hxxps://github[.]com/topics/malware-database

Analysis

max time kernel
1200s
max time network
1195s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 18:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/topics/malware-database

Score

8^/10

bootkit discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\StubPath = "\"C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Localized Name = "AVG Secure Browser"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\ = "AVG Secure Browser"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0"	AVGBrowserUpdate.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	aj8BF5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	aj8BF5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	AVGBrowser.exe

Checks computer location settings 2 TTPs 26 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowserUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	avg_secure_browser_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	aj8BF5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AVGBrowser.exe

Executes dropped EXE 64 IoCs

pid	Process
6844	avg_secure_browser_setup.exe
6900	aj8BF5.exe
5968	AVGBrowserUpdateSetup.exe
1728	AVGBrowserUpdate.exe
5996	AVGBrowserUpdate.exe
5348	AVGBrowserUpdate.exe
6492	AVGBrowserUpdateComRegisterShell64.exe
1564	AVGBrowserUpdateComRegisterShell64.exe
4928	AVGBrowserUpdateComRegisterShell64.exe
4132	AVGBrowserUpdate.exe
3620	AVGBrowserUpdate.exe
5188	AVGBrowserUpdate.exe
460	AVGBrowserInstaller.exe
5384	setup.exe
6936	setup.exe
796	AVGBrowserCrashHandler.exe
5732	AVGBrowserCrashHandler64.exe
2164	AVGBrowser.exe
2240	AVGBrowser.exe
6060	AVGBrowser.exe
4872	AVGBrowser.exe
6808	AVGBrowser.exe
3944	elevation_service.exe
6728	AVGBrowser.exe
6768	AVGBrowser.exe
7012	AVGBrowser.exe
6264	AVGBrowser.exe
6612	elevation_service.exe
6828	AVGBrowser.exe
4884	AVGBrowser.exe
212	AVGBrowser.exe
6348	AVGBrowser.exe
1936	AVGBrowser.exe
4752	AVGBrowser.exe
4636	AVGBrowser.exe
6320	AVGBrowser.exe
3900	AVGBrowser.exe
5116	AVGBrowser.exe
4100	AVGBrowser.exe
6316	AVGBrowser.exe
5340	AVGBrowser.exe
7032	elevation_service.exe
2088	elevation_service.exe
7080	AVGBrowser.exe
5792	AVGBrowser.exe
3324	AVGBrowser.exe
6376	AVGBrowser.exe
5648	AVGBrowser.exe
5272	AVGBrowser.exe
4084	AVGBrowser.exe
6180	AVGBrowser.exe
5136	AVGBrowser.exe
6664	AVGBrowser.exe
5292	AVGBrowser.exe
4432	AVGBrowser.exe
3796	AVGBrowser.exe
5916	AVGBrowser.exe
5952	AVGBrowser.exe
6804	AVGBrowser.exe
5428	AVGBrowser.exe
3252	AVGBrowser.exe
1728	AVGBrowser.exe
7084	AVGBrowser.exe
4752	AVGBrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
6900	aj8BF5.exe
1728	AVGBrowserUpdate.exe
5996	AVGBrowserUpdate.exe
5348	AVGBrowserUpdate.exe
6492	AVGBrowserUpdateComRegisterShell64.exe
5348	AVGBrowserUpdate.exe
1564	AVGBrowserUpdateComRegisterShell64.exe
5348	AVGBrowserUpdate.exe
4928	AVGBrowserUpdateComRegisterShell64.exe
5348	AVGBrowserUpdate.exe
1728	AVGBrowserUpdate.exe
1728	AVGBrowserUpdate.exe
4132	AVGBrowserUpdate.exe
3620	AVGBrowserUpdate.exe
5188	AVGBrowserUpdate.exe
5188	AVGBrowserUpdate.exe
3620	AVGBrowserUpdate.exe
5188	AVGBrowserUpdate.exe
6900	aj8BF5.exe
2164	AVGBrowser.exe
2240	AVGBrowser.exe
2164	AVGBrowser.exe
2164	AVGBrowser.exe
6060	AVGBrowser.exe
4872	AVGBrowser.exe
6808	AVGBrowser.exe
6808	AVGBrowser.exe
6808	AVGBrowser.exe
4872	AVGBrowser.exe
4872	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6060	AVGBrowser.exe
6728	AVGBrowser.exe
6768	AVGBrowser.exe
6728	AVGBrowser.exe
6728	AVGBrowser.exe
6768	AVGBrowser.exe
6768	AVGBrowser.exe
7012	AVGBrowser.exe
7012	AVGBrowser.exe
7012	AVGBrowser.exe
6264	AVGBrowser.exe
6264	AVGBrowser.exe
6264	AVGBrowser.exe
6828	AVGBrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 23 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6\\psmachine_64.dll"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ServerExecutable = "C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\LocalServer32\ = "\"C:\\Program Files\\AVG\\Browser\\Application\\124.0.25069.209\\notification_helper.exe\""	setup.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGBrowserAutoLaunch_2539D9FFF1F40C0A976762D6C815D3E3 = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\""	AVGBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGBrowserAutoLaunch_2539D9FFF1F40C0A976762D6C815D3E3 = "\"C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\""	AVGBrowser.exe

Checks for any installed AV software in registry 1 TTPs 11 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	AVGBrowser.exe
Key opened	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	aj8BF5.exe
Key opened	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\AVAST Software\Avast	aj8BF5.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	AVGBrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	aj8BF5.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	AVGBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AVGBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	AVGBrowser.exe
File opened for modification	\??\PhysicalDrive0	AVGBrowser.exe
File opened for modification	\??\PhysicalDrive0	AVGBrowser.exe
File opened for modification	\??\PhysicalDrive0	AVGBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	aj8BF5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\fi.pak	setup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\resources.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\LV	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\BS	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_312533712\privacy-sandbox-attestations.dat	AVGBrowser.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\eventlog_provider.dll	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\SE	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-en-us.hyb	AVGBrowser.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll	AVGBrowserUpdate.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll	AVGBrowserUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\ME	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\ID	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\goopdateres_bn.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\de.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-or.hyb	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\goopdateres_th.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\HU	AVGBrowser.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\en-US.pak	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_8116142\_metadata\verified_contents.json	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1994241887\manifest.json	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\PL	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\PG	AVGBrowser.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\aswEngineConnector.dll	setup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\bg.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_715898789\LICENSE	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\ZM	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\BA	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-nn.hyb	AVGBrowser.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll	AVGBrowserUpdate.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1994241887\ssl_error_assistant.pb	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\CI	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-ga.hyb	AVGBrowser.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\notification_helper.exe	setup.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll	AVGBrowserUpdate.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\pl.pak	setup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_8116142\keys.json	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_724148793\crs.pb	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\VU	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\AM	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\goopdateres_hr.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\am.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\UG	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\GM	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\CY	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\AVGBrowserUpdateHelper.msi	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\BJ	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-kn.hyb	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-ka.hyb	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\AVGBrowserCrashHandler.exe	AVGBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	AVGBrowserUpdate.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\chrome_200_percent.pak	setup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\hi.pak	setup.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\Locales\ro.pak	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1619896531\_metadata\verified_contents.json	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\AVGBrowserUpdateWebPlugin.exe	AVGBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll	AVGBrowserUpdate.exe
File created	C:\Program Files\AVG\Browser\Temp\source5384_1697589204\Safer-bin\124.0.25069.209\libEGL.dll	setup.exe
File created	C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\KR	AVGBrowser.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-cs.hyb	AVGBrowser.exe
File created	C:\Program Files (x86)\GUMA8BC.tmp\goopdateres_lv.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateHelper.msi	AVGBrowserUpdate.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4E7E.tmp	msiexec.exe
File created	C:\Windows\Installer\e644a7b.msi	msiexec.exe
File created	C:\Windows\Installer\e644a77.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e644a77.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 11 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	aj8BF5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	aj8BF5.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AVGBrowser.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	AVGBrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	AVGBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	AVGBrowser.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\Policy = "3"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppName = "AVGBrowserUpdateWebPlugin.exe"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6"	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513C6D01-E4A3-4F34-9BD9-3D83C35A3498}\Policy = "3"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppName = "AVGBrowserUpdateBroker.exe"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28E08968-59C8-4A77-BEBA-12C9394AE077}\AppPath = "C:\\Program Files (x86)\\AVG\\Browser\\Update\\1.8.1693.6"	AVGBrowserUpdate.exe

