd988e6a9525b6bdb0b4577f8ee5fe513f3ba187996ccbda9d0b54b493122136e52c7bd179da22cd8106725f24401816429a3c7

                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1428_905736226\cae8068f-2e3e-44d4-8769-0b8ea2f96a20.tmp

                                      Filesize

                                      1.9MB

                                      MD5

                                      21b06e448a0bee23eb6b80dfb39f1e82

                                      SHA1

                                      d60b3a9021a704247af4ba58bd539d42f780661f

                                      SHA256

                                      3cad9f24f2ec2bee7bef2410ef713924640bda964e865096db6dde37103481ba

                                      SHA512

                                      9678b1302eb289f04c0fad0a60455da7d24da4bb72177561f8668f0995d695485eba915bb222d7231a8188ac6ff3b4b0ffbbfe3b725b9c0112ca6af9465f5709

                                    • C:\Windows\Temp\Tar1C3B.tmp

                                      Filesize

                                      181KB

                                      MD5

                                      4ea6026cf93ec6338144661bf1202cd1

                                      SHA1

                                      a1dec9044f750ad887935a01430bf49322fbdcb7

                                      SHA256

                                      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                      SHA512

                                      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                    • \Program Files (x86)\GUMFA08.tmp\AVGBrowserUpdate.exe

                                      Filesize

                                      204KB

                                      MD5

                                      cbcdf56c8a2788ed761ad3178e2d6e9c

                                      SHA1

                                      bdee21667760bc0df3046d6073a05d779fdc82cb

                                      SHA256

                                      e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3

                                      SHA512

                                      5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

                                    • \Users\Admin\AppData\Local\Temp\ajBFC9.exe

                                      Filesize

                                      5.8MB

                                      MD5

                                      acb51434fd82eb460b052f05950b8dca

                                      SHA1

                                      707d192db2ce7cefdefce3037dfb85a18b8811f3

                                      SHA256

                                      29ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055

                                      SHA512

                                      013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d

                                    • \Users\Admin\AppData\Local\Temp\nsyAC48.tmp\JsisPlugins.dll

                                      Filesize

                                      2.1MB

                                      MD5

                                      bd94620c8a3496f0922d7a443c750047

                                      SHA1

                                      23c4cb2b4d5f5256e76e54969e7e352263abf057

                                      SHA256

                                      c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644

                                      SHA512

                                      954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

                                    • \Users\Admin\AppData\Local\Temp\nsyAC48.tmp\jsis.dll

                                      Filesize

                                      127KB

                                      MD5

                                      4b27df9758c01833e92c51c24ce9e1d5

                                      SHA1

                                      c3e227564de6808e542d2a91bbc70653cf88d040

                                      SHA256

                                      d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb

                                      SHA512

                                      666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

                                    • \Users\Admin\AppData\Local\Temp\nsyAC48.tmp\nsJSON.dll

                                      Filesize

                                      36KB

                                      MD5

                                      ddb56a646aea54615b29ce7df8cd31b8

                                      SHA1

                                      0ea1a1528faafd930ddceb226d9deaf4fa53c8b2

                                      SHA256

                                      07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069

                                      SHA512

                                      5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

                                    • \Users\Admin\AppData\Local\Temp\nsyAC48.tmp\thirdparty.dll

                                      Filesize

                                      93KB

                                      MD5

                                      070335e8e52a288bdb45db1c840d446b

                                      SHA1

                                      9db1be3d0ab572c5e969fea8d38a217b4d23cab2

                                      SHA256

                                      c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc

                                      SHA512

                                      6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

                                    • \Users\Admin\AppData\Local\Temp\nsyC370.tmp\AVGBrowserUpdateSetup.exe

                                      Filesize

                                      1.6MB

                                      MD5

                                      9750ea6c750629d2ca971ab1c074dc9d

                                      SHA1

                                      7df3d1615bec8f5da86a548f45f139739bde286b

                                      SHA256

                                      cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c

                                      SHA512

                                      2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

                                    • \Users\Admin\AppData\Local\Temp\{78BE99FE-A94F-4D94-A439-95C112EC1DDD}\scrt.dll

                                      Filesize

                                      5.7MB

                                      MD5

                                      f36f05628b515262db197b15c7065b40

                                      SHA1

                                      74a8005379f26dd0de952acab4e3fc5459cde243

                                      SHA256

                                      67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31

                                      SHA512

                                      280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

                                    • memory/632-675-0x0000000000060000-0x0000000000061000-memory.dmp

                                      Filesize

                                      4KB