Malware Analysis Report

2025-01-03 09:28

Sample ID 240604-srqmpsbd7s
Target 20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe
SHA256 20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2
Tags
bootkit persistence spyware stealer discovery evasion trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2

Threat Level: Likely malicious

The file 20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit persistence spyware stealer discovery evasion trojan

Modifies Installed Components in the registry

Downloads MZ/PE file

Sets file execution options in registry

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks BIOS information in registry

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Checks whether UAC is enabled

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Unsigned PE

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 15:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20240508-en

Max time kernel

117s

Max time network

118s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_106_.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_106_.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_106_.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_106_.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.241:443 www.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 2516 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 228 wrote to memory of 2516 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 228 wrote to memory of 2516 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2516 -ip 2516

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4252,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
BE 88.221.83.232:443 www.bing.com tcp
US 8.8.8.8:53 232.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 60.242.123.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20240508-en

Max time kernel

119s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\rundll32.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 228

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 228

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1052 wrote to memory of 1172 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1052 wrote to memory of 1172 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1052 wrote to memory of 1172 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\jsis.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1172 -ip 1172

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 632

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
BE 2.17.107.129:443 www.bing.com tcp
US 8.8.8.8:53 129.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3580 wrote to memory of 2260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3580 wrote to memory of 2260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3580 wrote to memory of 2260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2260 -ip 2260

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 620

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
BE 2.17.107.128:443 www.bing.com tcp
US 8.8.8.8:53 128.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
BE 2.17.107.128:443 www.bing.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 243.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 79.239.69.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20231129-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe"

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_no.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ca.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File opened for modification C:\Program Files (x86)\GUM2CEA.tmp\@PaxHeader C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fi.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ko.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_es.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sw.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateWebPlugin.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_it.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\psmachine.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_sw.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_id.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\acuapi_64.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_vi.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-BR.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\npAvgBrowserUpdate3.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_fr.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_th.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_uk.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_pt-PT.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ro.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_el.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_is.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_en.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ta.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_zh-TW.dll C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\AVG\Browser\Update\MachineIdDate = "20240604" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVG.OneClickCtrl.9\ = "AVG Browser Plugin" C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods\ = "8" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\ = "IAppBundle" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\NumMethods\ = "4" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\ProgID\ = "AVGUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ = "IAppCommandWeb" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\ = "IAppVersion" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ = "IAppBundleWeb" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\NumMethods\ = "6" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods\ = "8" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreMachineClass.1\CLSID\ = "{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachine\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ = "IAppBundleWeb" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ = "IJobObserver2" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A27F7BCA-118B-4330-9B07-9092E8F047E2}\InprocHandler32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods\ = "4" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-1004" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{40C1C1D3-AAEA-46EE-AA2B-79A2CC62F257} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ProgID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ = "ICoCreateAsync" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.ProcessLauncher.1.0\CLSID\ = "{E37D9308-A3C0-4EC3-87C5-222235C974E3}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ProgID\ = "AVGUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ = "IApp" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods\ = "24" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A012A499-D8A6-4F6C-9E05-B02D58E3781A}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2916 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\ajE56.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 2276 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\ajE56.exe C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 1008 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2688 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 596 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 596 wrote to memory of 1284 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1284 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1284 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1284 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 272 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 272 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 272 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 272 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1468 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1468 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1468 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 596 wrote to memory of 1468 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 1992 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 2788 wrote to memory of 2252 N/A C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

Processes

C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe

"C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe"

C:\Users\Admin\AppData\Local\Temp\ajE56.exe

"C:\Users\Admin\AppData\Local\Temp\ajE56.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezgzNzQzMjc4LUQ0NzAtNDY0My05MDc2LUZFQjY3NUEwM0M3Qn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9InswMjg4NzBENS1DODQ5LTQ4RjQtQkM5RS0wN0E2ODZDMDU3QjJ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDQiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwNCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntGOUIzREQ0RS0xMDc4LTQ4RkUtQjQyRS00QkM2RUVCOTA2QUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{83743278-D470-4643-9076-FEB675A03C7B}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

Network

Country Destination Domain Proto
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.86.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
US 8.8.8.8:53 browser-update.avg.com udp
US 2.17.251.26:80 browser-update.avg.com tcp

Files

\Users\Admin\AppData\Local\Temp\nso782.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

\Users\Admin\AppData\Local\Temp\nso782.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

\Users\Admin\AppData\Local\Temp\nso782.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

\Users\Admin\AppData\Local\Temp\nso782.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

\Users\Admin\AppData\Local\Temp\{D0A730A8-A0F9-46EB-95B0-5D0B19B5A921}\scrt.dll

MD5 f36f05628b515262db197b15c7065b40
SHA1 74a8005379f26dd0de952acab4e3fc5459cde243
SHA256 67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31
SHA512 280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

\Users\Admin\AppData\Local\Temp\nso782.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

\Users\Admin\AppData\Local\Temp\ajE56.exe

MD5 acb51434fd82eb460b052f05950b8dca
SHA1 707d192db2ce7cefdefce3037dfb85a18b8811f3
SHA256 29ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055
SHA512 013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d

C:\Users\Admin\AppData\Local\Temp\avg-securebrowser-web-tags

MD5 4c94408946d796a8b19c17df5cf0562d
SHA1 89056150d90683f9548dadc308eb2789a67c2a47
SHA256 68042cb47d900c4110ffc5f46e5f8395b35f42d33fc75e58ee34c7f5d8726de7
SHA512 96a31f0b7254f42fec787233e2d11991709bc0b2514d163dd1f7696015e7318f9810d9811473fc13d6782d65e40f6a94fe6a7ffef3cb962032cff3bfe8b99a29

\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\CR.History.tmp

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\FF.places.tmp

MD5 4a20152560726c963e9c777030638741
SHA1 9c633496231903c8a160c4a209ed07be33edf780
SHA256 01adf05f70f2f29804b71223067d65de1de51e578a1885fd17448b0e8c1d8c46
SHA512 77908a3cf41c2d93b4d9e5776e407d7a3efd86470d48aa117dcb0d130795c49991e92e884402cd0387622007937c50132bca9e67f1e58398cdbdf0a1683e0aa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

\Users\Admin\AppData\Local\Temp\nsdF2F.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Users\Admin\AppData\Local\Temp\Tar1AE9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\GUM2CEA.tmp\goopdate.dll

MD5 04a6438c50564146e880c5eb9d57905e
SHA1 edf5d454de99159d832cc9bd0d8dbe132d749804
SHA256 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA512 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

\Program Files (x86)\GUM2CEA.tmp\goopdateres_en.dll

MD5 418853fe486d8c021d0cca2e85a63d63
SHA1 9504500a7b5076579d74c23294df4bdb1b7c517d
SHA256 4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3
SHA512 dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3

C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateCore.exe

MD5 dd5dc945cd848bf503862d0a68c3ea5d
SHA1 9b277a0c733ed5698b0656da8c3b99d2f90c7ef8
SHA256 8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f
SHA512 f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1

C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserCrashHandler64.exe

MD5 deef1e7382d212cd403431727be417a5
SHA1 fac0e754a5734dd5e9602a0327a66e313f7473bb
SHA256 7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088
SHA512 6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserUpdateComRegisterShell64.exe

MD5 2a3ad7362e6c8808fbb4d4ccaba4ed4a
SHA1 3f896f7df7fe202f4a717713c503665bb4dcaed6
SHA256 4dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759
SHA512 892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_da.dll

MD5 9a421423686559027e4301d36bcf58b2
SHA1 9669424f4e7c765ddb917a515d5a8b1486f87daf
SHA256 9d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69
SHA512 f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_de.dll

MD5 1c15851d9dd22e4ae3f3bf249da79035
SHA1 60fc5652b5e1c55056c961d4d3b961492cb3432b
SHA256 a9dd72a08c0c58a71b2289d76efae681a5c8eb5faf73e49b873f15ba4050baa6
SHA512 6da386c35b317f39613da73340631f927606bccd0a8c626537eda896eb32c9a2ed1d71c7cf838f1a4b90553f3f788eeb5e02fe84774fb0ad2f574bf4e4d7e248

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_el.dll

MD5 0d15748f01df49dae986f1e27dc098ef
SHA1 35a435bdaaf47795977b28cdae2e4ea1fdae73a3
SHA256 df13c38061cb0b02dd8a9023a17da0bbe1cda6fdedad5203129fc702c7fdd9b1
SHA512 290e9936f50e3bd11c1b9d28decf3b43f5e23bbff16801e7b0491690773d057b6bcdcf48c48a7ee16fa2400723b3e974e2b74e3899590a8e660c2e9c78b9d141

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_en-GB.dll

MD5 02465169cd873c4492196e03457f2771
SHA1 837ca5e54a8c12577d0d05a32996dfc04067c5ea
SHA256 4eb9edf550bf1f66382e5d8bd4958438891cd2ca46557d14f4b945dc176ec025
SHA512 e73b5f3951050f2903b80b89d2b9fd9ebf69adb922eb8238ef4c01f413ae67727d7598d4ac15f7ac8b9257aef0139e0924c70c5898357142a303d7e2b15394c3

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_es.dll

MD5 5f8ea18786d5ef1927cd95537abc3ae0
SHA1 5530650ecc719d83b7aa89e0b326b5698e8adda2
SHA256 fa416294b078226a8919dbb8f75533a6ef96d63d5bd17aac854eae68791433cf
SHA512 577dc7d19e4443e8aede759a781826c091c17d12fb06e89b1306133f21e01dab919045183a916e1b5647ddf485134a8459745a9199df5c7e36abe192645d8e25

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_et.dll

MD5 5029406d9202d6f2f279fdd3a06f55a1
SHA1 dcca8bf9392faa0038c6cb5d25929726b16804af
SHA256 cac545e04d701c39f4a730aec4c3dad177d8ea4baca10651f150925644874864
SHA512 519538e05f8e21966e4878291692cf25057bba3c993c0034a33b1da7c9eb0a8fb881565717ceb6c1139fd601b73b1f1e2aa46e20aeb6b93f897cd2ef93172934

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_fr.dll

MD5 8ddc3f7276c12ac407cadcda6e2a3e12
SHA1 78c5e802f67c8b6ae3fe13202e6a54d3cca69df4
SHA256 7f2f0f9f443a022f5aedacc40c28d0654fec488f34435c75979118464256a8b7
SHA512 0d05bdd2d5e9f36eb09182e8b13507ba03e256c4aadb77bbfedf29584a47fd1e0733a825a3f687d3058e53c8075caf6dd9d24ec93f1bdd58ca97106827323540

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_is.dll

MD5 dae35fa037b6248876347521c5298566
SHA1 8358fc05a675ea56f720052fbb4b384d97b94d86
SHA256 ce0652b8dfaf21b6192b66bf75e140b3d72aa545e0edf62d9e82e9b0878ac5c5
SHA512 4158b8fef0da76ead12b5d6e421c5709664ba84d1ddde44ef6bbd1023084cad3820a37abea03b206635a945a2435b301234cf5bac3c8e2861a852b2699036ade

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_iw.dll

MD5 31227325c8617b308ccd268c2be7e72a
SHA1 71e369f26e644e643fcd538d933e4087dd593f1f
SHA256 4a98e34a528eff04c2baf4e9e50489086e58d2e32e1851f33674abbe5e104c68
SHA512 ba8d94dde5b7b74a39ed54a5f3e47a558e0c1deb632018c82423c06806071143851bb1d8c7a7bada6f13e71734e7a29457f3741266972b777cded41c953a9645

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_kn.dll

MD5 49000b4a101e635b05123f21b360b492
SHA1 635f697f41c0591168e0eee10930728d9dec5a53
SHA256 a2aab58a4397c040bff69d45bef4ede6842034bf897799a9347232c4b6c9c7a5
SHA512 9b62c2048e9c132089cce7da02ea5c95b5856f1c6e28d5581f4a0b1748e681bdd78c7d537d273a64f9d476e4ec62da5c6021cc1ccb69f7bee216e7bec6ddc6e0

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_lv.dll

MD5 83c356f6310d51f8ffc1d67d580f5914
SHA1 f9bc318975f288fa47e8426b4c450a93b10af45c
SHA256 98e35cea7cddce15191594a70f8e15ff2dd1c02bde87225af0331441c65bca26
SHA512 28a26cb1d88d072d7898ed27c3e9d056efedaa2cd9eccf951429f41df2c0162be3c14e58cfb4cf50b633d759825fa815a9249e7690d2ab75f60424b30dbe0424

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_lt.dll

MD5 38606bfb6c9bfdf74503f833ee2733e5
SHA1 670abd1279f642ec7b19f663e53f2813a716331f
SHA256 df6c4228da3bf66929d81b99cb35df4a4389418490144630e1d9d5f422b56b38
SHA512 6cc6f2fb0e5bf0241656cce5dc7311f05b8d79633f2176f8c172a9fcfa9813e3963576363d539fa1a8a58fa6bba138dd0baa7562274fbe99be5cda60f4671747

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ko.dll

MD5 dd2f783c0017630f9a2969957f4eb84e
SHA1 d42218de12a7c1c48fb5e7d60e61e32ce0cd9ac6
SHA256 07e63e0e3d23f192ac131efc459c2d9f79a4ecdc39403d43fbff320c4b5fa261
SHA512 689f625df8aec45a6343249739ec094cbb1245a9dd8847ffe6bf62fd2d7042d529f77216dd22e8b33830cf21b158f0ef6ea42af2248051c8d97205eb0229a22b

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ja.dll

MD5 0cfc5b7b3f86d6bfaec9a0713da74df3
SHA1 81a278fdee9edc302fe4e7a88c9addb230ce6df2
SHA256 1d7fd1b6a614538530385e7a40efc95d3b8be75057ae03bf999aa2419d1f9f24
SHA512 8b8f834ccee41c69c581f0b80f26b0cdb536f87bebd5a6b1f02cdf6f1aea5cf5b29c356e82c7a8fd591bb16c0938a790ac8f90f6d27edc95fc48a5aa3c30cbf0

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_it.dll

MD5 3ae3106694098f8420b182ad5e3354ab
SHA1 bc9dab621b03d4126b97c260becd7f4525255462
SHA256 59b406b29538c3c3d0f060b5fc0ccd36556f8a6278327935a5475c6b21741dc9
SHA512 f3625be57976083d642b01a41a53d6db6cad3bfc584a50de3565fe10975a5d7d2cf4f8b41bcdaa5ac70f8fc4ada113084de07e2ed45f26401dc2d4f8f4c322a9

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_id.dll

MD5 7e7deef6ac35c9d52410fc356391c7e4
SHA1 43b3d918867a93ba109a3e4eacb45f3cd5c40b93
SHA256 963f4d2ad7ddcdcfb6185521c0590a92f2014897d5f5f525471ac81f3807fc5e
SHA512 9eb0e9be0a973693b4bd167f6c1118dd9d702b1951a90f0a3a6103e77c43ee6afa173b79d3ab21fe94a98c320b17ab0b787cf5b6ec47d9dde9e3e8c14b8cadc7

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_hu.dll

MD5 114cc594fab2e564ccb24a826f3623e4
SHA1 c3c3fb4ef6ea6ff0e7a1e0289320b2fd2788b03b
SHA256 c89e223a42d7173f915dd088ebc84b0048cec772bd4221b4b90ce4c0e419ffe6
SHA512 9a7eb5710340cecb2d32de26322dc862812e185b6d260d76c0c7f642f30cf9e43c88aec76b515148ef986db0c77fd0e31f71c8fd26d56a4cc72dff0d023abb5d

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_hr.dll

MD5 27c0dbd61a71420bb4d1a0be2373a175
SHA1 47b4c107b711caf5a6b2978bd6fd6b53ebdec5e3
SHA256 43191a4c507a112e96e06f959b6cf78406bf970b021ad8d7db59d1b9c52779bd
SHA512 d1f20e9a628bdcbd26b8d5de89b87bdbc8dab871651c86d47c023daea86c7ada0a565fdd05b48c7643a63db044639f4eb89d1640e58c9b32722e4926c3c5e72a

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_hi.dll

MD5 38525b8a1b15a8aeb4fcfc8bee8358bc
SHA1 ac2ba33b8ad778a8165c87b579dad0dbef5bed75
SHA256 271e83bc86e490cd5b6cb9cb34057c7684d233c56a53f4f553aa07507c9dae52
SHA512 ad8df196174ceeadce4588dcd365066665267b922078d92b328ba661a4ebfa6d06b4263a4b8a28e4efb4d86e1140d71a3c3bf4b7b60970aa20552aa7f0c73acb

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_gu.dll

MD5 a4061e8408cc59cb898adfdc4f173278
SHA1 ae34e3058a40449481590bb3a63aa0225b4f6f98
SHA256 e033c950ecc6333dfcb944e70622e77a6498ba0e23fd144117dbe9a2a0c15be6
SHA512 d8a847e9a21c86c7b9b072e16914f42185e3c0e1d99f6ea5259382eb0fb89578c7a7f9f62f892f1d20be180dfc327bc076ea038057895c8b92cb1f0c053e0b2a

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_fil.dll

MD5 5ed0105f4043466a99557dde1f70e97f
SHA1 c57c935cc4b25b6375ab3fcdfbb265f4c586ec3e
SHA256 cfbe0120ddf8d5574f7c44c85488f53aecec4df9bfb25f1cefbabcad5af46096
SHA512 4fa641810f758e0031388ec146467fc130780e2f2cc8495b6a2fff0679d7bcbe7526356f85a97b5338e84d791ba14e812b2c182fdae01763640be3324fb59526

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_fi.dll

MD5 57dad7c22bd635a5af8fcdcd63d4e530
SHA1 8aa11ea5c1cacd9b23c29989f22e82c43c827d0e
SHA256 1e0d05927a455115265db9308e0f78ffb7bbb5442f36b8483549efbe415454a2
SHA512 4236609e37ec41bf46d0f45e228c9021c1624e2f98a642eab513d290a4482da13764fcc2d044f78ebdc09e0cfc63a251678d169cb33e251d6f6d5de9b96c31b6

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_fa.dll

MD5 8564514501256ff045cf7aa6c1b5a797
SHA1 40b9aa8d04c48fe2ecf193c2089418ccc938676d
SHA256 f3f46a6da6c8ccb3ce7fdd0cb5882f45523decca95852b8c775bb90f8e92c1b3
SHA512 701077c8a1c70c1bd0c35f54aa838dba7b7b6f832e0ef2776673092fca546276166c3638676451c9655086b740b9e193cd54f952fd5fca481b964083b881bcc2