Modifies data under HKEY_USERS 37 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineIdDate = "20240604"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	AVGBrowser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = 8c180000dddb2efcaab6da01	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\hostprefix	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\endpoint = "update.avgbrowser.com"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVG	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619983374092741"	AVGBrowser.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	AVGBrowser.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1"	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AVG\Browser\Update\devmode = "0"	AVGBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = c70853f1f06c1802ef27c8ba2d0eea2dd9577e8c2952c237c9cc7cef170af187	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7EEA7BDE239E6384EA053D0B7B67C65B\ProductName = "AVG Update Helper"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7EEA7BDE239E6384EA053D0B7B67C65B\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}\InprocServer32\ThreadingModel = "Both"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods\ = "10"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CA348B59-06AD-4482-AD87-966302908F0F}\LocalService = "AVGSecureBrowserElevationService"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ProxyStubClsid32	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.OnDemandCOMClassMachine\CLSID\ = "{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32\ThreadingModel = "Both"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib\ = "{358EC846-617A-4763-8656-50BF6E0E8AA2}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods\ = "24"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ProxyStubClsid32	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine.1.0\CLSID\ = "{BEBC1D02-EC16-479A-83F6-AA4247CA7F70}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{28E08968-59C8-4A77-BEBA-12C9394AE077}\ProgID\ = "AVG.Update3WebControl.3"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\VersionIndependentProgID	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\InProcServer32	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}\ = "IAppBundle"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AvgHTML\shell\open	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreMachineClass.1\CLSID\ = "{23AE0B95-20F3-4632-A2AE-C3D706E1D5D9}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BAAD654E-4B50-4C9F-A261-CF29CF884478}\ProgID\ = "AVGUpdate.OnDemandCOMClassMachineFallback.1.0"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40C1C1D3-AAEA-46EE-AA2B-79A2CC62F257}\VersionIndependentProgID	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{358EC846-617A-4763-8656-50BF6E0E8AA2}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods\ = "4"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\ = "Update3COMClass"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\ = "CoCreateAsync"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B80EC6B9-55FF-4E4F-B4E8-9BD098DBBAA5}\VersionIndependentProgID	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ = "IGoogleUpdate3WebSecurity"	AVGBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\ProxyStubClsid32	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0929891C-854C-4BFF-AE54-7EE10636719D}	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebMachine.1.0	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C0BAA6C-52FD-4A3F-8731-F588C5E8F191}\NumMethods\ = "8"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CredentialDialogMachine\CurVer\ = "AVGUpdate.CredentialDialogMachine.1.0"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgHTML\Application\ApplicationIcon = "C:\\Program Files\\AVG\\Browser\\Application\\AVGBrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgQH\Capabilities\ApplicationDescription	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\VersionIndependentProgID	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\ProxyStubClsid32	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\AvgHTML	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{30612A81-C10F-498E-9163-C2B2A3F81A14}\ = "Google Update Legacy On Demand"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}	AVGBrowserUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	aj8BF5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	aj8BF5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	aj8BF5.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Unconfirmed 708596.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 708596.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\Downloads\Unconfirmed 972030.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 972030.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
1804	msedge.exe
1804	msedge.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe
6844	avg_secure_browser_setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2120	7zG.exe
Token: 35	2120	7zG.exe
Token: SeSecurityPrivilege	2120	7zG.exe
Token: SeSecurityPrivilege	2120	7zG.exe
Token: SeDebugPrivilege	1728	AVGBrowserUpdate.exe
Token: SeDebugPrivilege	1728	AVGBrowserUpdate.exe
Token: SeDebugPrivilege	1728	AVGBrowserUpdate.exe
Token: 33	460	AVGBrowserInstaller.exe
Token: SeIncBasePriorityPrivilege	460	AVGBrowserInstaller.exe
Token: SeDebugPrivilege	1728	AVGBrowserUpdate.exe
Token: SeIncreaseQuotaPrivilege	6900	aj8BF5.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeShutdownPrivilege	2164	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	2164	AVGBrowser.exe
Token: SeIncreaseQuotaPrivilege	6900	aj8BF5.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe
Token: SeShutdownPrivilege	3900	AVGBrowser.exe
Token: SeCreatePagefilePrivilege	3900	AVGBrowser.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2120	7zG.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
8088	setup.exe
7680	AVGBrowser.exe
7680	AVGBrowser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6844	avg_secure_browser_setup.exe
6900	aj8BF5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1708	3992	msedge.exe	132
PID 3992 wrote to memory of 1708	3992	msedge.exe	132
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 660	3992	msedge.exe	133
PID 3992 wrote to memory of 620	3992	msedge.exe	134
PID 3992 wrote to memory of 620	3992	msedge.exe	134
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135
PID 3992 wrote to memory of 932	3992	msedge.exe	135

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/topics/malware-database
1⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1340 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1412 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4556 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5472 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4208 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1824

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=4492 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6168 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5728 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6292 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6148 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5192 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6128 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6412 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6152 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6536 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=6560 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6280 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6872 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=6936 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=4572 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6344 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7276 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7460 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ff88d9a2e98,0x7ff88d9a2ea4,0x7ff88d9a2eb0
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2256 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2468 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2584 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4348 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4348 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4640 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4664 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5396 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5676 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5996 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5836 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6264 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6404 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4928 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6676 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3832 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6756 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6968 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6772 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6688 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6388 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6496 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4992 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7228 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7264 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6952 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7408 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7760 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7876 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8000 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8140 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8292 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8428 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8716 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8844 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8632 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9116 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9256 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9464 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9728 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9852 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9800 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9836 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=9948 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10180 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=10924 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=11132 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9252 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6248 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9020 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11416 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10904 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11080 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11132 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11152 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11828 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11844 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12060 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12080 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12340 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8672 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:7156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9268 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9372 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10168 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=5716 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5476 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9428 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7752 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=4892 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10212 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10232 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=7480 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=5472 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7832 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11728 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6596 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11268 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=11084 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=10048 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=9296 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10988 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=10196 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=10224 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2260,i,17772328395151775289,11613898376778728290,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3752

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MEMZ.4.0.Clean\" -ad -an -ai#7zMap8500:90:7zEvent12143
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1360

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe
"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6844
- C:\Users\Admin\AppData\Local\Temp\aj8BF5.exe
  "C:\Users\Admin\AppData\Local\Temp\aj8BF5.exe" /relaunch=8 /was_elevated=1 /tagdata
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6900
- - C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\AVGBrowserUpdateSetup.exe
    AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5968
  - - C:\Program Files (x86)\GUMA8BC.tmp\AVGBrowserUpdate.exe
      "C:\Program Files (x86)\GUMA8BC.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
      4⤵
      Sets file execution options in registry
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Drops file in Program Files directory
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1728
    - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5996
    - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5348
      - C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:6492
      - C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1564
      - C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4928
    - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezQ1QzREM0IxLTBFRTItNEJEQi1CQjExLTk1OTE3MjY1RDlBMX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins0NDU5Mzk4Qy01Mzk4LTQ0MDQtQTUxMC05QjU0RUU2MDZENkN9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDQiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwNCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins3NUI4MzU4MC00RThDLTREQTItOEI2Qi0wQ0NGRURERUY5QTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTIyOCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMjIwNSIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4132
    - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9228&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{45C4D3B1-0EE2-4BDB-BB11-95917265D9A1}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3620
- - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
    AVGBrowser.exe --heartbeat --install --create-profile
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:2164
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff89e17dc40,0x7ff89e17dc4c,0x7ff89e17dc58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2240
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6060
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2256,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4872
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2356,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=2432 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6808
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3376,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=3408 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:6320
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3384,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:2
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:6768
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3728,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:2
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:6728
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4120,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:7012
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4280,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6264
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:6828
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4884
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:212
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6348
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5516,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1936
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4752
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5836,i,6220726380607146832,14758492046256333589,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4636
- - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
    AVGBrowser.exe --silent-launch
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    PID:3900
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0x7c,0x104,0x7ff89e17dc40,0x7ff89e17dc4c,0x7ff89e17dc58
      4⤵
      Executes dropped EXE
      PID:5116
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=2004 /prefetch:2
      4⤵
      Executes dropped EXE
      PID:4100
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2236,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
      4⤵
      Executes dropped EXE
      PID:6316
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2340,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5340
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3436,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7080
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3440,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5792
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3716,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3324
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3868,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6376
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4192,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5648
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4028,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5272
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4180,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4084
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4024,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6180
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5136
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4188,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6664
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4432
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5292
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3796
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5916
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5700,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5952
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5852,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6804
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5428
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6012,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3252
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5840,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1728
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6008,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:7084
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4752
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6600,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
      4⤵
      PID:6524
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6924,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
      4⤵
      PID:1520
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7120,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:2
      4⤵
      Checks computer location settings
      PID:7000
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:8
      4⤵
      PID:2664
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3520,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=7488 /prefetch:8
      4⤵
      PID:6032
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6900,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:8
      4⤵
      PID:6388
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3524,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:2
      4⤵
      Checks computer location settings
      PID:5300
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8116,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:8
      4⤵
      PID:5736
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7880,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:8
      4⤵
      PID:6396
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5272,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8428 /prefetch:8
      4⤵
      PID:6728
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6452,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8284 /prefetch:8
      4⤵
      PID:320
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8108,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8708 /prefetch:8
      4⤵
      PID:6752
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6936,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8844 /prefetch:8
      4⤵
      PID:5228
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7336,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
      4⤵
      PID:6504
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7332,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=9136 /prefetch:8
      4⤵
      PID:2452
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9368,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=9412 /prefetch:1
      4⤵
      Checks computer location settings
      PID:7512
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9364,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=9436 /prefetch:2
      4⤵
      Checks computer location settings
      PID:7524
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9712,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=9768 /prefetch:2
      4⤵
      Checks computer location settings
      PID:7468
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8272,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=9272 /prefetch:8
      4⤵
      PID:3924
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10052,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:2
      4⤵
      Checks computer location settings
      PID:7180
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3636,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8528 /prefetch:8
      4⤵
      PID:4644
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --disable-protect
      4⤵
      PID:7692
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff89e17dc40,0x7ff89e17dc4c,0x7ff89e17dc58
        5⤵
        
        PID:4304
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8576,i,1780285004690270418,18346611402686491060,262144 --variations-seed-version --mojo-platform-channel-handle=8596 /prefetch:8
      4⤵
      PID:4884
- - C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe
    setup.exe /silent --create-shortcuts=0 --install-level=1 --system-level
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of FindShellTrayWindow
    PID:8088
  - - C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe
      "C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff72adaa3f0,0x7ff72adaa3fc,0x7ff72adaa408
      4⤵
      PID:8072
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
      4⤵
      Checks computer location settings
      PID:7776
- - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
    AVGBrowser.exe --check-run=src=installer
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Drops file in Program Files directory
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious use of FindShellTrayWindow
    PID:7680
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89e17dc40,0x7ff89e17dc4c,0x7ff89e17dc58
      4⤵
      PID:7912
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:2
      4⤵
      PID:3044
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      PID:5612
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2368,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:8
      4⤵
      PID:5492
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3224,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      Checks computer location settings
      PID:748
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3220,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:2
      4⤵
      Checks computer location settings
      PID:6904
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3792,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:2
      4⤵
      Checks computer location settings
      PID:5244
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:2
      4⤵
      Checks computer location settings
      PID:6668
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4848,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:2
      4⤵
      Checks computer location settings
      PID:5212
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4896,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:2
      4⤵
      Checks computer location settings
      PID:4836
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5208,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:2
      4⤵
      Checks computer location settings
      PID:7236
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\AVG Secure Browser.lnk"
      4⤵
      Checks computer location settings
      PID:212
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
      4⤵
      PID:5844
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --disable-protect
      4⤵
      PID:7640
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff89e17dc40,0x7ff89e17dc4c,0x7ff89e17dc58
        5⤵
        