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_es-419.dll

MD5 3e5971e8559c77e8901ce30d14034730
SHA1 04cc21ac4a84abd29f7d7585282345881fd81721
SHA256 613418b8779f7440b88f1734d6c514706df9dc9a58a623966cc1c9ba4e29c28f
SHA512 b4592b25cf676db6d6de1be811c39bdeecc24bbfd4dc72fa4b3f97de866f9b0fec7c85f7d56f048f61829c1d8b4109e4a0c7e14a9e410e30a6a8da702941e00e

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_cs.dll

MD5 7f3dcd851645d3d75f636c8440fb057f
SHA1 85debe41ddcb46555a0d00795e41e460a35583c2
SHA256 0b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043
SHA512 d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ca.dll

MD5 f951cf3ca93e5ae5fc1ce2da93121d98
SHA1 15bc869406857437babe41cd3f500c356913499b
SHA256 eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746
SHA512 b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_bn.dll

MD5 aedf6d96ccb64f488379bb1fe65f697a
SHA1 901bbb7873d8f698f49c4b6be74fb50b353d7b5e
SHA256 941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90
SHA512 d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_bg.dll

MD5 c0b41217fc33a6a53ec69ae7399460f2
SHA1 d7dd8d543b7297f1a1e138efa1806972c9489c3f
SHA256 d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b
SHA512 37abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_ar.dll

MD5 9c77be0843f0fe4864a04f8d5f24a593
SHA1 be03adb4d3c33520e652c7a6ee45f09d5ff54a54
SHA256 39547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1
SHA512 f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28

C:\Program Files (x86)\GUM2CEA.tmp\goopdateres_am.dll

MD5 ba03b29d5d44341084eb06bea8f1e702
SHA1 7d8dd7556ea5e299b55ddc7477ca758fe2c64f48
SHA256 6a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b
SHA512 29f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2

C:\Program Files (x86)\GUM2CEA.tmp\AVGBrowserCrashHandler.exe

MD5 f73e60370efe16a6d985e564275612da
SHA1 2f829a0a611ac7add51a6bc50569e75181cdfd58
SHA256 9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e
SHA512 2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
N/A N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
N/A N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\notification_helper.exe\"" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\notification_helper.exe" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGBrowserAutoLaunch_2539D9FFF1F40C0A976762D6C815D3E3 = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\"" C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGBrowserAutoLaunch_2539D9FFF1F40C0A976762D6C815D3E3 = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\"" C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdateCore.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_bn.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_ko.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Extensions\external_extensions.json C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\af.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File opened for modification C:\Program Files\AVG\Browser\Application\debug.log C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\mr.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_am.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_nl.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\chrome_pwa_launcher.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\kn.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\pl.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\SetupMetrics\5a6ac0be-7cc2-4a4b-9639-1cef07e0ad39.tmp C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\chrome_100_percent.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\chrome_wer.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\it.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\th.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_id.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\fr.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\vk_swiftshader.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\psuser_64.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_fil.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\gu.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\MEIPreload\manifest.json C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\AVGBrowserQHelper.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_pt-BR.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\icudtl.dat C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\mojo_core.dll C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\VisualElements\Logo.png C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_te.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\AVGBrowserCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\bn.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\es.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files\AVG\Browser\Application\SetupMetrics\c74ecf8d-959d-4b80-9802-fc542a967e8e.tmp C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ur.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
File created C:\Program Files\AVG\Browser\Temp\source1580_326246364\Safer-bin\124.0.25069.209\Locales\ml.pak C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\GUM6448.tmp\goopdateres_hu.dll C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe N/A
File created C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498} C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3" C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077} C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19 C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\ C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619881910501053" C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AVG\Browser C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "00009bb098663592a3a6086bcc2909e7" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240604" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassSvc\CurVer\ = "AVGUpdate.OnDemandCOMClassSvc.1.0" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ = "IApp2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AvgHTML C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ = "IAppWeb" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ = "IJobObserver" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{358EC846-617A-4763-8656-50BF6E0E8AA2}\1.0\0 C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgHTML\DefaultIcon\ = "C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe,0" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods\ = "41" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32 C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A42B2494-93AE-44E1-B76D-BA8509A5167D}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-1004" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\ServiceParameters = "/comsvc" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods\ = "4" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine.1.0 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\AvgHTML C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoCreateAsync.1.0\CLSID\ = "{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C} C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.MiscUtils.1.0\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\Elevation C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEBC1D02-EC16-479A-83F6-AA4247CA7F70}\Elevation\IconReference = "@C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\goopdate.dll,-1004" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\ = "IAppBundleWeb" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3COMClassService C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\AppID = "{30612A81-C10F-498E-9163-C2B2A3F81A14}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ = "ICoCreateAsync" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods\ = "41" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine.1.0\ = "Google Update Broker Class Factory" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\Application\ApplicationName = "AVG Secure Browser Helper" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\NumMethods\ = "5" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}\LocalServer32 C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191} C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\AppID = "{30612A81-C10F-498E-9163-C2B2A3F81A14}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\notification_helper.exe" C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AvgHTML\Application C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{A42B2494-93AE-44E1-B76D-BA8509A5167D}" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ = "IAppCommand2" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreMachineClass\CLSID C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}" C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2952 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\aj575A.exe
PID 2952 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\aj575A.exe
PID 2952 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe C:\Users\Admin\AppData\Local\Temp\aj575A.exe
PID 2536 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe
PID 2536 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe
PID 2536 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\aj575A.exe C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe
PID 4796 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe
PID 4796 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe
PID 4796 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 3276 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 3276 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 3276 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 4208 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 4208 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 4208 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 4208 wrote to memory of 5036 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 5036 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 2828 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 2828 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 2324 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 2324 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
PID 1912 wrote to memory of 1856 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 1856 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 1856 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1912 wrote to memory of 1640 N/A C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
PID 1124 wrote to memory of 4788 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe
PID 1124 wrote to memory of 4788 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe
PID 4788 wrote to memory of 1580 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe
PID 4788 wrote to memory of 1580 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe
PID 1580 wrote to memory of 412 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe
PID 1580 wrote to memory of 412 N/A C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe
PID 1124 wrote to memory of 3352 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
PID 1124 wrote to memory of 3352 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
PID 1124 wrote to memory of 3352 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
PID 1124 wrote to memory of 2648 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
PID 1124 wrote to memory of 2648 N/A C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
PID 1212 wrote to memory of 4820 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 4820 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
PID 1212 wrote to memory of 3108 N/A C:\Program Files\AVG\Browser\Application\AVGBrowser.exe C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe

"C:\Users\Admin\AppData\Local\Temp\20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe"

C:\Users\Admin\AppData\Local\Temp\aj575A.exe

"C:\Users\Admin\AppData\Local\Temp\aj575A.exe" /relaunch=8 /was_elevated=1 /tagdata

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezI4MzhDNzBFLTAxMkEtNDA0Ny05RTY5LTJGM0Q5M0YzRjJEN30iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins5MTgxM0YyOS04M0NFLTRDMEYtQjNFOC05RTAxMkYwNUVENEN9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDQiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwNCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntFQkFCNUMwMC01REIzLTQ4OEYtODM0NS02NTI3MTk2QTRBRDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{2838C70E-012A-4047-9E69-2F3D93F3F2D7}" /silent

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=iexplore --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=iexplore --import-cookies --auto-launch-chrome --system-level

C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe

"C:\Program Files (x86)\AVG\Browser\Update\Install\{60683D37-D392-488F-9391-D67E16E9FB94}\CR_030EB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60d0ba3f0,0x7ff60d0ba3fc,0x7ff60d0ba408

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

AVGBrowser.exe --heartbeat --install --create-profile

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf4,0xf8,0xfc,0x80,0x100,0x7ff8f545dc40,0x7ff8f545dc4c,0x7ff8f545dc58

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:3

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1904,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3312,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3472,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3480,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3608,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:2

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,8785005948342461342,13055380804338233290,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

AVGBrowser.exe --silent-launch

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0xe0,0x104,0x7ff8f545dc40,0x7ff8f545dc4c,0x7ff8f545dc58

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2112,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:8

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3428,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3740,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2908,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3636,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3676,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3880,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3892 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3616,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4080,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4044,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4076,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5040,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5076,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5656,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5780,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5764,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4120,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4448,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4108,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4252,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3800,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6140,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4212,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5608,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5668,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4560,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4196,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5592,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5744,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=4496,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=4660,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6780,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6452,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6592,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --enable-protect

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f545dc40,0x7ff8f545dc4c,0x7ff8f545dc58

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5996,i,2711390527648634762,7794022815970723376,262144 --variations-seed-version --mojo-platform-channel-handle=3892 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe" --registration reg-task --taskintr PT10M --runonce

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe

setup.exe /silent --create-shortcuts=0 --install-level=1 --system-level

C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x260,0x264,0x268,0x1e4,0x26c,0x7ff62a61a3f0,0x7ff62a61a3fc,0x7ff62a61a408

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

AVGBrowser.exe --check-run=src=installer

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f545dc40,0x7ff8f545dc4c,0x7ff8f545dc58

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2172,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2396,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:8

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3196,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3204,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4260,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4624,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4936,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:2

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5036,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:2

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe

"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\AVG Secure Browser.lnk"

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --enable-protect

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5884,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f545dc40,0x7ff8f545dc4c,0x7ff8f545dc58

C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5352,i,12443798936367346061,4134929069282605396,262144 --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.87.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 8.87.20.104.in-addr.arpa udp
BE 88.221.83.185:443 www.bing.com tcp
US 8.8.8.8:53 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 145.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 185.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 browser-update.avg.com udp
US 2.17.251.26:80 browser-update.avg.com tcp
US 8.8.8.8:53 26.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 stats.securebrowser.com udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.87.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 104.20.86.8:443 config.avg.securebrowser.com tcp
US 8.8.8.8:53 browser-update.avg.com udp
US 8.8.8.8:53 browser-update.avg.com udp
US 2.17.251.40:443 browser-update.avg.com tcp
US 8.8.8.8:53 8.86.20.104.in-addr.arpa udp
US 8.8.8.8:53 40.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 s-install.avcdn.net udp
US 8.8.8.8:53 s-install.avcdn.net udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 8.8.8.8:53 stats.securebrowser.com udp
US 8.8.8.8:53 stats.securebrowser.com udp
GB 2.21.189.79:443 s-install.avcdn.net tcp
US 172.67.41.145:443 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 104.20.86.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 browser-update.avg.com udp
US 8.8.8.8:53 browser-update.avg.com udp
US 2.17.251.26:443 browser-update.avg.com tcp
US 8.8.8.8:53 79.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
US 8.8.8.8:53 28.176.160.34.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.20.87.8:443 stats.securebrowser.com tcp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 8.8.8.8:53 update.avgbrowser.com udp
US 8.8.8.8:53 easylist-downloads.adblockplus.org udp
US 8.8.8.8:53 easylist-downloads.adblockplus.org udp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
US 104.20.86.8:443 config.avg.securebrowser.com tcp
GB 2.16.34.16:443 easylist-downloads.adblockplus.org tcp
GB 2.16.34.16:443 easylist-downloads.adblockplus.org tcp
US 172.67.41.145:443 update.avgbrowser.com udp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 172.67.41.145:443 update.avgbrowser.com tcp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 8.8.8.8:53 config.avg.securebrowser.com udp
US 8.8.8.8:53 avast_browser_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 avast_browser_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
US 104.20.86.8:443 config.avg.securebrowser.com tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
BE 104.68.91.91:443 avast_browser_tiles.tiles.ampfeed.com tcp
US 8.8.8.8:53 62.149.149.34.in-addr.arpa udp
US 8.8.8.8:53 91.91.68.104.in-addr.arpa udp
US 8.8.8.8:53 16.34.16.2.in-addr.arpa udp
US 8.8.8.8:53 engagement-content.avastbrowser.com udp
US 8.8.8.8:53 engagement-content.avastbrowser.com udp
US 8.8.8.8:53 api.accuweather.com udp
US 8.8.8.8:53 api.accuweather.com udp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
US 104.22.78.87:443 engagement-content.avastbrowser.com tcp
GB 23.200.147.42:443 api.accuweather.com tcp
GB 23.200.147.42:443 api.accuweather.com tcp
US 8.8.8.8:53 87.78.22.104.in-addr.arpa udp
US 8.8.8.8:53 42.147.200.23.in-addr.arpa udp
US 172.67.41.145:443 update.avgbrowser.com udp
US 8.8.8.8:53 stwleprodwus.blob.core.windows.net udp
US 8.8.8.8:53 stwleprodwus.blob.core.windows.net udp
US 20.60.153.225:443 stwleprodwus.blob.core.windows.net tcp
US 8.8.8.8:53 eb.nextgenshopping.com udp
US 8.8.8.8:53 eb.nextgenshopping.com udp
US 151.101.1.55:443 eb.nextgenshopping.com tcp
US 8.8.8.8:53 c.nextgenshopping.com udp
US 8.8.8.8:53 c.nextgenshopping.com udp
US 52.24.71.181:443 c.nextgenshopping.com tcp
US 52.24.71.181:443 c.nextgenshopping.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 225.153.60.20.in-addr.arpa udp
US 8.8.8.8:53 55.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 181.71.24.52.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 216.58.213.10:443 tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
GB 216.58.204.67:443 udp

Files

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

C:\Users\Admin\AppData\Local\Temp\{D47ECE9C-9324-4F16-AE52-A95D2689DDDC}\scrt.dll

MD5 f36f05628b515262db197b15c7065b40
SHA1 74a8005379f26dd0de952acab4e3fc5459cde243
SHA256 67abd9e211b354fa222e7926c2876c4b3a7aca239c0af47c756ee1b6db6e6d31
SHA512 280390b1cf1b6b1e75eaa157adaf89135963d366b48686d48921a654527f9c1505c195ca1fc16dc85b8f13b2994841ca7877a63af708883418a1d588afa3dbe8

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

C:\Users\Admin\AppData\Local\Temp\aj575A.exe

MD5 acb51434fd82eb460b052f05950b8dca
SHA1 707d192db2ce7cefdefce3037dfb85a18b8811f3
SHA256 29ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055
SHA512 013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d

C:\Users\Admin\AppData\Local\Temp\avg-securebrowser-web-tags

MD5 4c94408946d796a8b19c17df5cf0562d
SHA1 89056150d90683f9548dadc308eb2789a67c2a47
SHA256 68042cb47d900c4110ffc5f46e5f8395b35f42d33fc75e58ee34c7f5d8726de7
SHA512 96a31f0b7254f42fec787233e2d11991709bc0b2514d163dd1f7696015e7318f9810d9811473fc13d6782d65e40f6a94fe6a7ffef3cb962032cff3bfe8b99a29

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\CR.History.tmp

MD5 73bd1e15afb04648c24593e8ba13e983
SHA1 4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91
SHA256 aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b
SHA512 6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\FF.places.tmp

MD5 9c34915861c2e79553978e4e7dbc9362
SHA1 35ee86260b81a873393d14917587e853f9b166cf
SHA256 c20169b50d6c1614926522e70e3f1c2425c63b20df9767012c611c9de5cf4907
SHA512 5a3da721dcbb62d0191967d65c41e24162c7b36bdc04e518d585c570e8d2053a91eb1a5eff21ccb6cf79fb096d6625ccd986863235bb772c9a83b275002295b7

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\CR.History.tmp

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Program Files (x86)\GUM6448.tmp\@PaxHeader

MD5 fff923ad95071fe3344ad46d21d3449a
SHA1 0a6460ba82d4f4af0284400fc68962eadcb735fe
SHA256 cad218ba3e990dfbe024e5b733bccac9750b17abf792260ba8c5ae7b68ef9f69
SHA512 2812e3d793824ec7857c7f1214cf61595cccca4e1dc98e7aaad815bca0cb6b700b9bc9e4f751f3cefffc9fb8aebd5655c1fb3da4856a2867e69c9866ab829848

C:\Program Files (x86)\GUM6448.tmp\@PaxHeader

MD5 cc10315d02849aa06303ede042fcea7c
SHA1 6807356ca02f634bfe43d32350efec4c711a421f
SHA256 639978a0f066ee0f9501ea0c948abcbdfe4a459d45bd57eed5630c5dd466eff7
SHA512 135c897657c18cc28be80eb2951cbeb764e5f08c12b5099e499d380502aae4277acfaa8f070857e86c7b3013a3e1b8307e30bbe283ee8b62ca00e6fefe7f3ac0

C:\Program Files (x86)\GUM6448.tmp\@PaxHeader

MD5 2354fd14dbe8037a57837cc5468d30d5
SHA1 4c7244f427d9a96ad7ad532420d3c35fd8347f0d
SHA256 1bde4ea8eb002aaccbc0d233fe071edb968782c955adc1101397bfc420c7efce
SHA512 2fdfde1e09cd6df0c38364e9d9a32850f21b004c8d6536b44d6c4f78c5f8014a5e2df41f9c58760bce625cb3fb095981df05f46ba812fe1c1a41833fd630139e

C:\Program Files (x86)\GUM6448.tmp\@PaxHeader

MD5 df33d8ff73bd1c480379bf3ff89363d0
SHA1 68bca50772fe1c8970aff550720ff82f21c24e55
SHA256 0c965ed8e0a4774d2e073885ad7df7dc920576cc7acfb2522db2155f75d4e13b
SHA512 3b9e6440412333fe1ae469d7fb902810bf56dac92bc5b9c8fe122628993b04db842bfb30e94c8c60fe97d6db8ea460d002b99981a5abafa6c8484ed597032a34

C:\Program Files (x86)\GUM6448.tmp\@PaxHeader

MD5 1a1236535faf938fe7787f1f7076c14c
SHA1 aa95b2d2e09f9fcf09b2d60c1e1501f03825e917
SHA256 644825a4d1272a49c3e6c423172bbeefd80fb86d1f0598068c8daf17d8da9bd9
SHA512 0c7114ed03435f05b882ca09242da6412c7fefce1f3b16854aa1b831549af169081748d9e8e2db1aaeb341ea1b6514e59c88091be8bdd41ce94e5a3855c9e62f

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\GUM6448.tmp\goopdate.dll

MD5 04a6438c50564146e880c5eb9d57905e
SHA1 edf5d454de99159d832cc9bd0d8dbe132d749804
SHA256 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA512 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

C:\Program Files (x86)\GUM6448.tmp\goopdateres_en.dll

MD5 418853fe486d8c021d0cca2e85a63d63
SHA1 9504500a7b5076579d74c23294df4bdb1b7c517d
SHA256 4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3
SHA512 dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserCrashHandler.exe

MD5 f73e60370efe16a6d985e564275612da
SHA1 2f829a0a611ac7add51a6bc50569e75181cdfd58
SHA256 9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e
SHA512 2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

C:\Program Files (x86)\GUM6448.tmp\goopdateres_fr.dll

MD5 8ddc3f7276c12ac407cadcda6e2a3e12
SHA1 78c5e802f67c8b6ae3fe13202e6a54d3cca69df4
SHA256 7f2f0f9f443a022f5aedacc40c28d0654fec488f34435c75979118464256a8b7
SHA512 0d05bdd2d5e9f36eb09182e8b13507ba03e256c4aadb77bbfedf29584a47fd1e0733a825a3f687d3058e53c8075caf6dd9d24ec93f1bdd58ca97106827323540

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ml.dll

MD5 74e24332295807ca5ab8be9f37dd19dc
SHA1 82feee443e0c8342ef830c182fc2a3c98f57faf7
SHA256 4675474b7ccaf45c9fca9c4d141260f233807ddc68cf854d0900bb1f58522b67
SHA512 6682d18ed66b06f07bb6b1dc227808d5c872685ed271ff4b34a57d4ec7c7fe5316b6207d1094327db4e3166fc2288e47065cb72a275666a4b403dde8e33379af

C:\Program Files (x86)\GUM6448.tmp\goopdateres_pt-BR.dll

MD5 97c200cbd682c1b4bd28222437d7f630
SHA1 6bed6312571ea79df6deda2934d328683674b059
SHA256 3adc3bd14d6a1ae14de42ea501fa74ed651b197a7c8912b43d31fa92f500d630
SHA512 8e1af6b73729f5f6e3015c3890e8ad28ed851d1615fe0ae2b7997f3ae48958fbc90e74ce70ce4ef35aeea35a810de0699494d5b913f4774416acc1aa8ef0a9d6

C:\Program Files (x86)\GUM6448.tmp\goopdateres_pl.dll

MD5 5215164235c7dc3d72bcd0f832ddcd22
SHA1 bde57f57953bf119b6767e0b56380dbf0e4cad35
SHA256 c997f4bad6082c5d2483684b6a72d22153c502df6575e28cc1bf02789d08547b
SHA512 721423ea189d096764088fd8079988cbbcd98503ae2b82b0f485cb71bc81cb367588a9fcbdc9c5d09f20067f5ec8744572d252500af034edf900243e096526c3

C:\Program Files (x86)\GUM6448.tmp\goopdateres_no.dll

MD5 5a19716ac62f7b636d666ba166d00a3e
SHA1 0fa31113684f879e259f8521be08ff87286724e4
SHA256 94365146ae8320732dad96344dcf6fa83d9eaf65cb7bf30e50613964f5a33e66
SHA512 accfbfd86c4648fff856fafffbe7317907e19261ed81ce5e6cd9e5ad59ae9abbe677730527704a1b0ba898195dcc6a5081a136b4d95563863f05a8eb9fbaf9fc

C:\Program Files (x86)\GUM6448.tmp\goopdateres_nl.dll

MD5 ccadd45844090d479f00d8707e962f35
SHA1 0654501881968cb2d954cb95da6150047c49c0c7
SHA256 854804cb86a3059bec32d10f44123ff93060aae05eaa72821148a4e2764ace3e
SHA512 098a384baf41a11a6e50b2d22e1c1e1cb2d9f5897776afa676b235f075c9ed3f404a92d4593c229e6ededab4da614b25e5cd0c73f3cb7e0ac02231cce800f7a4

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ms.dll

MD5 d9999c911f60a32046d1a4c559ae5de3
SHA1 e84c1c32708a97a81358dd8adb3fb40681f5a7aa
SHA256 31a64ff7f0b1d8bb81e83680c3391c0dc5530c798b9322d11e62e2389933b548
SHA512 eefb62c906c85a94025d79a0dd35b634a08b457fca57e2b97d514f1b5f0b9ea8450c9d387b4d9683c5d01d0088e03fd106b530470aa88229ab4123edf00032aa

C:\Program Files (x86)\GUM6448.tmp\goopdateres_mr.dll

MD5 390c8645cb5e0f93054c063c5e5928f4
SHA1 0d17ac3976b3219750853715c06baa34e8ed751c
SHA256 98ae5da68f38dd4e43e307543d3218d4180c09433ae72c3b661eb73591a7a589
SHA512 b1bf09a5111890fa61dd944dbf0cf2804cdd96c5fee3193a80fb15cdc6fdb455fb4e535e8aec337ca4595623bef29c7f6784e53e222c7a5df400dc61965830f6

C:\Program Files (x86)\GUM6448.tmp\goopdateres_lv.dll

MD5 83c356f6310d51f8ffc1d67d580f5914
SHA1 f9bc318975f288fa47e8426b4c450a93b10af45c
SHA256 98e35cea7cddce15191594a70f8e15ff2dd1c02bde87225af0331441c65bca26
SHA512 28a26cb1d88d072d7898ed27c3e9d056efedaa2cd9eccf951429f41df2c0162be3c14e58cfb4cf50b633d759825fa815a9249e7690d2ab75f60424b30dbe0424

C:\Program Files (x86)\GUM6448.tmp\goopdateres_lt.dll

MD5 38606bfb6c9bfdf74503f833ee2733e5
SHA1 670abd1279f642ec7b19f663e53f2813a716331f
SHA256 df6c4228da3bf66929d81b99cb35df4a4389418490144630e1d9d5f422b56b38
SHA512 6cc6f2fb0e5bf0241656cce5dc7311f05b8d79633f2176f8c172a9fcfa9813e3963576363d539fa1a8a58fa6bba138dd0baa7562274fbe99be5cda60f4671747

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ko.dll

MD5 dd2f783c0017630f9a2969957f4eb84e
SHA1 d42218de12a7c1c48fb5e7d60e61e32ce0cd9ac6
SHA256 07e63e0e3d23f192ac131efc459c2d9f79a4ecdc39403d43fbff320c4b5fa261
SHA512 689f625df8aec45a6343249739ec094cbb1245a9dd8847ffe6bf62fd2d7042d529f77216dd22e8b33830cf21b158f0ef6ea42af2248051c8d97205eb0229a22b

C:\Program Files (x86)\GUM6448.tmp\goopdateres_kn.dll

MD5 49000b4a101e635b05123f21b360b492
SHA1 635f697f41c0591168e0eee10930728d9dec5a53
SHA256 a2aab58a4397c040bff69d45bef4ede6842034bf897799a9347232c4b6c9c7a5
SHA512 9b62c2048e9c132089cce7da02ea5c95b5856f1c6e28d5581f4a0b1748e681bdd78c7d537d273a64f9d476e4ec62da5c6021cc1ccb69f7bee216e7bec6ddc6e0

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ja.dll

MD5 0cfc5b7b3f86d6bfaec9a0713da74df3
SHA1 81a278fdee9edc302fe4e7a88c9addb230ce6df2
SHA256 1d7fd1b6a614538530385e7a40efc95d3b8be75057ae03bf999aa2419d1f9f24
SHA512 8b8f834ccee41c69c581f0b80f26b0cdb536f87bebd5a6b1f02cdf6f1aea5cf5b29c356e82c7a8fd591bb16c0938a790ac8f90f6d27edc95fc48a5aa3c30cbf0

C:\Program Files (x86)\GUM6448.tmp\goopdateres_iw.dll

MD5 31227325c8617b308ccd268c2be7e72a
SHA1 71e369f26e644e643fcd538d933e4087dd593f1f
SHA256 4a98e34a528eff04c2baf4e9e50489086e58d2e32e1851f33674abbe5e104c68
SHA512 ba8d94dde5b7b74a39ed54a5f3e47a558e0c1deb632018c82423c06806071143851bb1d8c7a7bada6f13e71734e7a29457f3741266972b777cded41c953a9645

C:\Program Files (x86)\GUM6448.tmp\goopdateres_it.dll

MD5 3ae3106694098f8420b182ad5e3354ab
SHA1 bc9dab621b03d4126b97c260becd7f4525255462
SHA256 59b406b29538c3c3d0f060b5fc0ccd36556f8a6278327935a5475c6b21741dc9
SHA512 f3625be57976083d642b01a41a53d6db6cad3bfc584a50de3565fe10975a5d7d2cf4f8b41bcdaa5ac70f8fc4ada113084de07e2ed45f26401dc2d4f8f4c322a9

C:\Program Files (x86)\GUM6448.tmp\goopdateres_is.dll

MD5 dae35fa037b6248876347521c5298566
SHA1 8358fc05a675ea56f720052fbb4b384d97b94d86
SHA256 ce0652b8dfaf21b6192b66bf75e140b3d72aa545e0edf62d9e82e9b0878ac5c5
SHA512 4158b8fef0da76ead12b5d6e421c5709664ba84d1ddde44ef6bbd1023084cad3820a37abea03b206635a945a2435b301234cf5bac3c8e2861a852b2699036ade

C:\Program Files (x86)\GUM6448.tmp\goopdateres_id.dll

MD5 7e7deef6ac35c9d52410fc356391c7e4
SHA1 43b3d918867a93ba109a3e4eacb45f3cd5c40b93
SHA256 963f4d2ad7ddcdcfb6185521c0590a92f2014897d5f5f525471ac81f3807fc5e
SHA512 9eb0e9be0a973693b4bd167f6c1118dd9d702b1951a90f0a3a6103e77c43ee6afa173b79d3ab21fe94a98c320b17ab0b787cf5b6ec47d9dde9e3e8c14b8cadc7

C:\Program Files (x86)\GUM6448.tmp\goopdateres_hu.dll

MD5 114cc594fab2e564ccb24a826f3623e4
SHA1 c3c3fb4ef6ea6ff0e7a1e0289320b2fd2788b03b
SHA256 c89e223a42d7173f915dd088ebc84b0048cec772bd4221b4b90ce4c0e419ffe6
SHA512 9a7eb5710340cecb2d32de26322dc862812e185b6d260d76c0c7f642f30cf9e43c88aec76b515148ef986db0c77fd0e31f71c8fd26d56a4cc72dff0d023abb5d

C:\Program Files (x86)\GUM6448.tmp\goopdateres_hr.dll

MD5 27c0dbd61a71420bb4d1a0be2373a175
SHA1 47b4c107b711caf5a6b2978bd6fd6b53ebdec5e3
SHA256 43191a4c507a112e96e06f959b6cf78406bf970b021ad8d7db59d1b9c52779bd
SHA512 d1f20e9a628bdcbd26b8d5de89b87bdbc8dab871651c86d47c023daea86c7ada0a565fdd05b48c7643a63db044639f4eb89d1640e58c9b32722e4926c3c5e72a

C:\Program Files (x86)\GUM6448.tmp\goopdateres_hi.dll

MD5 38525b8a1b15a8aeb4fcfc8bee8358bc
SHA1 ac2ba33b8ad778a8165c87b579dad0dbef5bed75
SHA256 271e83bc86e490cd5b6cb9cb34057c7684d233c56a53f4f553aa07507c9dae52
SHA512 ad8df196174ceeadce4588dcd365066665267b922078d92b328ba661a4ebfa6d06b4263a4b8a28e4efb4d86e1140d71a3c3bf4b7b60970aa20552aa7f0c73acb

C:\Program Files (x86)\GUM6448.tmp\goopdateres_gu.dll

MD5 a4061e8408cc59cb898adfdc4f173278
SHA1 ae34e3058a40449481590bb3a63aa0225b4f6f98
SHA256 e033c950ecc6333dfcb944e70622e77a6498ba0e23fd144117dbe9a2a0c15be6
SHA512 d8a847e9a21c86c7b9b072e16914f42185e3c0e1d99f6ea5259382eb0fb89578c7a7f9f62f892f1d20be180dfc327bc076ea038057895c8b92cb1f0c053e0b2a

C:\Program Files (x86)\GUM6448.tmp\goopdateres_fil.dll

MD5 5ed0105f4043466a99557dde1f70e97f
SHA1 c57c935cc4b25b6375ab3fcdfbb265f4c586ec3e
SHA256 cfbe0120ddf8d5574f7c44c85488f53aecec4df9bfb25f1cefbabcad5af46096
SHA512 4fa641810f758e0031388ec146467fc130780e2f2cc8495b6a2fff0679d7bcbe7526356f85a97b5338e84d791ba14e812b2c182fdae01763640be3324fb59526

C:\Program Files (x86)\GUM6448.tmp\goopdateres_fi.dll

MD5 57dad7c22bd635a5af8fcdcd63d4e530
SHA1 8aa11ea5c1cacd9b23c29989f22e82c43c827d0e
SHA256 1e0d05927a455115265db9308e0f78ffb7bbb5442f36b8483549efbe415454a2
SHA512 4236609e37ec41bf46d0f45e228c9021c1624e2f98a642eab513d290a4482da13764fcc2d044f78ebdc09e0cfc63a251678d169cb33e251d6f6d5de9b96c31b6

C:\Program Files (x86)\GUM6448.tmp\goopdateres_fa.dll

MD5 8564514501256ff045cf7aa6c1b5a797
SHA1 40b9aa8d04c48fe2ecf193c2089418ccc938676d
SHA256 f3f46a6da6c8ccb3ce7fdd0cb5882f45523decca95852b8c775bb90f8e92c1b3
SHA512 701077c8a1c70c1bd0c35f54aa838dba7b7b6f832e0ef2776673092fca546276166c3638676451c9655086b740b9e193cd54f952fd5fca481b964083b881bcc2

C:\Program Files (x86)\GUM6448.tmp\goopdateres_et.dll

MD5 5029406d9202d6f2f279fdd3a06f55a1
SHA1 dcca8bf9392faa0038c6cb5d25929726b16804af
SHA256 cac545e04d701c39f4a730aec4c3dad177d8ea4baca10651f150925644874864
SHA512 519538e05f8e21966e4878291692cf25057bba3c993c0034a33b1da7c9eb0a8fb881565717ceb6c1139fd601b73b1f1e2aa46e20aeb6b93f897cd2ef93172934

C:\Program Files (x86)\GUM6448.tmp\goopdateres_es-419.dll

MD5 3e5971e8559c77e8901ce30d14034730
SHA1 04cc21ac4a84abd29f7d7585282345881fd81721
SHA256 613418b8779f7440b88f1734d6c514706df9dc9a58a623966cc1c9ba4e29c28f
SHA512 b4592b25cf676db6d6de1be811c39bdeecc24bbfd4dc72fa4b3f97de866f9b0fec7c85f7d56f048f61829c1d8b4109e4a0c7e14a9e410e30a6a8da702941e00e

C:\Program Files (x86)\GUM6448.tmp\goopdateres_es.dll

MD5 5f8ea18786d5ef1927cd95537abc3ae0
SHA1 5530650ecc719d83b7aa89e0b326b5698e8adda2
SHA256 fa416294b078226a8919dbb8f75533a6ef96d63d5bd17aac854eae68791433cf
SHA512 577dc7d19e4443e8aede759a781826c091c17d12fb06e89b1306133f21e01dab919045183a916e1b5647ddf485134a8459745a9199df5c7e36abe192645d8e25

C:\Program Files (x86)\GUM6448.tmp\goopdateres_en-GB.dll

MD5 02465169cd873c4492196e03457f2771
SHA1 837ca5e54a8c12577d0d05a32996dfc04067c5ea
SHA256 4eb9edf550bf1f66382e5d8bd4958438891cd2ca46557d14f4b945dc176ec025
SHA512 e73b5f3951050f2903b80b89d2b9fd9ebf69adb922eb8238ef4c01f413ae67727d7598d4ac15f7ac8b9257aef0139e0924c70c5898357142a303d7e2b15394c3

C:\Program Files (x86)\GUM6448.tmp\goopdateres_el.dll

MD5 0d15748f01df49dae986f1e27dc098ef
SHA1 35a435bdaaf47795977b28cdae2e4ea1fdae73a3
SHA256 df13c38061cb0b02dd8a9023a17da0bbe1cda6fdedad5203129fc702c7fdd9b1
SHA512 290e9936f50e3bd11c1b9d28decf3b43f5e23bbff16801e7b0491690773d057b6bcdcf48c48a7ee16fa2400723b3e974e2b74e3899590a8e660c2e9c78b9d141

C:\Program Files (x86)\GUM6448.tmp\goopdateres_de.dll

MD5 1c15851d9dd22e4ae3f3bf249da79035
SHA1 60fc5652b5e1c55056c961d4d3b961492cb3432b
SHA256 a9dd72a08c0c58a71b2289d76efae681a5c8eb5faf73e49b873f15ba4050baa6
SHA512 6da386c35b317f39613da73340631f927606bccd0a8c626537eda896eb32c9a2ed1d71c7cf838f1a4b90553f3f788eeb5e02fe84774fb0ad2f574bf4e4d7e248

C:\Program Files (x86)\GUM6448.tmp\goopdateres_da.dll

MD5 9a421423686559027e4301d36bcf58b2
SHA1 9669424f4e7c765ddb917a515d5a8b1486f87daf
SHA256 9d8ff148793d99974fab93f38027e1999323a48620b303f82170751be5dd6b69
SHA512 f5d62fe17a820323c4b1832cd3bd9c8fa291d44dceb88a8a1a8f94c6166e550ab9baf9357c5ec3388230bc75f0ccd3aa2d5247fa5d242013d22c61001128a951

C:\Program Files (x86)\GUM6448.tmp\goopdateres_cs.dll

MD5 7f3dcd851645d3d75f636c8440fb057f
SHA1 85debe41ddcb46555a0d00795e41e460a35583c2
SHA256 0b31785d1931580cad5ef16d4ff5723802d12c38b56746e70fcf91d71162e043
SHA512 d0d21c397899aaa6a718b77195a6af1556309615616fd6583ecb84b04aa7087e76eb5fdd6cae0a4ff1c0f85bf72e1f51ae002042078095f640eb95da363889e4

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ca.dll

MD5 f951cf3ca93e5ae5fc1ce2da93121d98
SHA1 15bc869406857437babe41cd3f500c356913499b
SHA256 eb00cad19ed1d16f52928962f2cc6231d65eb74b2314976ebeb1ec860103e746
SHA512 b77086ad2b39723d697d7839d9243c1c0769a2cb0f6287cd3f2d64eabd6a48d8fc2d253e9089c6586637ed5dc5970c2608615fe77cef5003f0c4d53401ef73bc

C:\Program Files (x86)\GUM6448.tmp\goopdateres_bn.dll

MD5 aedf6d96ccb64f488379bb1fe65f697a
SHA1 901bbb7873d8f698f49c4b6be74fb50b353d7b5e
SHA256 941d22186ef1bfe27052e78d21944d6088cea152d1ede51452f04fb032c92f90
SHA512 d1d889a1fe75924f3569e07d9ee3f552afc02165210f5c439d4697be898b72db397bb89e7d0706259f92c1cb5759009f9e1ba5c52f764e63514b3da41dada1cc

C:\Program Files (x86)\GUM6448.tmp\goopdateres_bg.dll

MD5 c0b41217fc33a6a53ec69ae7399460f2
SHA1 d7dd8d543b7297f1a1e138efa1806972c9489c3f
SHA256 d75a1a41ad7e5277576e3bdf35a858be3a6f540d21c8ab4156c842d8f1b3295b
SHA512 37abb726b78421aaccdbc94b358cda6b581e89ac519258eb39c6a7f0706cfc64c3a96f5c29539ba67c6e2d2afd6f10b6b0c063b54366c03376ce234d132a8253