        PID:8188
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
      4⤵
      PID:5196
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5472,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:1
      4⤵
      Checks computer location settings
      PID:7336
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\AVG Secure Browser.lnk"
      4⤵
      Checks computer location settings
      PID:5380
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:8
      4⤵
      PID:5028
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
      4⤵
      PID:7248
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6924,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
      4⤵
      PID:5692
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4996,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:8
      4⤵
      PID:6824
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7068,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=1556 /prefetch:8
      4⤵
      PID:6128
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2856,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:8
      4⤵
      PID:1536
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6900,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:8
      4⤵
      PID:5688
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6948,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:8
      4⤵
      PID:632
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5928,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
      4⤵
      PID:5504
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6112,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
      4⤵
      PID:7468
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6036,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:8
      4⤵
      PID:4632
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7052,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:8
      4⤵
      PID:7776
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5960,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
      4⤵
      PID:1472
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6736,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:8
      4⤵
      PID:1728
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6816,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:8
      4⤵
      PID:7092
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7008,i,14982890747310694051,6347220754335691546,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:8
      4⤵
      PID:7832

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:5188
- C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\AVGBrowserInstaller.exe
  "C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:460
- - C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\CR_C99B1.tmp\setup.exe
    "C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\CR_C99B1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\CR_C99B1.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    PID:5384
  - - C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\CR_C99B1.tmp\setup.exe
      "C:\Program Files (x86)\AVG\Browser\Update\Install\{BB713DA3-BC97-488F-A987-7BCDDD92B970}\CR_C99B1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff786c3a3f0,0x7ff786c3a3fc,0x7ff786c3a408
      4⤵
      Executes dropped EXE
      PID:6936
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
  2⤵
  - Executes dropped EXE
  PID:5732

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3944

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:6612

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:7032

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:5636

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
PID:7348

C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
1⤵
PID:3908

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c
1⤵
PID:6316
- C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
  "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /cr
  2⤵
  PID:5504
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
  2⤵
  PID:5736
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
  2⤵
  PID:3620

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ua /installsource scheduler
1⤵
PID:7820
- C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
  "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper
  2⤵
  PID:7108

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:6284

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e644a7a.rbs

Filesize
7KB

MD5
670354acab5ceb76d9c66048dc53ec05

SHA1
8156744bd416d32de9dcfe7415d14518b91b9047

SHA256
900e2fd8ff94dd53ef8c6cfaba4af1e927f79beefb88f63d810f99de2ccb3c76

SHA512
7a2056fe7d51b1ad8b460d53099d53d25dd266cdccac57aeac72b08794c28de772b93ca3abb34d2e7fae80e9ccb96cc252f3b86f2e7bfc08517775270176677c

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe

Filesize
149KB

MD5
f73e60370efe16a6d985e564275612da

SHA1
2f829a0a611ac7add51a6bc50569e75181cdfd58

SHA256
9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e

SHA512
2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe

Filesize
170KB

MD5
deef1e7382d212cd403431727be417a5

SHA1
fac0e754a5734dd5e9602a0327a66e313f7473bb

SHA256
7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088

SHA512
6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll

Filesize
506KB

MD5
c6a2bff8e96b5622bf6841a671f4e564

SHA1
fb638e9c72604cc1b160385fa803b0ea028e5d5e

SHA256
7a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992

SHA512
22a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

Filesize
204KB

MD5
cbcdf56c8a2788ed761ad3178e2d6e9c

SHA1
bdee21667760bc0df3046d6073a05d779fdc82cb

SHA256
e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3

SHA512
5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

Download Submit
C:\Program Files (x86)\GUMA8BC.tmp\@PaxHeader

Filesize
28B

MD5
0b63a85d645b1194474f69b78f6d957c

SHA1
2fc8627e90288db6be87cd0843fab966a3eec575

SHA256
913251faaf64436496e3a251d28a8c3e72c940a454ceefeb673ec0b2faacd85e

SHA512
9ec98ab185bfcfc2080425de3c237c1bd4e97f9e65fbe249ab9ff9c7eff0f48adc249df01820ba7c008df09c40ddd222649004746d59d4339e999dda5441b662

Download Submit
C:\Program Files (x86)\GUMA8BC.tmp\@PaxHeader

Filesize
27B

MD5
939ee98d23d3ce9a0c8a0fe9aac02cf2

SHA1
b48224bddd5ad890d749f1dd16de6f9c5d9b2af5

SHA256
cea3426ac194b93a31f869d26e69045effc10a0d89962220724557136625ba39

SHA512
caddc19a06aa9bba35641c5b8b2055c18e7f8c89f0603869be5ef7b283c83ab4efc1213ba18c536007babc492ced62e406ba34af96c3a949d3378b5cae0ad881

Download Submit
C:\Program Files (x86)\GUMA8BC.tmp\@PaxHeader

Filesize
27B

MD5
fc8ee03b2a65f381e4245432d5fef60e

SHA1
d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f

SHA256
751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4

SHA512
0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

Download Submit
C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe

Filesize
5.8MB

MD5
acb51434fd82eb460b052f05950b8dca

SHA1
707d192db2ce7cefdefce3037dfb85a18b8811f3

SHA256
29ffa251cb267969af445eb664df04d1a7badbcade61a7f754de42b6d4340055

SHA512
013dc0abcc9760c6298b7e48007eb1ac4bc2e453f06c1ce4aff218f50cd1e2c4bb44ad6bc5687edb057df8b0e38fa0aaada7a8d045ed08412278d3031527229d

Download Submit
C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe

Filesize
3.3MB

MD5
0dfa65976da7822db99118abf2a50cc9

SHA1
a06feeffd56b3ef7a227e64099fc0213514d7879

SHA256
f9f61393559bb1d76ab630b11953ec20c7a0d5979e48f27279e7bb0a92abda26

SHA512
41cb3ccc7a2aedb2b17517de1dac905adaf9db797e1fd487e7853438c2936096212582b20bfefe03e267e0e1650af503b802a13c43f0a55a6b803beb1f93ee56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1190999956\manifest.json

Filesize
196B

MD5
898f5b3c1b9e44506bd7a511321440d6

SHA1
0096290f45fe065bf6ee65e535cf5b2ce6949276

SHA256
9d00037ba16af20e96e2afc34f260f0e51183904c8adfbb0c2fa96ddc7a16f81

SHA512
0cf4ad588afc6df659809325f582f64aaaf1ee3661893dd76209ce3036ac553518ee007666faf7c08a0f2742f8eb528c8cc0c181d1f62e182bdd14e1553c3f9c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1432170128\manifest.json

Filesize
108B

MD5
55d0da4886efa9d373256980afe0b0c4

SHA1
495d838f50d5e76226480487be4770fdf289bf2f

SHA256
816e30826889f2e140b03e0c7cfdcd31dedb307c30712b017843080b271891a9

SHA512
0591312ee7c3e51cd0b2c13cd97aab7f65fb8fb1eaf65ddef3e3a7a49218893e1827ca3b217ecacfeb02bde8926ae81ad893db1031b2e891d2b06aff6a6d5327

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1525030179\manifest.json

Filesize
300B

MD5
db7eb7e54eed7c7a94fabef1ff06ffce

SHA1
59ec7c4812b8281eedee765e052d280ef6d14be1

SHA256
dd43b3afeac53c5756b53b5a987feb96ca78d2016c5513a971b2d570a959c0d0

SHA512
eaae4182dbbd8c53a83cefc0070c1ba4542fdbf912e39537054f2fd5eef3ab0a6247f37d17acab31859a72fe69b2008d5ea5ff04fde3fb31666c2cada205ea53

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1619896531\manifest.json

Filesize
107B

MD5
5445b10f8d678cabb4a5795fc0020068

SHA1
cf927c4c61b6cf5904e5c14c96859c91339e6b8d

SHA256
04a1fbf295a781a4916d0d3d992b565760c8795a9e012d54df9704058937917c

SHA512
834c167a94c4198eae25541c7e4f67b0d54fdcc64cd32c68ade48e93a0c8b55718d9f7522216d8c2a96f3e89651fe71f37672ca9d1fda6c1478057fe721ffed6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_1994241887\manifest.json

Filesize
76B

MD5
4aaa0ed8099ecc1da778a9bc39393808

SHA1
0e4a733a5af337f101cfa6bea5ebc153380f7b05

SHA256
20b91160e2611d3159ad82857323febc906457756678ab73f305c3a1e399d18d

SHA512
dfa942c35e1e5f62dd8840c97693cdbfd6d71a1fd2f42e26cb75b98bb6a1818395ecdf552d46f07dff1e9c74f1493a39e05b14e3409963eff1ada88897152879

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_295397205\download_file_types.pb

Filesize
7KB

MD5
7aae1f30b2fe2adc7d9725b3b6959025

SHA1
e076252265e5d1563a656069e14ff767494729d3

SHA256
d4c314a43a880493dd8d1c579e1eaf1c7151eb608c0cea211b269251f8d03b85

SHA512
2c2852d1900eac5654f9d4b0f3182c5318a8eb7704706e443a2adee9a4cb8c04bb3e083d4624cd1aaf0386e27f4e3bb0d0ef3918c4a84827cf087f35602758dc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_295397205\manifest.json

Filesize
76B

MD5
5dff1a50b2c589ab1a127b0d434bfea6

SHA1
2fa5759534795059d942e64862fc77d01d160dce

SHA256
02a9a124bbc2a5fe39f5f07b042e63bef30fae2493a5b0cd06141068ebb39ed2

SHA512
cfbd287407b1f7aa8d8ddd0743adae580090a5805158d1c1d0b300c43ed38e6001ab496e5d18ccbb7e3cbdddc9c2f46461f6a4cf95638ff052eff009799b3b8c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_312533712\manifest.json

Filesize
96B

MD5
07c3789c5538dd955f6e54b9e38a8111

SHA1
e3b6a297abe9c89656fb9109213ce83c93d38a45

SHA256
78e6db805f2a9064e75e343eb379b516df4f7bee507dd8da301f23d58f405ce8

SHA512
15cec34959bcdd8bb0bc2bb9eb7dcd642367f339dea74089a3beeae85e226911318696ab27792588a7febabe27228f4db213634f96f214cf8bc0c2cef2a2f659