C:\Program Files (x86)\GUM6448.tmp\goopdateres_ar.dll

MD5 9c77be0843f0fe4864a04f8d5f24a593
SHA1 be03adb4d3c33520e652c7a6ee45f09d5ff54a54
SHA256 39547fa5d7b93856235288b1021699b4f36f0bea10b10d6b89ea184a3ad77bb1
SHA512 f504c98b03a5d72c078b38a2cc4fdd94dbed159f5a2ed47c2c4a53fc6ec8a3b1fd969d5ad85fc7503e64427a36adee7a14f15f1275a9194103e43c8a8ee45d28

C:\Program Files (x86)\GUM6448.tmp\goopdateres_am.dll

MD5 ba03b29d5d44341084eb06bea8f1e702
SHA1 7d8dd7556ea5e299b55ddc7477ca758fe2c64f48
SHA256 6a6aad33e2910c29a6d919aad074d89359c5e6723ced7ba4e215a62e9513749b
SHA512 29f902587b7078deb12bee6bf9993748109749ec12e6490d5f84bc9c532a5a1f414149d5760641ef052611bf2d441423d115dfb5a4c4c6f5e6d6a1f386924cf2

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdateComRegisterShell64.exe

MD5 2a3ad7362e6c8808fbb4d4ccaba4ed4a
SHA1 3f896f7df7fe202f4a717713c503665bb4dcaed6
SHA256 4dcd341907880c8dea840819628b19c5ea42ca2b5c61ad57147d0ac7da9b6759
SHA512 892042ac713e4d5b488262a584355dafa18d967035788799c1773eb39a4616461beb9d79a230d9f85cdefd1b4076b8a5e1d4bde17254bff1f08c3eba56469679

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserCrashHandler64.exe

MD5 deef1e7382d212cd403431727be417a5
SHA1 fac0e754a5734dd5e9602a0327a66e313f7473bb
SHA256 7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088
SHA512 6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

C:\Program Files (x86)\GUM6448.tmp\AVGBrowserUpdateCore.exe

MD5 dd5dc945cd848bf503862d0a68c3ea5d
SHA1 9b277a0c733ed5698b0656da8c3b99d2f90c7ef8
SHA256 8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f
SHA512 f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1

C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe

MD5 0dfa65976da7822db99118abf2a50cc9
SHA1 a06feeffd56b3ef7a227e64099fc0213514d7879
SHA256 f9f61393559bb1d76ab630b11953ec20c7a0d5979e48f27279e7bb0a92abda26
SHA512 41cb3ccc7a2aedb2b17517de1dac905adaf9db797e1fd487e7853438c2936096212582b20bfefe03e267e0e1650af503b802a13c43f0a55a6b803beb1f93ee56

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3748-579-0x00007FF911AD0000-0x00007FF911AD1000-memory.dmp

memory/3748-578-0x00007FF913010000-0x00007FF913011000-memory.dmp

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\10f9c414-1c51-4853-928a-99d51316eaa7.tmp

MD5 fc07ecae96473eb238d9570ac145b9c6
SHA1 40e791064c6ab7fed561242fe76cef504e9d67f5
SHA256 7f1d458d061048520ff23161194483cdec65a85a83176afdf570f2e8af441c42
SHA512 14eb4c3fb47acb4684545a3ab7a4f3488c18b25d8342c34e32da4c9b25b8c62806b06baca5f6aee834284de45325680a5275f06077cbb6761a2386550fa5ac84

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75730b9cf0447342456b06769e544e64
SHA1 f1c065396a7c9833743f184a07026ab6a56402f8
SHA256 ab31245c9a65d41886a1325253d5a1d54870b56e857e7b1087736d81eedae57a
SHA512 5522651a95bdad90e6e778a803d98dd665af760135793ac9eb02d422b427a34df493804282fdae5b7b2ce6c04fb4d7d35089d85c61fbe4d28ecf02025b387be7

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

MD5 282b7223aff4e44a26f77e740ba88962
SHA1 8c66d924dd448854b45c6652382b514cee299acb
SHA256 d1418dafb6d4a79b5a4e293e469f16911d37f20277084958672a64f9ff546333
SHA512 09184831fcd5d1ab780658fd9a22224553d5f6fe923a4771c283fd4c2f6e347cb4a406323a3c90655c3d83fd1dd253e6b106092acdc62d86e7301e271b202c57

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State~RFe5848cc.TMP

MD5 1371db58a1f17d0c46cd780ca5f61647
SHA1 5dcf8c98bb77e9b813f66e607210253cc3f4b0b2
SHA256 72c615a652096699d36affa0b94adde3b0b88e4afcf2ebc63260c72a15891a8d
SHA512 e49048d8d65c2383e4a7b390b442c1d9328073f5c824316670330a532201807be93aeb5aecd15ade83eaaae1f7339b13d22f12c064c40eb54f055a0aef626453

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fd52e3d0b739ae2a108b10511e378f09
SHA1 11c78af06662f8e4a940a3c571bb3272d428d4fe
SHA256 a9909c512fe8cbb65e48f447f16cbad09cfc7d35eeecca4127ebe111aa238436
SHA512 6a1f83e817bd3cbd297088a36d9ee76334b08ccb34e65d79ab914ffd2656cc06869c688d5e722db8fe8e87950bb4d8577b7a67ee6638647616e7ed2d1f00966b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

MD5 895bf176ceee1f9c661c904b30cf5c7d
SHA1 7b208f7fda25cc46b553bbea8ae9b9f77f0dbf36
SHA256 5ed9fb3df1bd699fda071cfc7ef4935f56130b465070952b1774c9db4ed604e8
SHA512 5c4e1f15862eee1381cc9095ecc2d5a5244c62d1d4d721f3a5444546ef959c357f2f067d0e848949779277451ef47fa3830c07b4608dd9aab7f8522c7ee062dd

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences~RFe5848db.TMP

MD5 c5bd17c907d1a0b0b733701ea39382cf
SHA1 0322408fc9faf0e3de8f630fc7fe5796431798e4
SHA256 11b3dbb7ec0b93c2b46c98dd3afdc04944631f07c7d470126d96a09b1e02d9dc
SHA512 8e076acd02ac42120a7a12d2cc2670ae3c9acee6801bc55f8106b01f92a35ffde008efadfd9a118dd27e0b23dcbe18f6023bc371babc578ff71d339b0f0bae6a

memory/1212-874-0x0000013629E50000-0x000001362A579000-memory.dmp

memory/2696-882-0x00007FF912C90000-0x00007FF912C91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b2632690-e71a-455a-a28d-f373696bc928.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_671477911\a17e08a8-1624-4c96-82f7-09d14ba38caf.tmp

MD5 f50e00df362d5a597b9e7f549df2587c
SHA1 cf6aafdc3f25bcffdcabd3a5db2e40d1cf42dbc9
SHA256 1518106d36a5770684ce0cd86279e19ee601225d9222f7f555421990a130eebf
SHA512 4691ef983c58d2f027bb0a283ed0a3b11da972588c4c4ab3462fd2e4546f0df85ed1c1f56a481cd86470e3ed02ee8859f22bd04c75a47ce1fe5cb5c983e64577

C:\Users\Admin\AppData\Local\Temp\c00cb1ea-4cdc-4838-b773-6ca73c11a7a2.tmp

MD5 ffcff8e2ba102530ce54f9ea1529ce48
SHA1 0d3ebcf3ca535032d825b6a0c5a4c5e45733033a
SHA256 bfaebcbdaf420eac93d20ad94680fd13fa391bb8d4f7a29603b5172628fc093f
SHA512 e5c8aeccc919a8b07442bb291b1da38a0f82f5a1352b8ac1edbbf9b471675b92cfae53d118c819ed32dc8992ef8efb943e8ecea73d28706a7c88b8d83fd025ec

C:\Users\Admin\AppData\Local\Temp\fd0e50f7-86b2-492b-b8a2-17725d5f4317.tmp

MD5 f75cbfbb5eaa5f46574955ed6651da78
SHA1 4ce276c03898e57667b401761fe1df5f11304a68
SHA256 643962e7cc16bb8e9edbea5f05473764199c7179d06a65bd88a0d101d1d5a9bd
SHA512 287847c5caae39fc80e90ae105a5fb0c9349f402872721c599eb9c9ccaf171437879f0ef8bdeae923bf4520befa316b60acd3e975caf8496f05dad24e1b34e40

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\manifest.json

MD5 253d12f545c3e24d1129e5f98c68f98a
SHA1 8a9d8c90400ec9b583504f5be98fb1d4e2e26000
SHA256 a14d2edf37826c68af6f4be85da450820c168cd4cf4b64be70b1bee8989d342f
SHA512 a7944a3527ce651dcb5aeb4861651649ec0e498a0ec616fd081f033ce7dd1235150b0fae046ef7b3006b2953d265ca8ce0ff324518ed732ae6dcfa0b58598261

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-600.woff

MD5 d90dc5001b28fd92491e2240ba90fd91
SHA1 c50363443e57440d39d47e1c126e38785e24ff7c
SHA256 d44d59ec2328d3dce4046b23380c9f9506db2e31a99cfa1caa207d41485a5cd5
SHA512 63279222a2d6d7a58958ebb9932ccda537d1e0ca008915d3a1fd5dadd35e8102cfc5fd9343d9386ac71c0f5418bda2d022d52b8a909f60d410039fad4dcaf46c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-600.ttf

MD5 5613b984da07ee40456c6bc790ca2f21
SHA1 acec6c48759b9a14a56371ae0027c1577f05dec9
SHA256 8d0e99cf50d6d7ac44bbceaa8062697392b9f71532d8e9716ff9cd2bf5a78103
SHA512 7f65f9f5574b2a8b1f35f3e5636f8d6e20f57137b878e143e092739dc585518cf2bc4f151a171e952d48d038b1fd0b44f703acd7f20e33c88e45e0a02efe9674

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\views\popup.html

MD5 e3709558c6998c808e07553bdd7e60b0
SHA1 ead5e2d02fdbb83b75f9a40c445184847d07c027
SHA256 5b5d11aab7f8844b6bab4497f82caf4a736f565301c4866c9f9b3f259a604437
SHA512 bc5df31470e49854d556fe8712d0393dcacd8c790804a6ffc0a41e95ab55bf5d964e3bad4156c37f06f4a2d68a3660be1a5683bc11b3b7fffe77a9735859dbb8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\views\options.html

MD5 268dbab3d2bef14c65aceb15ec0037e3
SHA1 c40f859765f4e32e07b29c5cf675b571a49388fb
SHA256 c10a217d93d9db7f3e50328b3f8a9314d8fd0376da88c00f5d5b9f2924326820
SHA512 010ee0ccc0518d0f00d8f14a03080b4507eff1c80e15acac5407ed86d09d82ad9691ae4354dbb23988e6ef8226709ccf083a02d67b0142b97d9d5b997cbffc75

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\js\background.bundle.js

MD5 f8a8d9dbf5fe7367770fa891e647e7aa
SHA1 e7b208ceef2d60a34a24b5e680b740eeac0c272d
SHA256 029d7a6b0044eee1b1f7a936e159dfecba10b318de7e05ecc3f6795525dbcbe4
SHA512 8e62b23c1de1ebc0d34f59ed795021b4b4116fc7c49bf1da365ad4895616ba8403403d45bd2c14ce58f967b5e266e550971a0157833884a58a913774b82942bf

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-on.svg

MD5 7d6f6b27842ae1bcbfa45f04669ed7e5
SHA1 b58d4e18d1de9e869a457520353e73384376b2c1
SHA256 cb5031b92d05a40fbbeba5c22fcbee49542826602a8ebc5aa2de6084755bfd6f
SHA512 69734737316105daa385a22944e31542f424e2f217d2f94ff8f6469c12f34577f7def6ac0c74fc4b0e13079791731afba23d273df95e5e0fbf7fb326f99c0163

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-48.png

MD5 455726b96e7b10bc519d8f68ca0ff700
SHA1 7c6cc22d7f5959a398a12c95071b031247f87b60
SHA256 bc6f6111cc2973f49b0305f79d5c33debe50a2d2fedf3ee612faa207896a725f
SHA512 1ca5db8466a4310d127b70eb8674851a814fa5aca8682f1f771a946e71e5bbd4ea4f2fba281ba6ad8921cdeb07e4947179144538c70b560dfe5d5f7791737245

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-16.png

MD5 964b18181490248e5d4b6ec1d37f8d56
SHA1 d7f7d12fa39bd48220f4d8158f05f39706a1cce9
SHA256 22f8515513e91b308c24b0f3acd2dfe1c1ca62fbf795d4dc1f688099d96f3cbd
SHA512 444b56391f4c87a569fe5a8b7928826462e15e2c5308e8b7fbe95260a1781f313e7e4b2c0a3295d1ea39c16debbb7eb08f32feaf478d27706de5729de143d983

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-128.png

MD5 bb04d9216907d7ce3552f5269ed56943
SHA1 8f38bc15605438f28f10f3a7b19405ac264a00a3
SHA256 5255543e412b35d417acbf1a36d40d593d30cb2d00e8aa54806edc2876b018d2
SHA512 4daf0e01d69da1f92b66d8093f30284f27fb4e0c18a9e86dd3aa281df2adce038d7878de3fe024d5627ea5980eb79a814b4f800370f4e4312100f3ef330155a2

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.woff2

MD5 81d0487ba73afd292730e6f89e83c2ea
SHA1 20f0b5b7cac1d9a707d3cce56b7a4c16a5a11d46
SHA256 557116ee5706daa3b6cb2f52e7490e22db9c30ebfc447a5c85458a5fa0f6f84b
SHA512 f069c794442a237d55a31a4f17fbfbf5d8c4d82c12508ad45371641dfa177f03b7ef59360d2e91237d5d3c38cd11b0f3a145317b58af8d0cfc0e19c65eb313c7

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.woff

MD5 2b6f63fce9104d1223d83dd12cd6038e
SHA1 1ac49ab02668c5deb14a497faefcb7bfa6c15731
SHA256 32ad89cba217fa7f180d331f6e43d87a75e8eb1b97ed102d178c534fd6e51038
SHA512 1ad5b9865a50dce57ff6571352ecb4467ab7c6821fb343f4afbfc85c7cf35a4c84a8ea4357fa7878919947ad913aa2d8b8318277373fabf2297e78ef20117aca

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.ttf

MD5 abd464fd52dec0108904f062f30b31d4
SHA1 f51881b3732bcb7aac9592f50184720e7d726ccf
SHA256 0c4595868d57ebb5f2793e22e8493bfe2606cd8c628a039d2d1a4fa79f642b05
SHA512 7ed6d565101bdd3e15596c7cc9ba8cb4c4a7be57333fec06bb01492360b409194f0ae6a8db1c368a1b1880ae260c122d1f0f551b74a6ea18e932d07687ccaea5

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.svg

MD5 7aab4c13671282c90669eb6a10357e41
SHA1 4ca4e88a77a4d81138206a10793507cde43e31a8
SHA256 f8396d832e2b270319c4e17df620c06f77293f5c4e7ffdce337c9b90fa75d133
SHA512 08a74874f74c1b75f7a93e94faa632d1bf21c2d42c85fb66c9b11138e60aeafea8874b7bf33facf7503d19dc7965142d78e5015a0dbc340da2b4550d232d7116

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.eot

MD5 916fcc0b03b40457b311609ac7226183
SHA1 193e96a3b8ed9720bdd05d56f81dfd9dea43b5c2
SHA256 6ffc257b02167f060ce8c84cf4137f896b812a814ecbdbf9e85bf3af99428dcd
SHA512 974b5ade776b0915c3cca3dc4f0b5dd6b635f0053f10658fe63145e16de623023ede0ba3571caffb1aa6e4adcb9d3b3ee3dfd3d58d00028311621372bcb78b48

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-700.woff2

MD5 15df1fb3e82321d94a0ca758c62e25d2
SHA1 9fce105a87ee8b8bef404942cf48c42ba5ea1ac2
SHA256 b41570405890d4f995da7b265ceb5cfb50246a940f9489525a8f526cfd160356
SHA512 6e18ebebd7d7101cd04394595e4243abaebac2894ec303978b8fcb892a2922539c945ee5c549470ce79e44dddb25ccedc03fff272fcda17883c29b504e5de2d0

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_206982167\CRX_INSTALL\js\content.js

MD5 0fe343f25f391db514d2866658ed3dc3
SHA1 3b7f2308cb5ed9e9ab46a440ca6db12713df68bd
SHA256 65c60616a95eed6880733fafc420edc0c6db609712801d797851637a0ab41c22
SHA512 7ab5b87b504457619e55c58f295084d6e3087ced8b3df677e4de9fbd42cc2cf75bfa31d8a854d0c6449d7b84def74348629991458e3293af3e14ba73567a1fd8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\manifest.json

MD5 2ef3e81554d0d9dd1ea05ae7eed6e047
SHA1 8fbad7d1d00796d85c9339f3a612417bde9ffc04
SHA256 d4208b59d3dc968b5d276eca1c109d749e709d6a1cac7dab152f6c2c2c421d1b
SHA512 780d32b8c21ae19b8feecff2afdbeb1124e0c7aebdc40b27c45e56f4fd568d9752d824c9616cc631604b021dec0afff0baab801cd7ce8b3d6870095422ba05c3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\js\popup.js

MD5 1fba2a51b1c640a3d2705cb5e233e32e
SHA1 38cfb5bb67ca4be6ea735fb7d1d1877f57cdd178
SHA256 cdaaabb9dc5bdc015a0dbfeaae8d8e4dcaf8e38e85f1799d655efb726a39ec48
SHA512 ce434dc5e473bede1cd2c31361d5f4509088bb9854544796ea4560a25ceb69fe09f41d9b0779285342305aa5eed6580901adeee9623b956e5acdb04f16fe021e

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\html\privacy-policy.html

MD5 376d8be16a145363adaf574da2b672d1
SHA1 48d9662d8ce2f4be35d835ebd375c1ddf59f0892
SHA256 0d857c0d6deca83d46501c267774d1fb8a72ce86ab0227ea6ff71f68e7ded8ec
SHA512 dfb6255fed3992fcc525a1d635ac9aa6b943251983fbc7caa86b0efd9ec2f000276ddf20b9b179ea8273e22fc444d45ec8b93ee5cd0f85ff8b4282c2d350e202

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\icon48.png

MD5 dbcd4cce9af34a045e5c0eb545995989
SHA1 50d40d2836d1c8a4d3695df338b227100c199f1a
SHA256 e15bf8291497ffb08dc7e3dd0b76dd050eafe6dfb7f0464240303538d981a3b1
SHA512 7e535a70c207ea16944ce47c2ae39fa9ef1e0a88cba9c221854f5e130126ca83beddcc6561dbc75407a8cb061779bd246a9d3fda5a5fe5791d898ff5f7a40889

C:\Users\Admin\AppData\Local\Temp\0ab67cff-1da1-424f-a31e-0341ebabc81d.tmp

MD5 21b06e448a0bee23eb6b80dfb39f1e82
SHA1 d60b3a9021a704247af4ba58bd539d42f780661f
SHA256 3cad9f24f2ec2bee7bef2410ef713924640bda964e865096db6dde37103481ba
SHA512 9678b1302eb289f04c0fad0a60455da7d24da4bb72177561f8668f0995d695485eba915bb222d7231a8188ac6ff3b4b0ffbbfe3b725b9c0112ca6af9465f5709

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\html\popup.html

MD5 2334cfb11014399c8db4f69b014fcb18
SHA1 e23e6db2340a558e0e0bb98826aa59c7c928378e
SHA256 6bb75eb60b35383ef30d6c45fd9d8d148162297ef717f26969aef939b2838dc6
SHA512 f115431c18932ebdc5680edb162689d85a867941a763574c7b305a5bded31fad36d7e364214d332bc66ee19745467eabdd2f79b349217b613a0b6fb101888ba0

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\icon16.png

MD5 77764cf85912647978f12a6b65e8a46d
SHA1 f95b78085dc60456fb4751b9b30637f176ae8698
SHA256 ff16de8bcf3194608559789e109d85fef81e4dcd24dee4e6e40a7df57e1b97eb
SHA512 25b7e4d8dd5fc02c07c2ff74c3d4d33121610e02273b6018398d78e010dc45c5c9379199e510b3b2f6051dc8de6cec9f95f167ad98605a8c64f6b16c29777570

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\icon128.png

MD5 025d8ad058f18588c7e212d9e69e90e0
SHA1 ecc58b2554faa651e47e0c2e0d3636d79d6910f7
SHA256 220292bed2a85099aeb4fbf96b6b29b66ee9136f76576a7a92c3baed63374c95
SHA512 0150c26193eb8acd4e27ae7b833fac1b0ade008db75a5652c155b597ae92d4dde80546809b60452bd44acfacd6e061c7bbedcb9099137d65a4a56111f89c9625

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\icon.png

MD5 6faa43eac32e83cb118659d318ac347a
SHA1 d55c244f488629756ab1ace2af9964b1e9bf93b1
SHA256 4b736b7baf1248ddea6055755204b3fd9c908f1be1ac168066a204149eb21c8e
SHA512 362039a9b4a5e2a2c3feffa232316be287962661060f839b1cb42faa9b71bdb6b62ac348f0f87eca67eb37544f69aa728fca5d52adc0dbea3c78c71ebd3500dc

C:\Users\Admin\AppData\Local\Temp\b42d4dac-a0d4-4afd-abf7-369a9bda81fc.tmp

MD5 d343a7167bf2962f27b54de17ec166a9
SHA1 cec2497d5ea819f05be656b8e15f79a6eaf27acf
SHA256 a00f73fe6dedd17fd34252c40d89c6be5524027ddb2c0effdbb298d7d7065de3
SHA512 64ada12e0bbd202c2f4817bb804d7583baaac469eaac0fd8db0df6bbc9d8d33603feb0cbeae6830b205fa056765da835b0e35b0733e3ce8964b8890aba382a4d

C:\Users\Admin\AppData\Local\Temp\4aea1c33-841a-4562-a2de-80f9f5d6bca6.tmp

MD5 65a028a0d2831eed0228ecda4ab9ef2f
SHA1 86d5eaec3e1c7ecde3f37ab36a017599ddcb2138
SHA256 5cae2b06bc5525e26e08cfaa43be7a5f8df88053397676cf81a5402a1ea0059a
SHA512 edad812dffcc0c8b399d3c5c216973bab2fe9e9dbc0d2c6efffc8cca5f1c58e126b83046c4c90febf003f3afd3d3c12c9ba46ad9d18975f2a6c5094643ca4f87

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\cross_bold_32.png

MD5 8700fa509bb04d3439b6d7ef765d37b8
SHA1 a1ccf88303db1032e768ba02117c8af465dfbb9f
SHA256 9f2fd5eb65300915a114741c84d0c182ccb6753d12bea3fabb3021f0794d9765
SHA512 d356327006e009e7c699c37c1ffd0ea076cface1a13df6d76606de8a44cbb68541e1e116b18f1564a2a7c91ff85eac348fcbad1c5d52d259d91b80e283e98880

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\images\cross_32.png

MD5 74a937332a0733a531ba6cfc44851f23
SHA1 54e339e3369125f25eb89f6982c452f41984912c
SHA256 9be12d0c6f86dc0852b6f2886d70ec259b8a61ae4b3b214e40c136ae4ff900f8
SHA512 dd4c3a8be8a68b28cc860395639bb3582ceb65c0a021a6de4aa8b84c10ef0947a09f08b5af4e25f62ba02a95ee729f9d9817ed7f4dd827025f870b56739d4809

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\js\background.js.LICENSE.txt

MD5 94ad18a298e8f3c03e16245453d05879
SHA1 f630a6be9dad59904c09a8a1c88fc96c3bca2d5e
SHA256 843c744616c171f24616375dfbdbc61c8c66f37e7dfd33f901bba90842db8b24
SHA512 55e83620f9a2c61ea50536ebab97eb99002c5bebfd4ce75694ff2eb5b570679ec50f5c0dddf2d3ce7de79496c5dc8e8fd0bf1423d1f4adc2ee9949cf7a6fdee4

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\js\background.js

MD5 071f800c21da32c48d5f581a3736912d
SHA1 54bf821cf8d7518c4a78bfec3191ce7124cdea08
SHA256 b2895afec7b11c937c14a5458162550f80fc03820f016644f7b0a89c46080148
SHA512 acd07070fffa4d882fa21eefd0f514cb0e7dcdd5dd1881ce0356a816e5ecdc1a95ff5a65eb75868a2233dfa4368f07f3e98b4e2282eddd330a757547abc2ad60

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\styles\privacy-consent.css

MD5 c83c747dc806cf7847fd56e0d18a0994
SHA1 966f918d64a703c2bb0b2e7ee2e23664940c6950
SHA256 9e4fc8a1ad5e978814a08dcc74edc423a3e98aa84111b14f9b3af2f846bcdb0e
SHA512 13ee1c9ebdff58dc8eaae04dcf55497e02ba1f1d4a41129fdf1bc8aaa2442662291396c75f157b82c42eebb900068e51ee4155fe1b7e5193de4c71d06d8f7828

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\styles\popup.css

MD5 9e9c56fe382a26a2238ca89489d163a9
SHA1 0cb73066124627a88e25d75a27f58a97109a0e4d
SHA256 e026f4b6bfba94b4f5a4ebcb0cb2ab216f8131780f245abfd6d17daec365cf46
SHA512 72cad108c43112dda3b483a5d3b29d44bdd1266a4364b8cfb69b2591c81f1a3f099920e8f72b492cd5e11c003be53d07b32e6ba960460486b2589be4b26f7c0d

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_954644709\CRX_INSTALL\_metadata\verified_contents.json

MD5 8ca60681b947bb417e0e92de2f1417e9
SHA1 515e4349c1ffbd1513f87180f3b07a6605e4688e
SHA256 3f21c2a6ebdc2af0d79dcbe0ad97b96084cf73619df239e6a20eb129d4b4b32d
SHA512 826c81f8ee01ca700d664953e735b96c4fe9e73c4b8788207788e2400fdb9d92bcb3d2b95a94e8beb908d8020a1e39fa7f863f7e2284ba3aab5285a2247ca603

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_206982167\CRX_INSTALL\styles\content.css

MD5 01b51cecd3ccae18b19885a3b0ae1635
SHA1 dd13c7d1f2c9162fb1ee4bc2bfca14488087c528
SHA256 60a4f99fb6a1ee65d31e56a2d6d0d27c3f58c676c56ec440de3c3a6ab6567d66
SHA512 f901a1d111849e9419bc11004c260693edb48f6a01a7652396e969829b62be3ab6ae3c6ae11c5818438233bdf149ba1c8b7d4922885799de2f00b03fa2a1b1b9

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-700.woff

MD5 efe9ead0aecdedc597ec9d4e745e0a58
SHA1 df6a1ea1917ea01c1f53f73cd9412afcfd254875
SHA256 c173db3aba8f65231290d9c956253e0f8bbfb12750e1c4c56b26cf64fdefa735
SHA512 ec781dce0b93d82d4096f8fcf1b3397b686d2415abadf543dd00ddb55a5aa49a87d063ed4fde670eca3ffb0c97c72df506265daf73c4b03f4d6d9a98996e9109

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-700.ttf

MD5 81ca5af45045261f536c71baafd77298
SHA1 4f613dced987f67dd32883fa0cd9298a20c102f2
SHA256 d123a1a00d692830f1f5276c64edfbc7abc9d0640bbb02596f83e10b14f89c0d
SHA512 2156c44e95f51c8a56ca2aca1d5b6127a9e76ce709506ddda2df37cac554fd04303f14a11232a18ac6098c8502ed515d2ccbd1f8671a180490acf8a573457284

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-700.svg

MD5 2e00b2635b51ba336b4b67a5d0bc03c7
SHA1 8338e3159cc9c5ff55cac72674afb7e90118ff19
SHA256 7e40ecf3b9b2ded5a267a3fe330eda6d71c10a1fc716d12237812322057411cb
SHA512 60979ca59776caddff6cad8d391d8191aa37f838f50c2c1343749060e88aaf40db8216e30e6bf00ac164be967a12c0221d72b6b60416cf455a15b5501ec4d969

C:\Users\Admin\AppData\Local\Temp\31731476-dd96-4da8-8838-4b1510c80a3b.tmp

MD5 06d466a1cde4306356506b35153c5ebd
SHA1 c43850528e8150e1f0e253653d2f0155d00585fd
SHA256 6b1205e9b435c6241ab9c244b1dc3c309c1d82211268501e71e43c4425fbf590
SHA512 5d79ae61fea7097ddf4b5f2c639ddd1ebdffb7d0e69b74aac47e166afbe94e88e3a4dbd1cf34d55c6c8b0fcba3c30b676c8460b120470c17278caf22896b0b33

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-700.eot

MD5 e5abc8bf8bd5635024706adffbed5846
SHA1 cde58bdbef093f6a589a69188bbeffa23708291a
SHA256 602e36025f912400eb552f0f522bb8a75e9e9db6a825695c89dcb49a5828aef9
SHA512 fda634368a61e4c22a0d8cda09e0c94feccf1579a9c3d20d2faa8567422c4a44ef9ae139a5efdb05619adfc78d2f6f4e5ebcfed40e7a0beb9ce0117eaf183a9e

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-600.woff2

MD5 0dd0a359a053b2b5bb856a9580da9780
SHA1 4f8481415cbf3e5900f926e0f1b2822ce991c36e
SHA256 784a7423298c587ce89819cd81d6e225877b32605b4b40eb3ccafb3f3f3e5750
SHA512 b7e09a097632e2c1a06eb08c7610b715bd2aba83e35468ced16256de4b96acb113f1946de74998ed1f246ce8e8e8f2a7a780b18aca2e0b56130c5c087e127c54

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-600.svg

MD5 e16f375be3c2a73b58255a02f6d3a9ce
SHA1 acc429c1bb8c8748b9fa1d00722401c8d8a8c007
SHA256 4a464102b4370f93e3f5d492dfdabc3a8d7f8052cb817d4fec0542cac04c30b8
SHA512 fdfa163b25cc25042cb34159cc357e3337b32630643c39bdf1b37a13c486ea3c02293dbcd2be790b25438e6f116566adeeaf7b437e85ae4cf410e117100b767b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-600.eot

MD5 1d509ef7e31a881f30ea87aae524fb10
SHA1 9682d47dc55e2f2722c939524855168ac2ff1d8b
SHA256 41cbd2cce0e80cc929588af21c12ebcfb92d98ef90d681899c4a2d275818d7f4
SHA512 03b7992b965977602a2a301e46d27fc6cf41fd2b8c95afc733212697f5ae155e15dcfdf3100274a7085b551e6ad465762e77e40f228038b0af4c42cf67f0dc04

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-300.woff2

MD5 83c3deca5df9e979b477c60c55772d98
SHA1 86332ac5f59a4f86a4c736b1b923a4a904743750
SHA256 a6c5ec600dfa7ca47ad224a89eb4b5ae06797927da4a03e54bd105cb1cc482ae
SHA512 6de271d508d7a7a96a21092676965aa1a3c7fd5615e70f36debb8662e4f92b03997e87a5c636f9f63a2afad0dfb4d2f3e3f54b926908fdb2d4ade616de9977b3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-300.woff

MD5 3afbb2a57bf45e649851c02e8b8903de
SHA1 87af1ba8c716ef612137987d750b2a27ea17c439
SHA256 19eb6a474121fafad38c135802d788ebe347a0e1f9438e7e24477e52c458df87
SHA512 06fdcd6c03a06d270fdbfaef3cab801b9fa8429478c4e99e11b02969bea293e78181a64facc6e853cd98c5656fdf1b739466a02fef545836e82b506d05bf332b

C:\Users\Admin\AppData\Local\Temp\5bc27eb0-2211-421b-a460-c34253b28e7d.tmp

MD5 79e1a051e0bb64259538622f94be9988
SHA1 9b53e95bdb4a0923ed84a69972dc7168bc2fc942
SHA256 5bbcdbe935746ee78233c06331293ccf7a62f359cfd2d88a910cfcb8d9ec65f4
SHA512 6beb6aaf5afb4b5f36cee371a149ce5dab8a4553446553a1341996affe10f888f6ec2de19cf3ef355552d71287844fa8cf988d90bf050008f4a7591cfaa31511

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-300.ttf

MD5 8c3dd994987820cc2b171e629be201ee
SHA1 39d6e91a35dbc4b4d588e400b0d20923ddfcfcaf
SHA256 b5f97120805971ceb303f56728f4b940e88a0b0ca8a6185b9561613faa510acb
SHA512 fefdd89cf660e389a573d7c576a788811eaea735e23153784ff718cabda78cf4624d0c273e43dbfebbc2325b5c0e5e6f3e7cae09eae55d8b1d6eacb2ff4f722a

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-300.svg

MD5 27ef0b062b2e221df16f3bbd97c2dca8
SHA1 1183c2939f6cad1ac69dc16d4a0b943d546e4b2e
SHA256 74df0c40c70eaef5c8fa9f3323b60940931240a3ac6b1623fdcafb1c4bed5185
SHA512 0eaf53651f23745292e64b346ff097bb6fb0294e351a4701dc304541de65926b8b8d7bb5de8b8be5ae8279a178f4f977a39190ae29443acdbb7819881f1fff64

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\fonts\open-sans\open-sans-v15-latin_latin-ext-300.eot

MD5 2d728b382ba4d5774b5cd3c985af6e63
SHA1 f9f17bb74029bfe8a12c82f1a528da926e78142d
SHA256 790fa6f6cdfda35b03950836a557d186a65f7c50cfbcafbd15c2fb8004bc11cb
SHA512 6845c0ba03c194b63aa3908ddfcef66259575c346ed1ba0b5662a3a08e8e3a0304a6f49ea9ecda12e4c2e0cee899c1c72ab9cfa15426b8506a8749e98bdd1137

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\zh_TW\messages.json

MD5 46b65c0271c694dd6fb28eb690a007e9
SHA1 7480cb94f90ac788792b3d4c077986a4a784fb04
SHA256 e86135fc21e9a5090399003977062b1ef42ef50ab134081c178642c1f9cb1386
SHA512 cfcde69635feb1cc78446bacbc6ef4fd4ac4eafcee22a2fa29f81040d6204cf58a15b82dbce40098a25ebff6ba1e66541aeedb734ec8469963887fb8c13a18e6

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\zh_CN\messages.json

MD5 79dd279b4fa24a31c0267fa5b58962a2
SHA1 d32bce6872dba9065a3f22ae5e7ae5d4fde38855
SHA256 944b3c946452b0f12c39a13c3d44d5836b22e6939be6d90b21fa07d91a87e4d5
SHA512 79d6dc7cb201019b78ca52ac04a0f3080322003e858725a730f5ae6e8cbeb938c06a26078519c0ac5b6f4057955d919de2f37050bf7bc74ecd4f325d3cb2aab9

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\vi\messages.json

MD5 b5f18b94d6479fa84715a4245f6f25f6
SHA1 54800434c74ac6a2e0fd8a1672dd8242b6f39f69
SHA256 a41883d12892ffb1d888ce4cb7057db2b6d00ffa8f037ea6e962927c3f095739
SHA512 e3ca50a862cc890157346600201c92bdc0fc67eb412cd0eccb4d3b90ef467788a32b84413ad3ba567313554076c5acf677a5f438e6a2147423dffaf23a4a2acc

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ur\messages.json

MD5 abe5427813da3a1efdd72859f8ff9f68
SHA1 a6366cb5d6d0d08b43cc2dc54e6c66c48cac195c
SHA256 82ad8bc296bfa1ecbca8866d1f6c078aa987346e3a37c609b22f202b53a5cce2
SHA512 a4dd9ff6eda79604826b6c03b983dba837e99fbf085e832b93d47fe225df07406ab9cf6296ae3093e7b37b6137b3122a2468447cad7d1703f8f5d33987840149

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\uk\messages.json

MD5 5e024d5910e23c1c2052b560a8ae62aa
SHA1 edf5ba60588876ac2fbc1787ec519dfbce9308cb
SHA256 bb3582dbdafca749ea74eaae270b5c61d61cc1961c2f33fe3a4e45e1b2306e26
SHA512 e465fdd296ae049def59e7856bb44cb087c1585de36db98505e8a15f909a92523098c4eaadd750a8aeb5d90065cb60521bfac4721042c80ba7ac4a76b0689dae

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\tr\messages.json

MD5 c6ac0d250d4483dea83ff01fb1dfada7
SHA1 15c863f7380fa277ae42da5514d73cf5af0fe503
SHA256 945b2841f8b7db64cfa9738e1d4e9ce652d0e54a2bd174cbabc94e494f44ab7a
SHA512 33a43f0c98b46af15021d09facc4d29f6413ec9276b2e70733573dc96c2f28877a7bb5e2ed52f57e2b22f975037482b84fd76fa793674cd82768b43636f92754