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_321394057\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_715898789\manifest.json

Filesize
95B

MD5
8b543f50c4d67cb5956e085afab36b6e

SHA1
ad28c78fa7d26c90debb4d16dbb36074c00e0b1f

SHA256
b6f6a4462fb1b0cd3b395243096a2e8d7a13dfb6de0707db26d2a52892350547

SHA512
bc47c75b71feffbc588a0cdd1103470a6168abeac240153e5fb12d4d1bc62c2d3551e17d6305f64d437bb76745e5c7fb9c161f05c1162545c492457438418cf1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_724148793\manifest.json

Filesize
72B

MD5
b602dd5374097110028a1f7242de5f45

SHA1
af69f4706e07063da5629a47c586b82fd5bdbc02

SHA256
85b7ea896f46bed2df9eedc9ca3dd5f3df561ec48b32c93d91372f85def192b6

SHA512
4556ed9d0aad065c1b243c50fdbd85f95b0f6d35c070f5a1c53954f777069a03024d574445191b6fa08c9b7102f8f3c977033b14dbc53b9ff89736f7fec3d798

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_8116142\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_8116142\manifest.json

Filesize
78B

MD5
f484730e3678d8a3d9d2e39ec6e43aa5

SHA1
01567fae3cbd5beaf099f5ccbd0a2f2d39f620ac

SHA256
dfc1e147364cce4708e0d4bad53e46669edc0cfe0fa9c78f773a8d5ee5bb7895

SHA512
ffb55a70258aaf3b6c3de39298cb0cd0700263c6cfb83ca26a798c41082925f2b45d49b23746d7ae971346b94e8f545f72b005b19e6f16b0955623a1313f9e33

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping7680_919252885\manifest.json

Filesize
114B

MD5
4c30f6704085b87b66dce75a22809259

SHA1
8953ee0f49416c23caa82cdd0acdacc750d1d713

SHA256
0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9

SHA512
51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\CertificateRevocation\8815\crl-set

Filesize
21KB

MD5
90120ac63fbcde0dc0dbc18afe9565d6

SHA1
1ed71edf748ed83470fa5de53d2bc9a81db03b0b

SHA256
5ff2f4fa3cda90c7f80662b8a85121d5fae6c4ae464f082eedcce60c9f548f20

SHA512
2eb9b60bbcc765ddeb9270e787aef76532e5b37ea7bc11f094b4ba02fcf083091c700a0f0826d3a5b56494e39b521c578fec90ba13c4e1a5db1e85a9c12e75ae

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c6ae5eab4108c45ec07645da6d9ca710

SHA1
3060cf09c2e97f9e673d7896119413da9526fd2a

SHA256
e94f26f8907876f5849aa2c8d23f0d9a2bb41bb59ba73fdc4b2eaf9a3e0ef52d

SHA512
b49e2a22426b501ea1773d2ec16ee64b72b3f4c1cad1acdca0d82939de6a35769d413224bad7da930c1276f955159582cf6b6c83b3f05a946b85963bd018925f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\7e70da57-1507-46a1-883e-962a7ee94ca0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Bookmarks

Filesize
36KB

MD5
bd24d8e7b72f14ba2fd27ed37258f426

SHA1
ebc04b26b122567baa4713a36abb01c3ecd1c607

SHA256
1f04227fd5d04048afe3e7fea45ffdec25b097fa18a643a5895c63d449154a32

SHA512
b0bf545e3634fe50b4495a567a24f464748776efbc549af22719dca20de71ac1b7011ec55437a6bc64777d12c58afe43fd317898357bd398ebe0016827ba1396

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b8714faad1caa2f18f3dc7e4a10224a1

SHA1
7bb094fcd730ba7238112d8979dd7b8edbae4575

SHA256
49bfd598969064da893d2365da1f1faddf23ea4f3cada22299ada44e063b7ad7

SHA512
5f6b96dfff4e3d32f0bfaecf67e26250c3b979a9533cf856cb27d8a711f0a5a272bd0c37401bce61f2d95cb299b082f78010a052baed2f9974844babe34c1adc

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
82928bc8fc212abcbb549a2304b42c44

SHA1
b58671988db98f427ad4cc45becac264cdcaf05e

SHA256
f07b45b54dfb72708bd94d6c3fb31b52bc2819c21cb1a50b21e5d2481e7e148e

SHA512
2bc6f27fed0b22f895d5d096a95ef44e0bc9a936fd1b9055f87ce1a13c48a52410406546bb824f84d15ac0026ce0b501e55d1e7ef4441bdc3c09ffc59a68925e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
96744f8998bcb048fa1b099494107878

SHA1
9c35cd219ecc8391f34944a3babd241f17bfbcf5

SHA256
c7e5097b97db6a2625bd725cf7e1d6d11412729163b26f4fd295256188e9391b

SHA512
3e4a0188d1a828ce097b478805f5f0dc24480a8d86147be83468727479fe44663d59a3ba5a3dec4b105384b562cd59c7f9369e3edbb4f2d7b5cd5f83c070b709

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe622de0.TMP

Filesize
48B

MD5
36d35fbaba932305b1b8d6351212fdbd

SHA1
0b0bfff7e7150e93ef4819a9e37b71869bd0c500

SHA256
b2c0322c4c5883f52d6783b4266e08e2dae68eb49a45bd35052a4e3502c29d34

SHA512
f9b23e6eb63a36af0d0c4d0304f55766692b7ce9fed9f2fb8f059305f9f8dda383f0c4199f3b0778d45da6f62c52c8c2143b6f6ccf660d3e85496889c2d3fa27

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir3900_586446958\CRX_INSTALL\js\content.bundle.js

Filesize
57KB

MD5
97adfec6bd687e9709445afc0c573c39

SHA1
1186a12a096465da449f1b0df7270dbc5283f4b6

SHA256
c103fc2d0a2484f40fa091e188ead5757b737bd86d2a926488062436df8cdf50

SHA512
e242f0673a8cd0f565a4dc79937bf8280421e2d90a0d7ac6cc18ffbc0b54a692edb714d9edf49d096c88cddc6465df086c98203d1abf960ac66e1186730bd009

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir3900_586446958\CRX_INSTALL\js\fpattr.bundle.js

Filesize
17KB

MD5
7580759316acf0e6d7a16da84559e6ab

SHA1
f17ead86d623eb3527243ea6c6f5512a66fe7186

SHA256
f11caa7844dac279cb19b87a7704e4982804a131b5893ec436aa092df587b2c0

SHA512
181c4f78dd497539f010eb75e529f9fb48539d559eed5376860e4292cce86ac69b698d7791d64262cfc43454a98552a8a9bcfbf0c777e7e92f7cc67d035e59c6

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ar\messages.json

Filesize
1KB

MD5
a5d85d08654dacfc837f7b6f72e6dbce

SHA1
2cc8f59d687cf8b686a7349f9235a80328b2e354

SHA256
b8598beb9b2fc91a17f86ef9609f0d49cf016ea48f7d5d0535b163df9bfdb673

SHA512
376cefdff2af3e597eca7bebfcf2dc579058a92220df2fcd9786d4514bfe8c9f9436939d9c432693665f9262cee375b68e96d1dc9027f73f7a5a330af3b81171

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\bg\messages.json

Filesize
1KB

MD5
d945e162c3b5842b29e7a11f22479f97

SHA1
f0c697a96f230babb3198b445ddba14a33c6c846

SHA256
a18a2d8484517ed9584229d5cf58f6ad7618926210249261c29af14c6326a025

SHA512
48a1f5e071892b7ea6c54293595948d9858d0a725f7ee4f3ae6bec16cdce9116402f2272cdf06eb9ae3f8a53a45f3c490428fc5591f59331ebd082cc56e15b56

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\bn\messages.json

Filesize
1KB

MD5
b5af23ced9a7a5b995c9fcb1119dc2b2

SHA1
be85158410ab3c36673d5b8fa14d5da07d9530ee

SHA256
4cb40cb8eb1f2c1fc2a6691ac0d2b7138299d6dcb0c1836beeee8a43af12f7d0

SHA512
b3ffc042c7d4246e87a1c26f0fd31a6130347f8097a07fb64be57dad22d7b5deee9ed922be647edd049dedfe00c8f4c066fcda8481ad65b3b7f32ddbd1bac547

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ca\messages.json

Filesize
1KB

MD5
b1d37ded9d6e3569f955ddd213101059

SHA1
6cc5fa9f49c6bca83fe862a50b2f8e9eaf838e42

SHA256
1b20cc3de4bc55aa1af9a31618f5d07e630605774c7c92fca0862427b5a5de94

SHA512
095461240b28552b730ad24dead2b7b5191ba8c77703a1758e60c6097dde41834a3f6147cda5880bec52a363b2772025a55245f7138b515e87f9a64553b09d0b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\cs\messages.json

Filesize
1KB

MD5
3b971c847376f49c17fddd94d99ee14a

SHA1
06f57556597827c5f11fd80c335c055d83c0c63d

SHA256
162a9f2cb434afc1093581733aa643a1b0263f21c01deb24f26d4a3fed0274c0

SHA512
b2e1cde93cfeb327cf6e78d8b1a4bda800881e5f345d7e50fe7ec0359a422b2ec80be61f3b248b4230c72a07d55db8264ead7c0757c1c16b38b3d3ca94bd408c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\da\messages.json

Filesize
1KB

MD5
db729316339e408f888da652d099e6af

SHA1
747689da330277dbabbd2dc219febe22df744375

SHA256
b715724bba10ff50273fb7ac3685c5472ab01fc7c3024e7b457841881b7c8707

SHA512
5c52b71bf8f1a832d8e04f7f8be3e88ff8798632a3aaf89ce3550adc3aa41d3ba10f020e0fa9d95aa96b490827d900f8e2d4228ab79c737d2157268b31e09700