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sv\messages.json

MD5 de263878f8f7c10d670221567d9ecb24
SHA1 af91e39c90f1c06de18791893eaf1af1f34e04fa
SHA256 d0ff3826cae2bff8238c84f3a6f6870874e8fa93c65e73d896db9cc3c3f14922
SHA512 59d1a6f5c7e487cbf9d23cfd207bacf7aa20ff1f8616a3431370b6e1db2752d2b23fc5d3cc4b260804d3d98f1e61c2f5b5fed39440358f2dfa458e4df4db1fde

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sr\messages.json

MD5 e29a2d569b43e93a63de075bba9b51c9
SHA1 619fe39b5197f8a17090db232efe565338ad823b
SHA256 32c9be85fe0871d2acd30aaef4434f3369eaa1b3b12a39141754f98d9d7d181c
SHA512 421a01e0a27e39e56427eeffea01777cc2ac2368dcfd42df6adc368bcc6a1dcc5e07a26209e88c57f106dfb64f255e218cc1bb95e77e5b9cf85dbf11a1d68180

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sl\messages.json

MD5 bb93e260e7e2c75d4591c678ee93f81d
SHA1 942289144564a5db6d9eea6aa2c37cb0d83af037
SHA256 03371b65cd719a56ae34e00c3d05d20739eca452c0895c214847724cfd401c99
SHA512 5acd8afc440961ae342a3235ad94244f11f26f486d69086cc55d4e991c205dbc9b19fc82ae918a3fa64326ccad844596d70adf8abab81b212c11903d24308fab

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sk\messages.json

MD5 5cf9cd122e26346effd48db0c8fc75df
SHA1 21dca1f8f552ab09c765d80da60ff87e937af76c
SHA256 f43aa954098a6d72d3d5a9dc74c131b10f59eb111b5217913db0c0d68b7a4019
SHA512 f5819a66bc5a7f9dc9a80a0d3391ae68c9d6f923f90f8f8713ce96155ef95b726ed36fa71e6afd0d03a2466c9154cc9085332fb61263a4ed610761851c8d69ff

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ru\messages.json

MD5 12a9ea240df3a579c96e6aefeaea0ca8
SHA1 749ad7498f904f3ae4b7fd91db3b674df72855db
SHA256 4efe5990080b6388306f12b74b31c493701d45794e8a300a41f6a90ffb0591af
SHA512 cff032611e8ad4e66a404d8eae5951775c0c730fd9a0e668c56615cda7bb5c25359c2987820294b28999dbebb39905526299ce656c0887c9009c88caecdb5dbb

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ro\messages.json

MD5 fc0c0aac29d05eddba3b1aa1c974f426
SHA1 aa176688c93ccebc58ed53c344bed5c25e33900f
SHA256 f4a86eb6a5a67178bfa24255874090e9c80a5acaa458f14dbed91c8e9c3da1f7
SHA512 640e4b745e08d23a4bb0146054e99ab5a66552509f20d9afecbea42c2b0c67f402f5bb9bd3ca73a5ce788dc75b2af36cdaad36322f297017383f07fa0ba31937

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pt_PT\messages.json

MD5 7ba365deba378a383155a74a11ebcfed
SHA1 2c5e66dcc18e9178a0e6a25f79ff545af08abb1a
SHA256 381877c8038b80afe11865a00b82dd78e9676da2511bd08087257d8ffe8f27df
SHA512 19f2f5fd60334bbdec5a8a1facb15521c4ee90d60458fa42a8331a1f7dae9b0ba1d5c0d2a5386f160b157af0dd7cc33488e93fb6407623ba5fb93ad689eb4973

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pt_BR\messages.json

MD5 8dc02b40c5afd3142d3701e850dcb50b
SHA1 9af12b26f0ade1657e3d10063f44445de356b6a9
SHA256 9d407d8979bb58d330157be475c619f27ec2bf15c3530805b4b7518c714c4c0b
SHA512 8d9dea428da9a6bbe9b3f8b631541aeb97e4ec890cace542ca09a04474f9ecd20f31ba6ae7d421a54582eee8da1715a077f77cc855796ddfb3aea30457ff39f8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pl\messages.json

MD5 e6e130f30085ad6b55886fcaad73741a
SHA1 d30e6de45bae3ff58cd05ae6e75b45dc66fa7b3d
SHA256 8691f6363c4aa7fb4bd1fdfa0a2413dbf992eb942d719692f42b68ac26b3430b
SHA512 9c144743939659318894389dfb97184ab29f05a9b2b0cb823f2414c61c2129ec8f8cca0208db534024b7b96332a3e7c8452afa66043c03b1c2d27522d72c32f9

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\nl\messages.json

MD5 c33749fd231abd98f45fa1bd4d18275d
SHA1 2c30b01fc6f2a71f86d58832acffba4eb7646e99
SHA256 d0b6b9c8bd7c7805ea6dd883dc29ebb8d42f499ae40ce9dd7d9b1082d105b375
SHA512 f085bc98930b28117d33c85b34973317d24d6784601efde34db0f877251e506e9c345b0e4fcd9d8aca7b8d754f8692b5ef920f6c75f5d476917b32e8e4d1f2e4

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\nb\messages.json

MD5 d7e7129b526af85ee114ea293636ef3e
SHA1 8726f0da967ba7c66aa49ac8133528bc12948a7e
SHA256 8c2f8c2e708da78b2039f7ce7a6c825852b22f8f865f1ef7ff8250ea475b0361
SHA512 9a46dedb87fed4ddb699c289f3f1b67c7cf1ad3ca4f66b65c326aba6b74afb155fcb11a7688219c427ea6d93a9a09b3a1f2c9747d7c2fb0b5317fcc990047d93

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ms\messages.json

MD5 29d96f05a391ef594b04b9da43133261
SHA1 86fc11af431d61dc229810ff04815caa90d5250b
SHA256 a0395e1dfa50f0ba8bbd6118424fd1303ce19a3ca32972f5eee012ad850d6901
SHA512 1672fb73c5a0f73c7bf776fd9189e1e47ad8f2af17bfb49a6d299e01098e0de5761900ec909da31770fe86636ac8e667236490f0f612d5e59d9bedf182b90935

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\lv\messages.json

MD5 e6a8020d78b58be2ac40858986057522
SHA1 1b63a5f1c26ae7d01da0a2eb28eec39d28819e0d
SHA256 ec31919a5adea04160d6f722b434d6ab3e3ec72244f330fb3e671b3d4816ab1a
SHA512 3ba8933e42fefdf9a07aa666528c6e380bf025bb0a4d5fe7c18a404192d45493d68224dc51af9904c604775547b814ce00b49a8b132250fd2b7bcef9907d055f

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\lt\messages.json

MD5 416f2b8ffe43a7f035f41007d50fc2d1
SHA1 b9628abd0b6bef289b7d9539611577c4460005e7
SHA256 c960852e7e43057f6ceb4acb07d0a9f2a8601d44c5bfb67d69211bb2354b988d
SHA512 67f0dbea7f8616b1bbe30d1ae30e2bc8d4f4334aa33904728f093afe1672feea55abb15ae375787a2e9dbb6e246b33ac1ed74fe4de79f68c75e93f81cb3251ba

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ko\messages.json

MD5 f19d786e8a7bdb0f3bbc0f9e6d8455fe
SHA1 5473f500aa1b5d0cf6ec618cab463010e8386a70
SHA256 b45b7a2b28bbe59db53e26486cdedfe5aa5ee19dbd01ab94fae8d124cc3de826
SHA512 31d5fa959f6551cfc822c0b7d8e4d68baa9f7a3e2866f383bc1cc4e3cbb6e485da1491d811fc27d57e17bcb3774bf384c9b84da1cb3c5bd705a56551669a801c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ja\messages.json

MD5 ed7a51a91db6521ea2eb3fcd488b5f40
SHA1 2f981947fc94d1c310a58a182aaa251bfe86e882
SHA256 8a0aaf8ed4d59ade98354e5f596b6b2c4a03b5065bc3b09d6c13e9c983a527a6
SHA512 ee065a401a6d65312c12afe604dad9137a9247b96bb6d6dc01d14fcc9fa2c6c299eb5d0e8f1d30abe4b46f8b9af85e6cc935566c6b3ac2225666cb2628de53c3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\it\messages.json

MD5 3a40212d09511cf73a9abff33ff23553
SHA1 c0c592b1875794e1f086b116799d91fe03552a67
SHA256 4bc03d2796dda350fb148d6dccfec14e818202e79775a1711ff538dc3cef312f
SHA512 ca0492bfe61585c8c0c50d41a35573fc26657bfd7acde16d15326bf327bf04973c730e96ffc18ca83e05b365f0730c5d41faae1feb0717046e919332e1d781b5

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\id\messages.json

MD5 b664a816e55958ad35e9fc0bba1a72c6
SHA1 38c3c869bbee7f6e013dcb79a6b78e658079083c
SHA256 80242d7f7b07846e4dc49ee6b25c8f1cc71c7d161038e2a939f4bc8d09b22bb1
SHA512 6ef9ccdb7411cce478b82ed40d8d7d87b2ee185f368e49ed5ea8f3ca6e77e83e3198a27ebd8e05c2c9147d8ac57bada682b094b0490ea162869959e61c5859f4

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hu\messages.json

MD5 830f778ed7e5c02342d67feff9abd3c0
SHA1 793d0aefa539d3fd0f7dc4ef57d9daceb4713911
SHA256 0f2c4646e051b466bbbe8e28f4366d0cedeee9ce9d7646ef6155494ff7c1aa70
SHA512 44ae829af29acc1200fe4c8ba151b19d1e816450f45a7614ce40f72e544812f5730b4abd09de1ecf6310d918818535fa4e1360335263f4d2eaa428f96eb02457

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hr\messages.json

MD5 b0aaaef3224face221502b9be35433af
SHA1 352016e75d370e371ed85806e0e524b1189b0901
SHA256 3fb11705f9aaba63084e8159172b07af10c30ef08fcf1c26cb9a7af6c501ddab
SHA512 2282da110bf4937e848e03c22832a6a68e5022cca5b98b176d6f1b9abc924299d58c5eb6a3b6c441c30d36d0346934f763c1f16183e3bd0e931d332e5519d04f

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hi\messages.json

MD5 c3954827ca16d49de136110caf6f4129
SHA1 a1ed0910d1b12f2a2e5bd88645ac214b02f2c953
SHA256 7a1039337aadca607c99a392ad2558d16e3f39c048c82e2216c094ab26770d37
SHA512 6f8567ffac22f1fecd101a96bcfa5bbfec79cdb1ba0e305c1366fdab519df096b826d6c54c07ce4fb1c8520f2baabf008357d9fd7e18a92f35987131cdc49147

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\he\messages.json

MD5 e3333278d6a92406f8aa1da627b7ec25
SHA1 02b0d6f2e9547795e4240e6819948dbb9b4481e1
SHA256 10921f5fcc54a5bd0ca546b2ebdf2c65a4c062d96fdfd8b6b6adff4228b9e758
SHA512 6d02737934a77fac4fcfb1e489f9c1164a8aa3111a324acb4754cdb9512a0111a004ade9c0cb9f858efac9543d9263fa393bb1d751f4a61c8e3bc741ff826149

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fr\messages.json

MD5 f53ac5863deb7bde23e127995c086f25
SHA1 99a4f59892d06747b51b363de267f466a72e8008
SHA256 c7f83f037f2a9561a79b66c7c5ba6ec230ec038b01ed0442832471d2c4a4ac08
SHA512 c93e65ec1a08d792997cb13676ad40539dfb2bc1fde18b8759534f47b6908f7f4d84a2108b579fddfb8edbb4de00b1eb50adbcbb209296a91ba38b0f19bd9d13

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fi\messages.json

MD5 99bd1faef0a8d04fc945c3e11d31b151
SHA1 f5ea3cb156598052b99efce4eab2e9b64ac37518
SHA256 106d6f20de82ab642b825be080855448835e59fca46f6d6546c484502f8e6637
SHA512 3e652b08ce58f6f6f212fe62329cd441ca0fa362be464ddecbbf9a98c090082c69347820c7c8dde213061afbe5f12b98f7d76ca7bee135a757d10fa44d320601

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fa\messages.json

MD5 b37406066b6b248a9ae6be6d6b94c838
SHA1 d488c6e65357596a9178cb86db67183e9a7dbfd1
SHA256 84dc48a25f3697a1455743d80430def6027553ac41579e621e232ae3e153f46b
SHA512 259f9bd6619e44413a9110cef481f64b043dd820ccb8fa73893f32e71b3f33c357c6ab2dc981eef9a9f444051d8caa1fcb6128aaffd1fcd285a2724b28f6ed32

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\et\messages.json

MD5 ef87cb0ac7a3b415d75cdd36be6f4828
SHA1 f68f606d8d6ea71240ea1bc88d04f5b0ddd9b170
SHA256 0e56ef46d2c21ac8e1870f178b91f45a4726baa3424b2e89bf1d35ee01e25da8
SHA512 60f98c8feb52eb35a995edc1c840847f27fbbe666b894551ae41dd4121a8679e5b84002a1e8e932ea7d73f3826c46b10b31dff4c06b38d158a690c045bd220b0

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\es\messages.json

MD5 b87f24a632f1394f2b4d953eb851d522
SHA1 06b230390c38da48e958e38927c4f27bf4877c4a
SHA256 bb68ef6c46d390012368e42a08314c4653697cf0e4e6c4c8f76b788056d4dc87
SHA512 6126293d7917220d8b28ad13df87d1cc0757444c139058d144282bb4763527e0a1abbc86225448dd7f315807c3808e513670d81092afe6cc801f2f83379e9424

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\el\messages.json

MD5 9288729963e1230a74efbbf071de1fff
SHA1 17a438183e94c336a9a50e631074fd43b7d852b8
SHA256 c647435b41dccaa5f77620a0f4d423e1f777f5f0738ad706de86571f7ad76482
SHA512 d4d2dc015cb0a4cecd456799044c31958e4d281adf6216db6f73c24eef4e06e7f6aa3320c1abee96a63f978f5c09897f8e0b78237efe472d50ca087db38bccc6

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\de\messages.json

MD5 3c651f7432afe9d495c57abc69c30b62
SHA1 f0d6d0084a2b54b8ea2fa9f21c047341e42c762f
SHA256 0cf5f828601348cdd46fb6c260099d1846edf1b6f4a009e5c719a55e50ed3bc7
SHA512 2193461a027d5ab8df2defef283a36362e845068faafa7ef040c308532a4894c40dd6b47a121739ca7b6fd683df9443053bec46e3073ef573da2dbfb270b4fd5

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\da\messages.json

MD5 db729316339e408f888da652d099e6af
SHA1 747689da330277dbabbd2dc219febe22df744375
SHA256 b715724bba10ff50273fb7ac3685c5472ab01fc7c3024e7b457841881b7c8707
SHA512 5c52b71bf8f1a832d8e04f7f8be3e88ff8798632a3aaf89ce3550adc3aa41d3ba10f020e0fa9d95aa96b490827d900f8e2d4228ab79c737d2157268b31e09700

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\cs\messages.json

MD5 3b971c847376f49c17fddd94d99ee14a
SHA1 06f57556597827c5f11fd80c335c055d83c0c63d
SHA256 162a9f2cb434afc1093581733aa643a1b0263f21c01deb24f26d4a3fed0274c0
SHA512 b2e1cde93cfeb327cf6e78d8b1a4bda800881e5f345d7e50fe7ec0359a422b2ec80be61f3b248b4230c72a07d55db8264ead7c0757c1c16b38b3d3ca94bd408c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ca\messages.json

MD5 b1d37ded9d6e3569f955ddd213101059
SHA1 6cc5fa9f49c6bca83fe862a50b2f8e9eaf838e42
SHA256 1b20cc3de4bc55aa1af9a31618f5d07e630605774c7c92fca0862427b5a5de94
SHA512 095461240b28552b730ad24dead2b7b5191ba8c77703a1758e60c6097dde41834a3f6147cda5880bec52a363b2772025a55245f7138b515e87f9a64553b09d0b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\bn\messages.json

MD5 b5af23ced9a7a5b995c9fcb1119dc2b2
SHA1 be85158410ab3c36673d5b8fa14d5da07d9530ee
SHA256 4cb40cb8eb1f2c1fc2a6691ac0d2b7138299d6dcb0c1836beeee8a43af12f7d0
SHA512 b3ffc042c7d4246e87a1c26f0fd31a6130347f8097a07fb64be57dad22d7b5deee9ed922be647edd049dedfe00c8f4c066fcda8481ad65b3b7f32ddbd1bac547

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\bg\messages.json

MD5 d945e162c3b5842b29e7a11f22479f97
SHA1 f0c697a96f230babb3198b445ddba14a33c6c846
SHA256 a18a2d8484517ed9584229d5cf58f6ad7618926210249261c29af14c6326a025
SHA512 48a1f5e071892b7ea6c54293595948d9858d0a725f7ee4f3ae6bec16cdce9116402f2272cdf06eb9ae3f8a53a45f3c490428fc5591f59331ebd082cc56e15b56

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\be\messages.json

MD5 ab74027d0eaa6447c64c50c29168ac28
SHA1 a6e65c6362c4e80ad2b5f28f8a6eb377af2938b8
SHA256 00ea40f1306a99eaa642e3b613ce277411d53d88920d5deca5b1d0798b51d30e
SHA512 055c2bdef9f06a90ea2d2b10cf79318ec9c185fc334a70d8cf4551cde947958f5881c3a50c4b5715cb3a4585722b92bbb4a5f59156762bf819c0e6aadc5bdaff

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ar\messages.json

MD5 a5d85d08654dacfc837f7b6f72e6dbce
SHA1 2cc8f59d687cf8b686a7349f9235a80328b2e354
SHA256 b8598beb9b2fc91a17f86ef9609f0d49cf016ea48f7d5d0535b163df9bfdb673
SHA512 376cefdff2af3e597eca7bebfcf2dc579058a92220df2fcd9786d4514bfe8c9f9436939d9c432693665f9262cee375b68e96d1dc9027f73f7a5a330af3b81171

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_metadata\verified_contents.json

MD5 2bdf4d8c93eed2de85525f1d49b9f427
SHA1 7b2e62fceca17a6f3167b0bc6b13a9284ce7dc33
SHA256 d6b8ce4560018a0ea71c49e2fd9e539e2ea2fac775762d14277d55e47f503658
SHA512 4715bfc6e9ca088eead36c2420476a5f0c5cf22f69d3895cd13a4cf25dd1208fa329ee3149563f2b4c4e9210d3feb05b51380ea946772ea9fca4ccc999b8cfcf

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_671477911\CRX_INSTALL\js\options.bundle.js

MD5 fcf662e70f2981ea9fce846985a3db9c
SHA1 fb458741fd44ef6394418f2c83fab11955dd14f6
SHA256 e0b4c21430222c675ca600d1aeab56d0546549c760e44052cd7277dc3700e9e4
SHA512 28f564d0c6f3fb3dd08dada6b93cd20872e77f87ceffa3ba3c41ae8ffec89330b4397557408cca03737b7426255a23293bd20f6e2a6a72bb84eaaf8ea3830496

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_671477911\CRX_INSTALL\js\fpattr.bundle.js

MD5 7580759316acf0e6d7a16da84559e6ab
SHA1 f17ead86d623eb3527243ea6c6f5512a66fe7186
SHA256 f11caa7844dac279cb19b87a7704e4982804a131b5893ec436aa092df587b2c0
SHA512 181c4f78dd497539f010eb75e529f9fb48539d559eed5376860e4292cce86ac69b698d7791d64262cfc43454a98552a8a9bcfbf0c777e7e92f7cc67d035e59c6

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_671477911\CRX_INSTALL\js\content.bundle.js

MD5 97adfec6bd687e9709445afc0c573c39
SHA1 1186a12a096465da449f1b0df7270dbc5283f4b6
SHA256 c103fc2d0a2484f40fa091e188ead5757b737bd86d2a926488062436df8cdf50
SHA512 e242f0673a8cd0f565a4dc79937bf8280421e2d90a0d7ac6cc18ffbc0b54a692edb714d9edf49d096c88cddc6465df086c98203d1abf960ac66e1186730bd009

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_671477911\CRX_INSTALL\_locales\en_GB\messages.json

MD5 70c7984777731215a65a737b98c49dfe
SHA1 60da2b4e5a80334aff5cab61d67fa0facc62f2f8
SHA256 fbc68d0c4ed3346ae2a84580168d43b8ce12bc97564e04131ce47a0c3328f1b3
SHA512 2609a01feb2f4aac8edb180d854dbb5c93e9b053791d2bfe9c1bc3d7baacb8fcc75c0953d7e150b2203ee1a2f4e65fffdd281bcbfc2fa29326576d7b887052b6

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\boakgmelfgohkobfagbmnlnmpccbnaif\2.1.0.334_0\_metadata\verified_contents.json

MD5 da75d62a54c62f3b76eaf5a8dfe0e732
SHA1 36207df1be4d0455d7c143eb6dc2deda7d3d6c4e
SHA256 944d212eba8738de04aa1675e140b64a7019257ea57b97fd780d93f14e3007ad
SHA512 f9cd02d1a42f7d47ead1b769bc318239bc775dd0869bdd64f19a8c0c2ba7f96591e71231e1f21d87133574acf721d213691bc923666999bdd664399adfbdc515

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\iconDisabled32.png

MD5 10fcac9e25146799f631fd4836a592e3
SHA1 fad31ddb5705203a28d3d3677b1219ac3c3755bc
SHA256 07e74e96aef7c37a0a8fc29d0f9e79deaf698cc8de13a766a00ad40ca41d4b0c
SHA512 2e828b1222ac00cd9a21c7ac74b5103cbcbe297fc61c2b778899efad36539a41e287e59ab30e546d0c80c30a3ec886f5303f6742cbccd53cf4dcfb9a44d69d8c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\fonts\Roboto-Light.woff2

MD5 d26871e8149b5759f814fd3c7a4f784b
SHA1 6b773b76e0a6708ee4040733cd0c83278543864a
SHA256 1d8f5280afb7f4fa0db5cdfcb751e180788b0f0da1488309c4243ebff11a9591
SHA512 65c8a0aef476ff5cf8aaa29b2a315801417a0347ec5f99b6a8e1229328ad551c0733cafe6520fe916b01672ae7fd52dced963ab98f38f195843ab9aa9462ccea

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\fonts\Roboto-Regular.woff2

MD5 73f0a88bbca1bec19fb1303c689d04c6
SHA1 463a07f5c66bf14e6d9d6e0f6d5e3fd3cb11f4ec
SHA256 47107401d0adb375ab9aa167f9d62489a849d510e740a307b5a4db60e5db3562
SHA512 18b8ec54deb993702689b44e269b1c9fa38e2bf3c8053bfd778da4cfad821a1d8455ace8085f65788a5ec8bf71339cf1446c845c23c5f59e5086bf44e468eda8

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_438401782\CRX_INSTALL\webstore.js

MD5 ff713828113f6377533d41a36bff5ebd
SHA1 7157c2333be0a6df2db2dc0c25d36738acc823f4
SHA256 60657bad3b62a195d588178203e25df302ecdb8b51fcc49cc4f628aed8998dfb
SHA512 b55bd6b59b57003785db6a8f7e0f46b2ff4db619b4ea143c09f1e456ff1c5efffa46226984849cd8da98f48c06a79a4d00edccba3b7e1d4423e448f1be001113

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\_locales\en\messages.json

MD5 c01bda904507ad435bc35744985c4ef7
SHA1 2c298313661fef987782c54829d0f16dd8b129f2
SHA256 661505cb11e4b456a6eff122a081aa95e742b405de833106761a90193b2789ba
SHA512 52870e5b03ab7db71a9588e775b379bacfa34a4d6afa856d4b09902ceb86b8f92b5b610c4e6db164a13a8fa92241030bc110fc6688a612185902af6e24d1aa83

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\_metadata\verified_contents.json

MD5 0e7bfb2084dd49ad6bd4b927d594794c
SHA1 ba3bf3c75cce643968c7a3cb9fe15f9010d938c3
SHA256 e281d85bb3163e6ec3ead28efb084400207b64e690c8302d87f7924b821e0064
SHA512 2f10dbd08b917c8c674cb658e9911202d6f601d089ee66f05972bf03e27ff48c2b02bf691bbd30da83ed9a4aa0f8b9f72dc3c0fad4d3754833713b8489484060

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\popup.js

MD5 d678d1c275e66e2a2049c30745d6f0a9
SHA1 f47d058e0050194882f2313231cd25d7efaf5d62
SHA256 12ffab848cca31b75f8c838491c4d5285d5193af8d84b75cdcad358e20af1125
SHA512 79aa3784daa6fad44d920110893833fafc3a3dc04c22d26712475cf3b8006446f924bf15643b105476e087b49e401f56c7d3ac26086334d72c1b0da9ec0cf4b5

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\popup.html

MD5 533e314c6b3d2d31a1d89f8885c80983
SHA1 64605122a9279193b2465d88dede450471935779
SHA256 98050462e9480795ab7e63cc3f097a4bf6b8292e1fb27eaadfb0e4ca6e7adbd0
SHA512 1696447537d7f0370a7a1c296e59f709021ddf0eacba62de33c9fb794309aab1eaee3a5c9534a26c0a10d6f7ecf81a707c932346fc90c8c147e905c5bd560f77

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\overlay.js

MD5 2e139f8901f0224cdf3c8282de49eb99
SHA1 6296747c5a575f79367231f1787409df1a88244d
SHA256 9a72fb36f88ee3cdec265e68d9483c86e0ce4966d9c236a5c3d05e6d463ae51f
SHA512 018421482734e7d68b817c2370af79715bfbb9299bbc0787f4a785395b97e397ffaead19716065ec1264fcc77297b904156b440c3d0a8b7e5a117658507a2d00

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\manifest.json

MD5 ec4cdef7fb696060841f410da00579a9
SHA1 2057908c60420c6f5656c06cb87caef2af9421bd
SHA256 cdb802e0c9f2bcc8d12b708081d2690a42cf9b8c60109a8853bcf609b3dd1082
SHA512 bf314d4f27529992d65a30f2985a2e08d6f7edf99e7056d68804f455564bf2409aaa7ff19eb08b73eb2a625bc7d08685201f76ddae970edbb7a678142817c6d3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\contentAPIs.js

MD5 230487d1a334dd93e1e58776b649e666
SHA1 9c4f5f40d18bbd7e8743e3a169013c496868680c
SHA256 1b6a880411a56415ba5c81776a8f3126f638b6f555d8303aed6c9e0124275018
SHA512 100c1d272b8eec8501cfab0167b9e46e417c7bed6fe78824a22bfebe48727c77661854d17925600509b65399b1fe345d142c6ae1d36dad4b56ffaa5d04dc941d

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\content.js

MD5 748826ee616784ea761c6b2efd8cce27
SHA1 e407d92ea2aed385d144f4bf32f636c562f0fbf3
SHA256 f971751d14373439e79c62c5fb48c5e4b1859e4318bb15831a94fe499cd206f2
SHA512 bc6b139c1ec9495c8433e9de2c7aa09b268d9ff9c2e7e6eb1523e9d41a7657cff763cb0cb9f3afe3fd728e38f6d596866f42c3ba42295b8b2cca6e00297aaad9

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\background.js.LICENSE.txt

MD5 275fe79abee3b697f1673c8bd9c58856
SHA1 cf2b1a01feb5dba1eadb49e8fe087675fe70a7fd
SHA256 d33efbdf4d309bfa4448199551371ff81d5f57661b781faf79d256554e038595
SHA512 f6c93cc7bb4d678fcd51ba4024371915d614621b0f526130ae0a51ac4711c8cacc8881282538674867c11b0e37c1f0cfb5a64bb047c92594e0a4d4c25b26a932

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\ccleaner\icon.svg

MD5 53d3147175fffe2d71eed5db7ab21138
SHA1 4f3c397950706342b86506e33229fad0592747bc
SHA256 fd9001d35b016899e7b80302ce3f754508390a5d5775a337aeee12d0cb1a919a
SHA512 4b0160e80c258e43cd9087380876ec7815d30dff1954dcf2662ef2a4085dfe564fe7b998044832afac26c902fe5f744fd7507ddda7ddc37be956a25265de23b3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\icons\icon16-active.png

MD5 7305121e28476f6b440fc21199bcc987
SHA1 d23ac11334ffe6ed2a4c068c88f48ed3056fba1d
SHA256 5887411ffe405d0036d5ae35f733dce33c58552933fa298cc78fb3466864464b
SHA512 ed7dbd8f1617b7d4c1b8b09939ce8e5b4be2271892dbe5ddf68b43b326a28d48ca6ca46c53dd81fd9f98065f2a61cff7fe22cd98ad4dc7b8c1cf0acfe4b4dee6

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_1746507158\CRX_INSTALL\js\options.bundle.js.LICENSE.txt

MD5 4e994bc011dc4913520bd9f4cefd135a
SHA1 de9aa409a953bce76c488dd9b7297a23f63eb909
SHA256 923090b15eca2d9a8c7f02431cbc23961b45e34a33c6ca0df8c162abc6f91688
SHA512 2d64ebcf3b135c6249d4883c54de3f9bc0cef36c9c071b1295816ee416481659ee1f62d06c92c1b4a92e48c88cb29312398d8cf4e54d3dd5112d801ef3b080db

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\icons\icon128.png

MD5 6a26cb923b8a415d07c30e8b74ccd136
SHA1 d51efe6a0c87537874de4e6d1aab53bdeae5929d
SHA256 adc7ed578516e060e17cc37241d1fc058777cb0fc808def60d8bfa2309bbbead
SHA512 58b57af5d6b6755b136e1fcb32e5a97302c473c560b69b5c2c1500bf204a5092ab0b143a10a50e4bcf0a2cfc926a98f1d63f9964097dcac5bea7968624d47789

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\avast\icon.svg

MD5 91a7c3ec0467f0e288f6afa178656bee
SHA1 e631f3800708f0ba1436200342726a3cb588f119
SHA256 88954d793a1c88f81a124b6cd9455bb7c99727ba49f99a437ae21aa1471dae92
SHA512 040cf05168ef32067205a34daa863720d698bf2aa8fc7a9243b5854de2080b51ed03164933ec67f5edd8d9a5ab7b4bad09551f100b5ddffbd164141ac8ad2a7f

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\avast\icon.png

MD5 94a73def8b7e2c9ca07b0d974acae57b
SHA1 5dc258192300325ade68e7ce5079006e7ade23f9
SHA256 a0ea771f573c37d239707dbe484aa1de5764f77581f6eabe4c856a01d84445a7
SHA512 b5c3bbf626987c3b7f80e534d889430235a7950a1d9e1df48d67b9e3d7d9824eadc6d7871d46e0ab4875edaca8c7dab7d5109b658d8ea0a98ccbef9e47b0174a

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\avg\icon.svg

MD5 44b895cde80fde31846a76eb84925017
SHA1 0a7bab1bc7f7c05e53e78ccc0000cbd0ec763689
SHA256 98f371676bb73135c55eb5e40262bbfeadefc717d0bf175b8da627136bf07164
SHA512 009db3c97f0112966efc9f17ec3e66c74c4ce9eaaa404a5c356c3e201d2d5e7ae62225423f176cbb1c826d13abe7b589a43e40b461b7deb3a5a4a6ec0de7b5a8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\avg\icon.png

MD5 06918658a5144d15920ce3089802bbdb
SHA1 58df1500c80c86c68f08499d636679cc13090021
SHA256 b2cfb79adc45a5587a0b187580a72fe778ac14c4c073bd624efee07de9c27785
SHA512 e5da10ec6ad6161b9757fdc37572c405283512ae14b8cb431358d72da295fdd3cb2ebcd0e5ba414dbd84bf12aec5eb229ea8111f0509f9d008cb5098f9605953

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\img\logos\ccleaner\icon.png

MD5 e173f076151ecaa315777a1cdc6394c5
SHA1 0c3423744ac9c011d4f40b9e416bf9bd0748c753
SHA256 ee060039ee5d705cad81a871f1678864a801f91a2e800f93985eb00a0d23a16c
SHA512 069f004e642256f07dc078164dfd02912639d803aff32337080b4e78fb71e84965a1c01ab16357bda0eab50b1382aeebc172c2fad9d11b68028d055ba9e40bfc

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_1770147157\CRX_INSTALL\background.js

MD5 d0d58c54aa20e17a2fc7c90c5cbe97d5
SHA1 59de8f3d461128d40634dd9359eb8fd54d47fd7c
SHA256 c533093e78dd57b7358b779dc5a8f1ee2b2fb0d79e3a38d4f3a9d8cc0b9d7149
SHA512 c3c83771a5d3dfcb8cd03ef10bac4d55408444b17aaa1e6c88746a9950c8fd4051545260b8bea5c01e8f7572a470b6da862fd861e8e12be9bfa235487b0f8aaa

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_438401782\CRX_INSTALL\img\icons\icon16.png

MD5 74d658682a89aedc22582c15fe8d8583
SHA1 d0320a5c085a96d7f87a8f07e2045ffabb56449d
SHA256 7f4b72bd4bb72d574b516de85126cb91d9e9492af939f3a9bae80a8ccfd53b56
SHA512 cf62c3b790ac34bc07411ea158bd5a1d3e3549738aafdae6202fc37a2b429effda94ab2569f3314ad48d05c0fcf99ba97dc65b5faa1e5b92d9da41f548f0acb1

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_438401782\CRX_INSTALL\img\logos\norton\icon.svg

MD5 2ee58c8732aea4203ecb92e16e5ac68c
SHA1 f8cff9d53e57833e10ad2cb2489fb75a57ea7003
SHA256 cbd20bdea1a73d4cc506fbafb729d201d01fa08f1884f4495289672f34f398c8
SHA512 f6deeb2e330be99e4d5ac63625f7b7f2a052ef2f778c99657714245e9b2ad912dae5029e8dfcd5affc13bc4c892d4ea508db471f009d6c550030c477ee98d87d

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_438401782\CRX_INSTALL\img\logos\norton\icon.png

MD5 75e461d8925e8468b3994dc838bfb68d
SHA1 40a05fdacfcc9f153cd3df62a95c75fe148fc0fe
SHA256 fef31cd788c1845647cb739db304cb65fa21129a93500f51d8865ce52f75a0d3
SHA512 880c83b8414bd441d20d61360b7018b4f6fcb68c2affd8b1e32b1d9317e86dda8f9eba925df31b552011d5158eee2f30970756b26b2e77f3cb91ae35c8c37cc0

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\fonts\Roboto-Medium.woff2

MD5 3ac5d40d1b3966fc5eb09ecca74d9cbf
SHA1 a69f32357765dd321519889aeacba5e9ca893bb0
SHA256 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
SHA512 a88b87d2b8e141236118243f66dafac6c9c06fa7858e56fe36b59c7079e8c5969ad46aa7a0eaa81ee79276404fc835f7107765618179d6036d38a263390f02aa

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\fonts\Roboto-Bold.woff2

MD5 b52fac2bb93c5858f3f2675e4b52e1de
SHA1 977c5749fd06192dac5224811ed69e53a6b2b47d
SHA256 8e44376b735dcc9027acbcc8a0df64c3f886a23529eff27b022f344d719e90f2
SHA512 ca31f9be22a3c5ea802581a63e29d4f205a4fc5d1d7f6ef4bbcfcedf7c3689b1d46a2145b0eb424e3671c40e55136d25551a77c9ff05bae03c69ebf1a4f9cdfd

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\fonts\Roboto-Black.woff2

MD5 59eb3601394dd87f30f82433fb39dd94
SHA1 6610089bd2ab6cfd41d16777ad1b15994d429bb3
SHA256 41e55c257815e19c8e2384b6d1d5180590599a56f23f3eab417c5fc7aa553511
SHA512 e039c0f2d3c7879f551ac66f967cf0b26f16ddb6d9fba3283805104ec9ed183f8c8c19c448e640164a635e45a113473d89066e4dcc0839e9c210e619589b425e

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\iconDisabled16.png

MD5 df7761005c523247ebe938c66ab20403
SHA1 e99d95269092fcbe49221f896f6d657ab9b7ec5c
SHA256 79998c3321ac60a48a7a83f848622a1fbcd5bf18251a69c7b74edb67181d1bba
SHA512 1bf54b9526fa22c417c88f84df86eb054540db926492d21699b194999a727830912c1fcb53450fdc737bc0b3d9662e249ebaf813cc077e84b6758326d328726b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\icon48.png

MD5 3d0c230db3f52326a0a102654d2fd5e3
SHA1 07d164472540e7e1c56a151b405255729479c1de
SHA256 2af2fbb64a452becacc419bd4aa8270905570ee3769a4bbb94e4fa3367e2c877
SHA512 1b1324f6748630374fe9143da01efff3aa3ce60df6dd75e2d45b431db318ea59146d8589090e3b2d50c58287618cf55177f0120c3e2fde9d239e3b94ed292e45

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\icon32.png

MD5 ea1c06120bca8bee757c97a719208631
SHA1 a015ea87e1a683a1b189b589a33a908bbf250514
SHA256 93b175666922007b14eebcdaa6794e03cf2b0630e2cb4bf86675b4cf3e9c40f9
SHA512 9c6540d0ceac5105c38a171fe5a3af8f81a163dbe60ec151e6ca1fdda58aba02fbf8bf99c49ae2c6cb3b038737712a15f2b6fdbcd913e9d3adc1e86b49a31200