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\de\messages.json

Filesize
1KB

MD5
3c651f7432afe9d495c57abc69c30b62

SHA1
f0d6d0084a2b54b8ea2fa9f21c047341e42c762f

SHA256
0cf5f828601348cdd46fb6c260099d1846edf1b6f4a009e5c719a55e50ed3bc7

SHA512
2193461a027d5ab8df2defef283a36362e845068faafa7ef040c308532a4894c40dd6b47a121739ca7b6fd683df9443053bec46e3073ef573da2dbfb270b4fd5

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\el\messages.json

Filesize
1KB

MD5
9288729963e1230a74efbbf071de1fff

SHA1
17a438183e94c336a9a50e631074fd43b7d852b8

SHA256
c647435b41dccaa5f77620a0f4d423e1f777f5f0738ad706de86571f7ad76482

SHA512
d4d2dc015cb0a4cecd456799044c31958e4d281adf6216db6f73c24eef4e06e7f6aa3320c1abee96a63f978f5c09897f8e0b78237efe472d50ca087db38bccc6

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\es\messages.json

Filesize
1KB

MD5
b87f24a632f1394f2b4d953eb851d522

SHA1
06b230390c38da48e958e38927c4f27bf4877c4a

SHA256
bb68ef6c46d390012368e42a08314c4653697cf0e4e6c4c8f76b788056d4dc87

SHA512
6126293d7917220d8b28ad13df87d1cc0757444c139058d144282bb4763527e0a1abbc86225448dd7f315807c3808e513670d81092afe6cc801f2f83379e9424

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\et\messages.json

Filesize
1KB

MD5
ef87cb0ac7a3b415d75cdd36be6f4828

SHA1
f68f606d8d6ea71240ea1bc88d04f5b0ddd9b170

SHA256
0e56ef46d2c21ac8e1870f178b91f45a4726baa3424b2e89bf1d35ee01e25da8

SHA512
60f98c8feb52eb35a995edc1c840847f27fbbe666b894551ae41dd4121a8679e5b84002a1e8e932ea7d73f3826c46b10b31dff4c06b38d158a690c045bd220b0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fa\messages.json

Filesize
1KB

MD5
b37406066b6b248a9ae6be6d6b94c838

SHA1
d488c6e65357596a9178cb86db67183e9a7dbfd1

SHA256
84dc48a25f3697a1455743d80430def6027553ac41579e621e232ae3e153f46b

SHA512
259f9bd6619e44413a9110cef481f64b043dd820ccb8fa73893f32e71b3f33c357c6ab2dc981eef9a9f444051d8caa1fcb6128aaffd1fcd285a2724b28f6ed32

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fi\messages.json

Filesize
1KB

MD5
99bd1faef0a8d04fc945c3e11d31b151

SHA1
f5ea3cb156598052b99efce4eab2e9b64ac37518

SHA256
106d6f20de82ab642b825be080855448835e59fca46f6d6546c484502f8e6637

SHA512
3e652b08ce58f6f6f212fe62329cd441ca0fa362be464ddecbbf9a98c090082c69347820c7c8dde213061afbe5f12b98f7d76ca7bee135a757d10fa44d320601

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\fr\messages.json

Filesize
1KB

MD5
f53ac5863deb7bde23e127995c086f25

SHA1
99a4f59892d06747b51b363de267f466a72e8008

SHA256
c7f83f037f2a9561a79b66c7c5ba6ec230ec038b01ed0442832471d2c4a4ac08

SHA512
c93e65ec1a08d792997cb13676ad40539dfb2bc1fde18b8759534f47b6908f7f4d84a2108b579fddfb8edbb4de00b1eb50adbcbb209296a91ba38b0f19bd9d13

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\he\messages.json

Filesize
1KB

MD5
e3333278d6a92406f8aa1da627b7ec25

SHA1
02b0d6f2e9547795e4240e6819948dbb9b4481e1

SHA256
10921f5fcc54a5bd0ca546b2ebdf2c65a4c062d96fdfd8b6b6adff4228b9e758

SHA512
6d02737934a77fac4fcfb1e489f9c1164a8aa3111a324acb4754cdb9512a0111a004ade9c0cb9f858efac9543d9263fa393bb1d751f4a61c8e3bc741ff826149

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hi\messages.json

Filesize
1KB

MD5
c3954827ca16d49de136110caf6f4129

SHA1
a1ed0910d1b12f2a2e5bd88645ac214b02f2c953

SHA256
7a1039337aadca607c99a392ad2558d16e3f39c048c82e2216c094ab26770d37

SHA512
6f8567ffac22f1fecd101a96bcfa5bbfec79cdb1ba0e305c1366fdab519df096b826d6c54c07ce4fb1c8520f2baabf008357d9fd7e18a92f35987131cdc49147

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hr\messages.json

Filesize
1KB

MD5
b0aaaef3224face221502b9be35433af

SHA1
352016e75d370e371ed85806e0e524b1189b0901

SHA256
3fb11705f9aaba63084e8159172b07af10c30ef08fcf1c26cb9a7af6c501ddab

SHA512
2282da110bf4937e848e03c22832a6a68e5022cca5b98b176d6f1b9abc924299d58c5eb6a3b6c441c30d36d0346934f763c1f16183e3bd0e931d332e5519d04f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\hu\messages.json

Filesize
1KB

MD5
830f778ed7e5c02342d67feff9abd3c0

SHA1
793d0aefa539d3fd0f7dc4ef57d9daceb4713911

SHA256
0f2c4646e051b466bbbe8e28f4366d0cedeee9ce9d7646ef6155494ff7c1aa70

SHA512
44ae829af29acc1200fe4c8ba151b19d1e816450f45a7614ce40f72e544812f5730b4abd09de1ecf6310d918818535fa4e1360335263f4d2eaa428f96eb02457

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\id\messages.json

Filesize
1KB

MD5
b664a816e55958ad35e9fc0bba1a72c6

SHA1
38c3c869bbee7f6e013dcb79a6b78e658079083c

SHA256
80242d7f7b07846e4dc49ee6b25c8f1cc71c7d161038e2a939f4bc8d09b22bb1

SHA512
6ef9ccdb7411cce478b82ed40d8d7d87b2ee185f368e49ed5ea8f3ca6e77e83e3198a27ebd8e05c2c9147d8ac57bada682b094b0490ea162869959e61c5859f4

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\it\messages.json

Filesize
1KB

MD5
3a40212d09511cf73a9abff33ff23553

SHA1
c0c592b1875794e1f086b116799d91fe03552a67

SHA256
4bc03d2796dda350fb148d6dccfec14e818202e79775a1711ff538dc3cef312f

SHA512
ca0492bfe61585c8c0c50d41a35573fc26657bfd7acde16d15326bf327bf04973c730e96ffc18ca83e05b365f0730c5d41faae1feb0717046e919332e1d781b5

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ja\messages.json

Filesize
1KB

MD5
ed7a51a91db6521ea2eb3fcd488b5f40

SHA1
2f981947fc94d1c310a58a182aaa251bfe86e882

SHA256
8a0aaf8ed4d59ade98354e5f596b6b2c4a03b5065bc3b09d6c13e9c983a527a6

SHA512
ee065a401a6d65312c12afe604dad9137a9247b96bb6d6dc01d14fcc9fa2c6c299eb5d0e8f1d30abe4b46f8b9af85e6cc935566c6b3ac2225666cb2628de53c3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ko\messages.json

Filesize
1KB

MD5
f19d786e8a7bdb0f3bbc0f9e6d8455fe

SHA1
5473f500aa1b5d0cf6ec618cab463010e8386a70

SHA256
b45b7a2b28bbe59db53e26486cdedfe5aa5ee19dbd01ab94fae8d124cc3de826

SHA512
31d5fa959f6551cfc822c0b7d8e4d68baa9f7a3e2866f383bc1cc4e3cbb6e485da1491d811fc27d57e17bcb3774bf384c9b84da1cb3c5bd705a56551669a801c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\lt\messages.json

Filesize
1KB

MD5
416f2b8ffe43a7f035f41007d50fc2d1

SHA1
b9628abd0b6bef289b7d9539611577c4460005e7

SHA256
c960852e7e43057f6ceb4acb07d0a9f2a8601d44c5bfb67d69211bb2354b988d

SHA512
67f0dbea7f8616b1bbe30d1ae30e2bc8d4f4334aa33904728f093afe1672feea55abb15ae375787a2e9dbb6e246b33ac1ed74fe4de79f68c75e93f81cb3251ba

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\lv\messages.json

Filesize
1KB

MD5
e6a8020d78b58be2ac40858986057522

SHA1
1b63a5f1c26ae7d01da0a2eb28eec39d28819e0d

SHA256
ec31919a5adea04160d6f722b434d6ab3e3ec72244f330fb3e671b3d4816ab1a

SHA512
3ba8933e42fefdf9a07aa666528c6e380bf025bb0a4d5fe7c18a404192d45493d68224dc51af9904c604775547b814ce00b49a8b132250fd2b7bcef9907d055f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ms\messages.json

Filesize
1KB

MD5
29d96f05a391ef594b04b9da43133261

SHA1
86fc11af431d61dc229810ff04815caa90d5250b

SHA256
a0395e1dfa50f0ba8bbd6118424fd1303ce19a3ca32972f5eee012ad850d6901

SHA512
1672fb73c5a0f73c7bf776fd9189e1e47ad8f2af17bfb49a6d299e01098e0de5761900ec909da31770fe86636ac8e667236490f0f612d5e59d9bedf182b90935

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\nb\messages.json

Filesize
1KB

MD5
d7e7129b526af85ee114ea293636ef3e

SHA1
8726f0da967ba7c66aa49ac8133528bc12948a7e

SHA256
8c2f8c2e708da78b2039f7ce7a6c825852b22f8f865f1ef7ff8250ea475b0361

SHA512
9a46dedb87fed4ddb699c289f3f1b67c7cf1ad3ca4f66b65c326aba6b74afb155fcb11a7688219c427ea6d93a9a09b3a1f2c9747d7c2fb0b5317fcc990047d93

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\nl\messages.json

Filesize
1KB

MD5
c33749fd231abd98f45fa1bd4d18275d

SHA1
2c30b01fc6f2a71f86d58832acffba4eb7646e99

SHA256
d0b6b9c8bd7c7805ea6dd883dc29ebb8d42f499ae40ce9dd7d9b1082d105b375

SHA512
f085bc98930b28117d33c85b34973317d24d6784601efde34db0f877251e506e9c345b0e4fcd9d8aca7b8d754f8692b5ef920f6c75f5d476917b32e8e4d1f2e4