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\icon16.png

MD5 f71dcda95ea1980fe79935dd4846cb20
SHA1 6a8b5fdf8ea8efbc2f9830baae5d701564927451
SHA256 e65d2384d36851b6d1be712ba196a9ccdf1fe6c18897c002f483845032690ca3
SHA512 f15f0b6fb5589d17c16d4d39d4e463c0e0e61ceafdec2ba17948f577c3ced6891b98b81dca41676d7881be44aba78a953e1fcb9902ea5e8b6a6a26b12f14fdf8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\icons\icon128.png

MD5 cbd7c61d6da977fdd2dc2658d3a3e4e1
SHA1 d74fd35f16988c89537f035a916abb8f5c36108d
SHA256 2ccf7819424891f8ef61859479d0808a3b90cd0cbb20e4f6cc95187e70744f58
SHA512 2867869d82e74b5fdc90ae65146f7373ddb67df44646b95992d730e24e82348159c3e058dfe48bd260e2a2b3a7ba456688b2599907c5b79039472ad5a6978251

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\_metadata\verified_contents.json

MD5 670c300e76c376d4070ecfa9ce9ae637
SHA1 7de97044bf1011ef55a448ddd3cc169d2e40b296
SHA256 4fab6735a4d779a411c78cb10461a91cd3200bc1ee49b3527cb795ecf715cf39
SHA512 93ce0575cca6cfbae55b1bf24c4c68c7b0ac4268bbbe33e766c1352ad313eb5f664b8fe484a9d87ee5a43c23e1086ca8333e2b56430a0d549440c614a7e92203

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\siteScript.js

MD5 033e8d56471cc105586ffa81455653bf
SHA1 e4bd3edc321d1c9feb0839ecb5a2f57731bc0e52
SHA256 b4843e615ffaf5802d1f553bf182d79a99b59921aa2f3f6c84d28dae5b9f2b0c
SHA512 1ad02dcc24f11a79a0591dd2ba3433d7f3832bcc7edad085794be17d64e965b554ae5b44d0476a2b4cb939e834f9d3d6c459ac0765f3ecc886c7d9f7a551924a

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\popover.html

MD5 49a7b2740cad481349629fdada7cd28a
SHA1 c4cc9c878ca6a036ce273ba743ed558a62fc0b83
SHA256 d8a1e2839a14509c2f61845849a2397b8ba3aa4762416dc335b879a812a60305
SHA512 074dddfea2b17b03d3663257f4bc68912d41fe504526edceab5583499c62c59e83c69d20f51be115b9a9fdb8c4cbc14e3011704d5745b347e83389f0237dda7c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\manifest.json

MD5 bc320552e209e176ef2827f5c1fec4b3
SHA1 8ca2592223a29f302416e9c477482bbe561004f5
SHA256 6cef503d8225ff2623a9b95d513e5c3f46647f651b3109bfe137c2be26b7ae76
SHA512 560a2aba05dc0f08033c917e084cca6088d1fafed15dca8f4da1c545b3f33fb6a58071e3b7a55ce5e5208edbcf1c8a82783357fe5b0d2a4cf2577792a94a578c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\contentScript.js.LICENSE.txt

MD5 85d0072ce63601702a8aac69046392df
SHA1 75cf9b16f86a3de6104d44376bda6c96720c121c
SHA256 b420cba7020a3d8223942c1c867ac29f40b917406ea6b722639cb9f3d539f39d
SHA512 a5b04a7f191b9203cfc69e39d6535199b79d0f8e2749366c0a4c7427af8dda11dcd9d3954077b4a5d4f1a939ce7cbbd5d3ec98167f5392d8dc61cbb2938569c9

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\contentScript.css

MD5 1c78d4d465c2ee05f45c478f3b26a809
SHA1 be04c109c4e3cec8f95d10c05dea1206ef92d9b4
SHA256 ebe2e84bb9a91d983335f4f9fb8d7366ed17e4c969885244b98ad2d40fa97178
SHA512 ad8cb15b75540aabe7c5e212dac4ab6b503462c9d9d38b19df54e2f45fa1c2e3d48c42050e4aae54870ce3490c07076b482645314a1ce10ecbc6bdcef4499bc7

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\background.js.LICENSE.txt

MD5 76e4242185e4dc5c685b94177d7ab7dd
SHA1 f8fa99ee4b5d70e0f72b61493390fcb4a282c296
SHA256 9145d7b004e4f8e7894b2ed612440eb45d756a46b5cfd66e3784b904c057dacc
SHA512 c4f6fb1035a25aab15982de501857dfe3bb6c70515303abb598cae9ffc29ca0fcd0eae67bb05340954cfecd80dc9342dd0348cc1afa6882a3b4b3794d4fe5b80

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir4400_665214244\CRX_INSTALL\background.js

MD5 c288ca276316ee0bb6cf111e6ff664de
SHA1 a1c83764319f122a88b7274985c4d34e6e073e5f
SHA256 9d4625f1d8edd3a0682f86e34b606b1a9a66a9b2f36f9439fdb470af85a48f42
SHA512 cd6a0e95df19e184e383e5403177a96bbdb29fd2c8c471705a9cedbb7f55c0469e807c376a52b16f6eda437780d4263b19f617c8fa47899cc8df47c28de57673

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_361087340\CRX_INSTALL\contentScript.js

MD5 1d61d5c9b26317049a3146f54fba151b
SHA1 5c99e0a7a24edec1fda4efda3da699f23af3b496
SHA256 2bca9c8754de24fb5e6202f72c8ca085d2d82d04cf4a74006ae6d2583cbcf005
SHA512 575704a8c97b61ca66d7e419c6764ab5dc6738a2811f30e8ef293b5b28b3e4b780a62b3ba678922450b6b486f5365aeab54f195c12f58176db19282e48eb6280

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\boakgmelfgohkobfagbmnlnmpccbnaif\2.1.0.334_0\_locales\en\messages.json

MD5 6d5e76084c6a0a7cb86266076d008f66
SHA1 8779caf904bbf4b0e19423511fd4a3ed7a92883e
SHA256 d5ec69a6394640ad458b698dab3099632dbdadb25e20dcb002430229e711b386
SHA512 8286efad1963598817ee38236b1b9db150365e55823fa50f67f2a0f8ad29b8369705881f4767c8401a3228209e7cac919cd25aef4e5e10162d4bf57676020241

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_361087340\CRX_INSTALL\css\fonts.css

MD5 222b7ccb780369911363033e77ee7aa3
SHA1 4b583b94fd1fee73a39b28a0aca1708b99adc260
SHA256 06ffeef3e678be1a8c9fd3907510165a13c782ce9f1c01364ca5f6b6f2c8a9ce
SHA512 907f9b8ee33cf37a577e89eff48d18af3b1b8473d1da0ec1893c5de7f060943cd54000adc24ff9a775996f17886be20a6d3dd761ce27c7f63f36434ea7408140

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_949030302\CRX_INSTALL\img\common\extensions_page\icon_16.png

MD5 67816b9f9f56727c41d64793d0eb4902
SHA1 99dee423dc2ec6ddb923208240b2fd13409c8ca5
SHA256 7b9847ea5d27c37df0430ff4056ecf18b2248d18a10d7ee1cd7f8908f0a82d5d
SHA512 6fab420866894593620e95ce3cd988e6a9525b6bdb0b4577f8ee5fe513f3ba187996ccbda9d0b54b493122136e52c7bd179da22cd8106725f24401816429a3c7

C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_1746507158\CRX_INSTALL\_locales\en\messages.json

MD5 9764406c182b5e377dc9e8023968e82e
SHA1 53999b0d5620d8e80f357edf7230560feec1d40b
SHA256 d8254fc7b70c9f3f5e16176f6bfba0fabf44e10de59b4a32ad53a5fcabf15b2c
SHA512 5b6595aec0cf73c52bb74f5b97ed92cb21fa68649911027328dfd89a0445d03bf26322fc98e410f9eaa748c01128058dfa55ae912ea5b6db6a73a433327efc8b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\en_GB\messages.json

MD5 b8645df606dd756306208ec441e9c0dd
SHA1 8ebd4f5103dc792b6a563768d1c3d6e3b4729c54
SHA256 6dde990f4e64d1ecbde90db9d3939f33b3b5c3d1b89704dbb8ec84df8f046de2
SHA512 25b256e3ae975c4928d1ab696e821a4be3d5534090902573136f9cb9e3c8005e77e159918d418eb6d6a2c6c7156564d7e7846fb4ab923494ff0d2b0df1304011

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_metadata\verified_contents.json

MD5 8812b25c089f19967e2fb3bf69f61bbd
SHA1 f71bc3691f99e3c89831c5902f3bc14f67b85127
SHA256 a4211fa0704d1a9bf664d7cf309d8aadd2374f212fda1b21fb09118aa0eb2afc
SHA512 67f509e96fbc6eeb17c452603ec69838f988905522816458e1848d604b118b755fe427001a222244fa108b22717c506d29e69ca804451f7f8c0c237e83b7e6ee

C:\Users\Admin\AppData\Local\Temp\6f405ca0-065a-4757-b423-ce54656ba7a5.tmp

MD5 23905ea78979b66c6d307de1ba55cea8
SHA1 73c187582cf3a843367751b565180dbdd88498fd
SHA256 d3e2dd4dc06d3f0feeeb44ca24cd60d076931ff6c0ac1692b509f40f58d8595a
SHA512 a32f59e91c5be60eb032f33a5ff799e125143e9da4d93ae0b57abdd80b778ff0001ea28d553a947560b54b9d214ac96e5d0ce98d36d655b26f1b6d4ec64dbeae

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 25de1f8a3c880c7e327db3cd68a3a0be
SHA1 f80c286270dd7985e0df679ce8060ca7fa1089be
SHA256 8f0b4932f67078beb083eeb6d7dbe06a2e6d6d19003932ab4d05111032dd120f
SHA512 d29bfaae9daf375e81d15c3ea577d5c3243b17f455eb9dce9eb65149fe72c557ac24811544ec8e6b1e5cd58bb26bf3c25915f400196a6d4d0908e8c7a97119a0

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

MD5 9acea55fb99bc7c4e88366256887bb51
SHA1 68ada506a36a3a632cd998076bd5909fbdfe9aba
SHA256 8d2baa2ae4e78e4e795627aed288a014a652edd164c95e841cd8ace65a102c1e
SHA512 f5b54b750dca48e94e73ebe4f3c39bdf9509a75c28e48ff860aed1cdf48fb6db89c1d38c27fdd482142f4f2fa250b883b3c449ba94e86c2b1ae9d6975a1c2c4c

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68a10370cf952040dd2e981269bc9a2d
SHA1 8af882f95113fda55be182eea2a5cb8b6e0bbcf9
SHA256 cb6fa69efc50d81c236db6fc5905e566cb013e9505b5df86823eb82390ee4f5f
SHA512 df41d78ac0b410f78109d47477b2af09ec829578fee8596719cc29475f717428507600d400a3c53f2823d1bab7ba3c2d75f63d07dca3a0af9b23831eeb3c2ba3

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

MD5 10a29f06e6f231fef0eb58c1e94b8c86
SHA1 c076afc8204c43a87d8cc3ce931ec5a888d00e39
SHA256 e9bdbf2f7d02a7de314dd7865d9575aa29326868d9e16d21f9dfdb800f1974ad
SHA512 aa80db8d6dff6211308ddbffd3d85bb5f856a560799b7cc56999e1927fa91bfeae6858231ec4a21bda16a3d04d4026725917d2fb72395dc14022d0c99dcbb7ed

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5864ef.TMP

MD5 35155d383526244bb40bdcb047ea5d2c
SHA1 dbbf72ebb635d48ff47b54953f337bca6f74a785
SHA256 c1052e650a34b885abcc9cc1bbf0214bf1f18d9001ffc287f1907d1dcf0ecbbc
SHA512 d8d59f5a3f8052321177540d2318aed3b559aed98feae03bb7de1d055820cf35ff23f7d6a113caf4c0937d80e5d789259e36923d1851403ea9fc605197c0033d

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

MD5 121bc1b3354d0b5c09ebd779a5614d09
SHA1 573dabdd52d00d0ab36ed07ee110a345ad1c7ac9
SHA256 79446c5569766feb1ff7c946a1657acbe608cd1126028c7530efe37f473a9e8f
SHA512 a7c1ce1ab4d938a787c9bf27f34476b2a0a965844b7822b98e5ec27cf97e4a5f80b542d7fa203ef9a7a52171521db5bc402fd7600bd77accf9348e0a81f8aa9a

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

MD5 673f6cc71b88c7ab12ab10d515518285
SHA1 05a627cc8c17d4473e54939a9d7907acbf2a541e
SHA256 2ab75f442e55a222921f9b4cd23c69e383eaaad66a5106b5b1db8ff3029445cb
SHA512 ab662a9222f7229f30d2a11b28a70c862833d9d904c37755139f4f39e9d00a26638fb08523f965af382ef1d044ea517c832e6bb09350ed7761678c4c780c0a52

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Bookmarks

MD5 b43507ad36173c35b1b7518b438b5391
SHA1 b5f03a2e8b85f199bfea7a0d4a65e665f9ce98cb
SHA256 40ec339a3abae43429d0e71231d104a52477147c477a46531375dbdaac5b3eeb
SHA512 1c32c82d7ceb3e3c1f70ae4c64986f30e339dce6d96c20b8adbaa6d02202cdb2395a2260a0957040200767a00cb91cc78b890824262ca93200a045236ad98644

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk

MD5 d8f9cd0c3ad96f072c3fbb134c0ffc81
SHA1 e2f611fb73b41321958363d002caad98258d7aa8
SHA256 54f422cb9f3be784375c4f9e3fc308ca650fc10e257b21ae5634bfe3f87a3142
SHA512 65e44c38a6c4297b81390b0f99fe250fa4180768a27dcbbde6030617f112a77fffc21eac302a4d7f5088d24e3d18011aa0eef07536e2030270aca3707d770804

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad\settings.dat

MD5 ab39f4e5a46a0f1d8099bf474c545179
SHA1 52a339114143b2e89536a609b9a6974e44c9832b
SHA256 8d8c7ff5389da498ed945261749a8776383e20bc3447efab08f5ba15d9c183fe
SHA512 95e4b0c55121f14d7ddcb80e43cc55e87aca834a6d17980a40b3ec9d81e7c9a87d3b7efd7c44fa54bba4ffd49b33137d3ed57d6dc539212c96ea168bd07f02c6

C:\Users\Admin\AppData\Local\Temp\nsm596C.tmp\AccessControl.dll

MD5 c36eb8336b91d277dfa8575eb00d6364
SHA1 9ec81b49e7675548449e010950bc50bff7cbc960
SHA256 4336e05960fee8c775b343209911f14acbfdde1e8d5aa9d1f0ea680fb4407307
SHA512 0abe6e367d1c934fec8a89617b5fbfea5ab7f8e557ada7a667aedb495f637c8782a2f4723c2d68b9edae4f426deb5bbc0536f643fc65ecc2cd33295078474394

C:\Users\Admin\AppData\Local\Temp\nsc4DB4.tmp\sciterui.dll

MD5 f40c5626532c77b9b4a6bb384db48bbe
SHA1 d3124b356f6495288fc7ff1785b1932636ba92d3
SHA256 e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
SHA512 8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

MD5 86b85a8d0a6265ef1a914b272f6996c2
SHA1 a0ad814f0e1c6dd0f58db7e1a1706f37ea43c961
SHA256 1b12692342b850e1f70f64915213ef1087df40e2edfe1b275eb188529da7a2cf
SHA512 c7cec3916fc114d9340954c0204de2963911f6bce6a77b679d7998f72e34c3c2f1036e483bae4470f2eae086c6d05ed9f2f619ef836eac1f37f4edbfac96fb02

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

MD5 297a4fab754bbf0262fb986ada2f28a6
SHA1 08188ba1c0c38a3284ae31dceae1b05a02c677ad
SHA256 c93f9c66143aeadfd1f7a07dc3b30538c31500eb1f4fec871dde597129a56341
SHA512 741162090d9bbe7c4cb44282cf595d51e1bf20d478df200bc59191fa5b98db185f0c04a54b231c00c7f0bdee50c357cd4463d2d7777f80c54adf988d1fb5690b

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

MD5 95e9e2dd81befc90f6016889891868e8
SHA1 2e9c1f80d595950643c415e65fad1d33b7e5992f
SHA256 2ca055a1dd153d48aaa5a514acf3c03d46db8a806d7cdcfa04dc73a6397f2796
SHA512 ec2d91b38d28e07f8d126dad48fe8093f3a2531bed6f8e6d72129eb7c93ebe47c920d665cb27471e3c718b0c77a79915f51408a45ff54991e8174494e6047b99

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\TransportSecurity

MD5 cb1a9b9e83f8c980a885a158c5b395fa
SHA1 cab1f1c9ed66ec76bc93d9d48287c8691769e0ae
SHA256 0d022ca578d3ce6c81550cb9c61156c4e2123f4ac17bac290b24080641e07a81
SHA512 5e2ede1a048830d465111e39ce27a9841507854b2b9b186f8151163a94a2559850b5c150799d8e364ed2f7992555390fb7eea197cbaaa6325e0be8cb70d7ed6a

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98afbc4d17c2f04cc37ac52f434c3d4a
SHA1 d20b64fd487e5aa2b3ffddb4c7edf0e9c233f960
SHA256 d8b8e6d4e925819ac2adc6d1109c2d2abfac11ada69f43ffc47cafa76ef41d67
SHA512 e4f0102fa38d43d48bf3a3ad9ac095d2523cad5f5f9b967ce92da90cb02e7fded09e6ff4c68e63064b41f931f766f4e3abebe2538d50d5ea1325fd10e1a43632

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 07c614e601c4fc7c70921f34603187bc
SHA1 f829f1e72e5745da1109d186e8f6c88cdaf12934
SHA256 80c0541ccd5418081442fed21a428d6f1f6b81b44d8c0c10da6601c249b6850f
SHA512 f74e049f993989499e423a7b45684e60a18ff3878a42202e23694881ebcfc10e82e02b769f259406ef164da976979d602c3f504a2241f059994eddb24e402af8

C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

MD5 562515852b61920a3ef629062615e26c
SHA1 7523fd8f7fc6ed4db62cca50142c9243e0925df0
SHA256 0d894b51c7c993de263360317ad78a475aae3a4220dd781b02c060688a7499fc
SHA512 846286beb98e34daa995b62affc7e34bf3a12402ee2df1d632191c9132dada84291714df1252fa2eac636fae0071adbea29d4a8a80bd85df9965bc8b6f3aba56

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\JsisPlugins.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-04 15:21

Reported

2024-06-04 15:24

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\rundll32.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3456 wrote to memory of 4112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3456 wrote to memory of 4112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3456 wrote to memory of 4112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4112 -ip 4112

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A