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pl\messages.json

Filesize
1KB

MD5
e6e130f30085ad6b55886fcaad73741a

SHA1
d30e6de45bae3ff58cd05ae6e75b45dc66fa7b3d

SHA256
8691f6363c4aa7fb4bd1fdfa0a2413dbf992eb942d719692f42b68ac26b3430b

SHA512
9c144743939659318894389dfb97184ab29f05a9b2b0cb823f2414c61c2129ec8f8cca0208db534024b7b96332a3e7c8452afa66043c03b1c2d27522d72c32f9

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pt_BR\messages.json

Filesize
1KB

MD5
8dc02b40c5afd3142d3701e850dcb50b

SHA1
9af12b26f0ade1657e3d10063f44445de356b6a9

SHA256
9d407d8979bb58d330157be475c619f27ec2bf15c3530805b4b7518c714c4c0b

SHA512
8d9dea428da9a6bbe9b3f8b631541aeb97e4ec890cace542ca09a04474f9ecd20f31ba6ae7d421a54582eee8da1715a077f77cc855796ddfb3aea30457ff39f8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\pt_PT\messages.json

Filesize
1KB

MD5
7ba365deba378a383155a74a11ebcfed

SHA1
2c5e66dcc18e9178a0e6a25f79ff545af08abb1a

SHA256
381877c8038b80afe11865a00b82dd78e9676da2511bd08087257d8ffe8f27df

SHA512
19f2f5fd60334bbdec5a8a1facb15521c4ee90d60458fa42a8331a1f7dae9b0ba1d5c0d2a5386f160b157af0dd7cc33488e93fb6407623ba5fb93ad689eb4973

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ro\messages.json

Filesize
1KB

MD5
fc0c0aac29d05eddba3b1aa1c974f426

SHA1
aa176688c93ccebc58ed53c344bed5c25e33900f

SHA256
f4a86eb6a5a67178bfa24255874090e9c80a5acaa458f14dbed91c8e9c3da1f7

SHA512
640e4b745e08d23a4bb0146054e99ab5a66552509f20d9afecbea42c2b0c67f402f5bb9bd3ca73a5ce788dc75b2af36cdaad36322f297017383f07fa0ba31937

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ru\messages.json

Filesize
1KB

MD5
12a9ea240df3a579c96e6aefeaea0ca8

SHA1
749ad7498f904f3ae4b7fd91db3b674df72855db

SHA256
4efe5990080b6388306f12b74b31c493701d45794e8a300a41f6a90ffb0591af

SHA512
cff032611e8ad4e66a404d8eae5951775c0c730fd9a0e668c56615cda7bb5c25359c2987820294b28999dbebb39905526299ce656c0887c9009c88caecdb5dbb

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sk\messages.json

Filesize
1KB

MD5
5cf9cd122e26346effd48db0c8fc75df

SHA1
21dca1f8f552ab09c765d80da60ff87e937af76c

SHA256
f43aa954098a6d72d3d5a9dc74c131b10f59eb111b5217913db0c0d68b7a4019

SHA512
f5819a66bc5a7f9dc9a80a0d3391ae68c9d6f923f90f8f8713ce96155ef95b726ed36fa71e6afd0d03a2466c9154cc9085332fb61263a4ed610761851c8d69ff

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sl\messages.json

Filesize
1KB

MD5
bb93e260e7e2c75d4591c678ee93f81d

SHA1
942289144564a5db6d9eea6aa2c37cb0d83af037

SHA256
03371b65cd719a56ae34e00c3d05d20739eca452c0895c214847724cfd401c99

SHA512
5acd8afc440961ae342a3235ad94244f11f26f486d69086cc55d4e991c205dbc9b19fc82ae918a3fa64326ccad844596d70adf8abab81b212c11903d24308fab

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sr\messages.json

Filesize
1KB

MD5
e29a2d569b43e93a63de075bba9b51c9

SHA1
619fe39b5197f8a17090db232efe565338ad823b

SHA256
32c9be85fe0871d2acd30aaef4434f3369eaa1b3b12a39141754f98d9d7d181c

SHA512
421a01e0a27e39e56427eeffea01777cc2ac2368dcfd42df6adc368bcc6a1dcc5e07a26209e88c57f106dfb64f255e218cc1bb95e77e5b9cf85dbf11a1d68180

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\sv\messages.json

Filesize
1KB

MD5
de263878f8f7c10d670221567d9ecb24

SHA1
af91e39c90f1c06de18791893eaf1af1f34e04fa

SHA256
d0ff3826cae2bff8238c84f3a6f6870874e8fa93c65e73d896db9cc3c3f14922

SHA512
59d1a6f5c7e487cbf9d23cfd207bacf7aa20ff1f8616a3431370b6e1db2752d2b23fc5d3cc4b260804d3d98f1e61c2f5b5fed39440358f2dfa458e4df4db1fde

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\tr\messages.json

Filesize
1KB

MD5
c6ac0d250d4483dea83ff01fb1dfada7

SHA1
15c863f7380fa277ae42da5514d73cf5af0fe503

SHA256
945b2841f8b7db64cfa9738e1d4e9ce652d0e54a2bd174cbabc94e494f44ab7a

SHA512
33a43f0c98b46af15021d09facc4d29f6413ec9276b2e70733573dc96c2f28877a7bb5e2ed52f57e2b22f975037482b84fd76fa793674cd82768b43636f92754

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\uk\messages.json

Filesize
1KB

MD5
5e024d5910e23c1c2052b560a8ae62aa

SHA1
edf5ba60588876ac2fbc1787ec519dfbce9308cb

SHA256
bb3582dbdafca749ea74eaae270b5c61d61cc1961c2f33fe3a4e45e1b2306e26

SHA512
e465fdd296ae049def59e7856bb44cb087c1585de36db98505e8a15f909a92523098c4eaadd750a8aeb5d90065cb60521bfac4721042c80ba7ac4a76b0689dae

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\ur\messages.json

Filesize
1KB

MD5
abe5427813da3a1efdd72859f8ff9f68

SHA1
a6366cb5d6d0d08b43cc2dc54e6c66c48cac195c

SHA256
82ad8bc296bfa1ecbca8866d1f6c078aa987346e3a37c609b22f202b53a5cce2

SHA512
a4dd9ff6eda79604826b6c03b983dba837e99fbf085e832b93d47fe225df07406ab9cf6296ae3093e7b37b6137b3122a2468447cad7d1703f8f5d33987840149

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\vi\messages.json

Filesize
1KB

MD5
b5f18b94d6479fa84715a4245f6f25f6

SHA1
54800434c74ac6a2e0fd8a1672dd8242b6f39f69

SHA256
a41883d12892ffb1d888ce4cb7057db2b6d00ffa8f037ea6e962927c3f095739

SHA512
e3ca50a862cc890157346600201c92bdc0fc67eb412cd0eccb4d3b90ef467788a32b84413ad3ba567313554076c5acf677a5f438e6a2147423dffaf23a4a2acc

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\zh_CN\messages.json

Filesize
1022B

MD5
79dd279b4fa24a31c0267fa5b58962a2

SHA1
d32bce6872dba9065a3f22ae5e7ae5d4fde38855

SHA256
944b3c946452b0f12c39a13c3d44d5836b22e6939be6d90b21fa07d91a87e4d5

SHA512
79d6dc7cb201019b78ca52ac04a0f3080322003e858725a730f5ae6e8cbeb938c06a26078519c0ac5b6f4057955d919de2f37050bf7bc74ecd4f325d3cb2aab9

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\_locales\zh_TW\messages.json

Filesize
1KB

MD5
46b65c0271c694dd6fb28eb690a007e9

SHA1
7480cb94f90ac788792b3d4c077986a4a784fb04

SHA256
e86135fc21e9a5090399003977062b1ef42ef50ab134081c178642c1f9cb1386

SHA512
cfcde69635feb1cc78446bacbc6ef4fd4ac4eafcee22a2fa29f81040d6204cf58a15b82dbce40098a25ebff6ba1e66541aeedb734ec8469963887fb8c13a18e6

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-128.png

Filesize
9KB

MD5
bb04d9216907d7ce3552f5269ed56943

SHA1
8f38bc15605438f28f10f3a7b19405ac264a00a3

SHA256
5255543e412b35d417acbf1a36d40d593d30cb2d00e8aa54806edc2876b018d2

SHA512
4daf0e01d69da1f92b66d8093f30284f27fb4e0c18a9e86dd3aa281df2adce038d7878de3fe024d5627ea5980eb79a814b4f800370f4e4312100f3ef330155a2

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-16.png

Filesize
733B

MD5
964b18181490248e5d4b6ec1d37f8d56

SHA1
d7f7d12fa39bd48220f4d8158f05f39706a1cce9

SHA256
22f8515513e91b308c24b0f3acd2dfe1c1ca62fbf795d4dc1f688099d96f3cbd

SHA512
444b56391f4c87a569fe5a8b7928826462e15e2c5308e8b7fbe95260a1781f313e7e4b2c0a3295d1ea39c16debbb7eb08f32feaf478d27706de5729de143d983

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\img\icon-48.png

Filesize
2KB

MD5
455726b96e7b10bc519d8f68ca0ff700

SHA1
7c6cc22d7f5959a398a12c95071b031247f87b60

SHA256
bc6f6111cc2973f49b0305f79d5c33debe50a2d2fedf3ee612faa207896a725f

SHA512
1ca5db8466a4310d127b70eb8674851a814fa5aca8682f1f771a946e71e5bbd4ea4f2fba281ba6ad8921cdeb07e4947179144538c70b560dfe5d5f7791737245

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\beghmmhchncjignfbfnemngnlnjdmbcb\2.6.240_0\manifest.json

Filesize
1KB

MD5
253d12f545c3e24d1129e5f98c68f98a

SHA1
8a9d8c90400ec9b583504f5be98fb1d4e2e26000

SHA256
a14d2edf37826c68af6f4be85da450820c168cd4cf4b64be70b1bee8989d342f

SHA512
a7944a3527ce651dcb5aeb4861651649ec0e498a0ec616fd081f033ce7dd1235150b0fae046ef7b3006b2953d265ca8ce0ff324518ed732ae6dcfa0b58598261

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\boakgmelfgohkobfagbmnlnmpccbnaif\2.1.0.334_0\_locales\en\messages.json

Filesize
17KB

MD5
6d5e76084c6a0a7cb86266076d008f66

SHA1
8779caf904bbf4b0e19423511fd4a3ed7a92883e

SHA256
d5ec69a6394640ad458b698dab3099632dbdadb25e20dcb002430229e711b386

SHA512
8286efad1963598817ee38236b1b9db150365e55823fa50f67f2a0f8ad29b8369705881f4767c8401a3228209e7cac919cd25aef4e5e10162d4bf57676020241

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\boakgmelfgohkobfagbmnlnmpccbnaif\2.1.0.334_0\_metadata\verified_contents.json

Filesize
41KB

MD5
da75d62a54c62f3b76eaf5a8dfe0e732

SHA1
36207df1be4d0455d7c143eb6dc2deda7d3d6c4e

SHA256
944d212eba8738de04aa1675e140b64a7019257ea57b97fd780d93f14e3007ad

SHA512
f9cd02d1a42f7d47ead1b769bc318239bc775dd0869bdd64f19a8c0c2ba7f96591e71231e1f21d87133574acf721d213691bc923666999bdd664399adfbdc515

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\gjcfnponmdkenfdibginkmlmediekpnm\1.26.0.854_0\_metadata\verified_contents.json

Filesize
4KB

MD5
0e7bfb2084dd49ad6bd4b927d594794c

SHA1
ba3bf3c75cce643968c7a3cb9fe15f9010d938c3

SHA256
e281d85bb3163e6ec3ead28efb084400207b64e690c8302d87f7924b821e0064

SHA512
2f10dbd08b917c8c674cb658e9911202d6f601d089ee66f05972bf03e27ff48c2b02bf691bbd30da83ed9a4aa0f8b9f72dc3c0fad4d3754833713b8489484060

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\gjcfnponmdkenfdibginkmlmediekpnm\1.26.0.854_0\webstore.js

Filesize
428B

MD5
ff713828113f6377533d41a36bff5ebd

SHA1
7157c2333be0a6df2db2dc0c25d36738acc823f4

SHA256
60657bad3b62a195d588178203e25df302ecdb8b51fcc49cc4f628aed8998dfb

SHA512
b55bd6b59b57003785db6a8f7e0f46b2ff4db619b4ea143c09f1e456ff1c5efffa46226984849cd8da98f48c06a79a4d00edccba3b7e1d4423e448f1be001113

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\en\messages.json

Filesize
7KB

MD5
b8645df606dd756306208ec441e9c0dd

SHA1
8ebd4f5103dc792b6a563768d1c3d6e3b4729c54

SHA256
6dde990f4e64d1ecbde90db9d3939f33b3b5c3d1b89704dbb8ec84df8f046de2

SHA512
25b256e3ae975c4928d1ab696e821a4be3d5534090902573136f9cb9e3c8005e77e159918d418eb6d6a2c6c7156564d7e7846fb4ab923494ff0d2b0df1304011

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_metadata\verified_contents.json

Filesize
22KB

MD5
8812b25c089f19967e2fb3bf69f61bbd

SHA1
f71bc3691f99e3c89831c5902f3bc14f67b85127

SHA256
a4211fa0704d1a9bf664d7cf309d8aadd2374f212fda1b21fb09118aa0eb2afc

SHA512
67f509e96fbc6eeb17c452603ec69838f988905522816458e1848d604b118b755fe427001a222244fa108b22717c506d29e69ca804451f7f8c0c237e83b7e6ee

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\_metadata\verified_contents.json

Filesize
3KB

MD5
670c300e76c376d4070ecfa9ce9ae637

SHA1
7de97044bf1011ef55a448ddd3cc169d2e40b296

SHA256
4fab6735a4d779a411c78cb10461a91cd3200bc1ee49b3527cb795ecf715cf39

SHA512
93ce0575cca6cfbae55b1bf24c4c68c7b0ac4268bbbe33e766c1352ad313eb5f664b8fe484a9d87ee5a43c23e1086ca8333e2b56430a0d549440c614a7e92203

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\background.js

Filesize
1.0MB

MD5
c288ca276316ee0bb6cf111e6ff664de

SHA1
a1c83764319f122a88b7274985c4d34e6e073e5f

SHA256
9d4625f1d8edd3a0682f86e34b606b1a9a66a9b2f36f9439fdb470af85a48f42

SHA512
cd6a0e95df19e184e383e5403177a96bbdb29fd2c8c471705a9cedbb7f55c0469e807c376a52b16f6eda437780d4263b19f617c8fa47899cc8df47c28de57673

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\background.js.LICENSE.txt

Filesize
1KB

MD5
76e4242185e4dc5c685b94177d7ab7dd

SHA1
f8fa99ee4b5d70e0f72b61493390fcb4a282c296

SHA256
9145d7b004e4f8e7894b2ed612440eb45d756a46b5cfd66e3784b904c057dacc

SHA512
c4f6fb1035a25aab15982de501857dfe3bb6c70515303abb598cae9ffc29ca0fcd0eae67bb05340954cfecd80dc9342dd0348cc1afa6882a3b4b3794d4fe5b80

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\contentScript.css

Filesize
150KB

MD5
1c78d4d465c2ee05f45c478f3b26a809

SHA1
be04c109c4e3cec8f95d10c05dea1206ef92d9b4

SHA256
ebe2e84bb9a91d983335f4f9fb8d7366ed17e4c969885244b98ad2d40fa97178

SHA512
ad8cb15b75540aabe7c5e212dac4ab6b503462c9d9d38b19df54e2f45fa1c2e3d48c42050e4aae54870ce3490c07076b482645314a1ce10ecbc6bdcef4499bc7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\contentScript.js.LICENSE.txt

Filesize
3KB

MD5
85d0072ce63601702a8aac69046392df

SHA1
75cf9b16f86a3de6104d44376bda6c96720c121c

SHA256
b420cba7020a3d8223942c1c867ac29f40b917406ea6b722639cb9f3d539f39d

SHA512
a5b04a7f191b9203cfc69e39d6535199b79d0f8e2749366c0a4c7427af8dda11dcd9d3954077b4a5d4f1a939ce7cbbd5d3ec98167f5392d8dc61cbb2938569c9

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\fonts\Roboto-Black.woff2

Filesize
63KB

MD5
59eb3601394dd87f30f82433fb39dd94

SHA1
6610089bd2ab6cfd41d16777ad1b15994d429bb3

SHA256
41e55c257815e19c8e2384b6d1d5180590599a56f23f3eab417c5fc7aa553511

SHA512
e039c0f2d3c7879f551ac66f967cf0b26f16ddb6d9fba3283805104ec9ed183f8c8c19c448e640164a635e45a113473d89066e4dcc0839e9c210e619589b425e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\fonts\Roboto-Bold.woff2

Filesize
63KB

MD5
b52fac2bb93c5858f3f2675e4b52e1de

SHA1
977c5749fd06192dac5224811ed69e53a6b2b47d

SHA256
8e44376b735dcc9027acbcc8a0df64c3f886a23529eff27b022f344d719e90f2

SHA512
ca31f9be22a3c5ea802581a63e29d4f205a4fc5d1d7f6ef4bbcfcedf7c3689b1d46a2145b0eb424e3671c40e55136d25551a77c9ff05bae03c69ebf1a4f9cdfd

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\fonts\Roboto-Light.woff2

Filesize
62KB

MD5
d26871e8149b5759f814fd3c7a4f784b

SHA1
6b773b76e0a6708ee4040733cd0c83278543864a

SHA256
1d8f5280afb7f4fa0db5cdfcb751e180788b0f0da1488309c4243ebff11a9591

SHA512
65c8a0aef476ff5cf8aaa29b2a315801417a0347ec5f99b6a8e1229328ad551c0733cafe6520fe916b01672ae7fd52dced963ab98f38f195843ab9aa9462ccea

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\fonts\Roboto-Medium.woff2

Filesize
63KB

MD5
3ac5d40d1b3966fc5eb09ecca74d9cbf

SHA1
a69f32357765dd321519889aeacba5e9ca893bb0

SHA256
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

SHA512
a88b87d2b8e141236118243f66dafac6c9c06fa7858e56fe36b59c7079e8c5969ad46aa7a0eaa81ee79276404fc835f7107765618179d6036d38a263390f02aa

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\fonts\Roboto-Regular.woff2

Filesize
63KB

MD5
73f0a88bbca1bec19fb1303c689d04c6

SHA1
463a07f5c66bf14e6d9d6e0f6d5e3fd3cb11f4ec

SHA256
47107401d0adb375ab9aa167f9d62489a849d510e740a307b5a4db60e5db3562

SHA512
18b8ec54deb993702689b44e269b1c9fa38e2bf3c8053bfd778da4cfad821a1d8455ace8085f65788a5ec8bf71339cf1446c845c23c5f59e5086bf44e468eda8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\icon128.png

Filesize
2KB

MD5
cbd7c61d6da977fdd2dc2658d3a3e4e1

SHA1
d74fd35f16988c89537f035a916abb8f5c36108d

SHA256
2ccf7819424891f8ef61859479d0808a3b90cd0cbb20e4f6cc95187e70744f58

SHA512
2867869d82e74b5fdc90ae65146f7373ddb67df44646b95992d730e24e82348159c3e058dfe48bd260e2a2b3a7ba456688b2599907c5b79039472ad5a6978251

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\icon16.png

Filesize
440B

MD5
f71dcda95ea1980fe79935dd4846cb20

SHA1
6a8b5fdf8ea8efbc2f9830baae5d701564927451

SHA256
e65d2384d36851b6d1be712ba196a9ccdf1fe6c18897c002f483845032690ca3

SHA512
f15f0b6fb5589d17c16d4d39d4e463c0e0e61ceafdec2ba17948f577c3ced6891b98b81dca41676d7881be44aba78a953e1fcb9902ea5e8b6a6a26b12f14fdf8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\icon32.png

Filesize
873B

MD5
ea1c06120bca8bee757c97a719208631

SHA1
a015ea87e1a683a1b189b589a33a908bbf250514

SHA256
93b175666922007b14eebcdaa6794e03cf2b0630e2cb4bf86675b4cf3e9c40f9

SHA512
9c6540d0ceac5105c38a171fe5a3af8f81a163dbe60ec151e6ca1fdda58aba02fbf8bf99c49ae2c6cb3b038737712a15f2b6fdbcd913e9d3adc1e86b49a31200

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\icon48.png

Filesize
1KB

MD5
3d0c230db3f52326a0a102654d2fd5e3

SHA1
07d164472540e7e1c56a151b405255729479c1de

SHA256
2af2fbb64a452becacc419bd4aa8270905570ee3769a4bbb94e4fa3367e2c877

SHA512
1b1324f6748630374fe9143da01efff3aa3ce60df6dd75e2d45b431db318ea59146d8589090e3b2d50c58287618cf55177f0120c3e2fde9d239e3b94ed292e45

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\iconDisabled16.png

Filesize
468B

MD5
df7761005c523247ebe938c66ab20403

SHA1
e99d95269092fcbe49221f896f6d657ab9b7ec5c

SHA256
79998c3321ac60a48a7a83f848622a1fbcd5bf18251a69c7b74edb67181d1bba

SHA512
1bf54b9526fa22c417c88f84df86eb054540db926492d21699b194999a727830912c1fcb53450fdc737bc0b3d9662e249ebaf813cc077e84b6758326d328726b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\icons\iconDisabled32.png

Filesize
905B

MD5
10fcac9e25146799f631fd4836a592e3

SHA1
fad31ddb5705203a28d3d3677b1219ac3c3755bc

SHA256
07e74e96aef7c37a0a8fc29d0f9e79deaf698cc8de13a766a00ad40ca41d4b0c

SHA512
2e828b1222ac00cd9a21c7ac74b5103cbcbe297fc61c2b778899efad36539a41e287e59ab30e546d0c80c30a3ec886f5303f6742cbccd53cf4dcfb9a44d69d8c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\manifest.json

Filesize
1KB

MD5
bc320552e209e176ef2827f5c1fec4b3

SHA1
8ca2592223a29f302416e9c477482bbe561004f5

SHA256
6cef503d8225ff2623a9b95d513e5c3f46647f651b3109bfe137c2be26b7ae76

SHA512
560a2aba05dc0f08033c917e084cca6088d1fafed15dca8f4da1c545b3f33fb6a58071e3b7a55ce5e5208edbcf1c8a82783357fe5b0d2a4cf2577792a94a578c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\popover.html

Filesize
179B

MD5
49a7b2740cad481349629fdada7cd28a

SHA1
c4cc9c878ca6a036ce273ba743ed558a62fc0b83

SHA256
d8a1e2839a14509c2f61845849a2397b8ba3aa4762416dc335b879a812a60305

SHA512
074dddfea2b17b03d3663257f4bc68912d41fe504526edceab5583499c62c59e83c69d20f51be115b9a9fdb8c4cbc14e3011704d5745b347e83389f0237dda7c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\pbnlklembegknchclakjohhpdccfllbe\7.18.0.538_0\siteScript.js

Filesize
175KB

MD5
033e8d56471cc105586ffa81455653bf

SHA1
e4bd3edc321d1c9feb0839ecb5a2f57731bc0e52

SHA256
b4843e615ffaf5802d1f553bf182d79a99b59921aa2f3f6c84d28dae5b9f2b0c

SHA512
1ad02dcc24f11a79a0591dd2ba3433d7f3832bcc7edad085794be17d64e965b554ae5b44d0476a2b4cb939e834f9d3d6c459ac0765f3ecc886c7d9f7a551924a

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\15972329-217e-437e-9912-97e43d3a050c.tmp

Filesize
689B

MD5
c2f3f3bb404b1837491d1c19912041b8

SHA1
0da6835ebab22323be7c10c524d25e07fb8a38df

SHA256
9d68540eea6e113fe9e12eee0c2b8b50b7457d9d5f133cd68813ed40dc647cb3

SHA512
55671befb07f15c2eb67fe3729121bdb77b31496469090c5beb02dba473849c96363e6a80f7031a9b329cbc4ddae85b5f0d6cd2f03d71bade1947a3a72cb1aa7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7bf6781301a160867e46562102316270

SHA1
e9359fe4080fde84e46c7a50170dac204e4f5cee

SHA256
e75ec8d1a98ecca48a0d6c73e813ee526b6014b9d01f2c0d51dbf7c751139cf1

SHA512
cc38b2d75107fbb6e96feea855712e8f852cdaa9870274a86d2f008252f1f0be46c1360e5100249f8e88ca43589f4316ef23cf127f06fb894d37fc292fb1d0ab

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bd5afbaf7e3b92ca810b1fc45aff8c97

SHA1
4f81a6aa81c850ff2c757d593871225f2547bd2c

SHA256
9d001e7fcfb69707cd135b8b3f3da66952da62dc14101887b85f819e29f44f3a

SHA512
dc8935b70ae62a352233064955b038027b17be98da731e7c68316021e528d841063434bc2deff2934811751285560697f979ae59b103c19aa681bc1a03ab640c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
149b60ca2b69c547d506be35496c8801

SHA1
ffbad9ebaba84826c9d42939be1c012c58856ca1

SHA256
7be94e48c43b4fd5575081b52881d0557c2b4d1a571e6982dbf425126049e49c

SHA512
e3f3573f6d44c2f3d5f5a66b5a1afa49937d2ac9372d65b7c3828542cff31e9bce68c8bc518e3a7653e83e86777cbd4b966d635ddf26803dcd96518778643375

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d66b5bda4f3ecb7c367478a778f843d9

SHA1
a7e6b67f222069afece05dc14561ae69b162e7f5

SHA256
919a3dd551b382f10bbbc83e9a0099e08c388df59d6adb3ded1086b66ab081aa

SHA512
5e5c1d54b529a59dd5d7fb9ff833b05ba4af63458e3a55041f9f0ea6bb90c242aad0c1486627625ce432db66efb42962763c49881278667839b5fd2b52809194

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
1306586e54745c39a815502db5c46ed9

SHA1
34f11f42002b3882fe36b84254d73efda34204b2

SHA256
5979806c518eac3a94b872da683f11364a31141c1338ffe43e7dec2909872aff

SHA512
fd93f04e5cff0dee9943a45ba0489af2c9af94fa51165d7a588ff4848aa392e8fdaabe3df266101a4a180bd1ee536add3a61bff7a33ba0eccccdce5ce16b1aeb

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
bb573ab606921e99301757fc33e229f8

SHA1
5fa0123e012bb3d821871611ecccf8b09ce0d50f

SHA256
4a6c0592766c61036d872739248a1cc7fd6d1e574834b0739662b358b54d2f0f

SHA512
092e85619a493ea1a6265678aaa8d6da661a4b610e50bf43c9fcaa3dfafa4d62838c008af4f7f1e3305db35c297de28f083dc388028f779564894e234844a62a

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
6398e61a1424b9ba90d1a92c3c91bf55

SHA1
081d757bd2d4ce8deb7900897445328d37e40f80

SHA256
3ed6518b6aa562ccd963fe79e96865046f8c3aa9ba0ad30de22823e5c3c8c8c0

SHA512
d4202fdca07f611a5d33948bfb68ad0ca5a5ca86bc3b0b21becfc49dc26cda3b4c1be6f003541e3d14bb73ec0013997bcb1d53c4775ccf0794d71f563104fffe

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

Filesize
55KB

MD5
2a9f77f932e87123b7a05853f6358e47

SHA1
09da7f72d80d9e94f20efd62c4c25c1e42da9de0

SHA256
48d17d2a2170e9ac2f6e22c8342d099abfe2acc4c9e99348a2ddc0eb2dfacfa6

SHA512
15c63087c1b125b988943a01a3d49e4234508a15a218b454ebb9620ec87130624ec5ed0db460d11c1fb517a3c32d4d028545b2a2834872fc93da908f305de560

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

Filesize
54KB

MD5
9e0aa7a74b19975e2cccebbfdb676a13

SHA1
a21ce737f7b356469b68e4b48a23f78a5add9939

SHA256
e2ac45c1dd0ae82b937447103bf272e2361ee0bf5a814b122ff62f22605608fe

SHA512
8431a67d7249cfa3b6ff326f4917ad3103b8242fb7fcb93e7fa3b38c8112cfdeec4af5430de561784420684bdcbe61f044a27f575e251f591857add6b0124381

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

Filesize
53KB

MD5
22e786278758bed68c02ff5be5e9a132

SHA1
8836f838637f14e409c528a2db5d6c8690d2118a

SHA256
929a4477a277b584a3e8dadde075fc24f1ce5ed06b8557634c197126a9c4f1cf

SHA512
c18e26e0177cbf284f981bb2b6d64f1d1b28c685106db355619177e5ce6de8e9b3fef4dd4336565865d1f188701e5e78e447130178e44d90a7c0a42970637646

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

Filesize
53KB

MD5
e3d2f3e086fe44c6c72b0d5c68e5fd42

SHA1
e6385a5646073d238aeea49f37296c006e5da844

SHA256
8dbfecbd241e071f40ad70e2936bee47757b665fc88b0aa834a9b5b589465702

SHA512
27fad76e2aed3a3cd27557ade15bd401227fc6649bd842928ef21f269622f3efdb48e1959154a3131d71c4e7c418f4888e858c6fc403d4d8fc62fac9811d65f9

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences~RFe622e9c.TMP

Filesize
3KB

MD5
146c565965cdeeeefefe46b2895be848

SHA1
5f714f41b8d1aa1f238f20b75ba2d58e9dd50c5f

SHA256
9a59b20a12347199e1a1c8b6de85581289b6e47600f142556baed14f8d1145f3

SHA512
e58106114657a09675572b0ee93c5c93a989f983f784a57960f2ef8a1b98d156fef3344d0e2f72f96a845e0025655f09339727e76a4aee76257eaa5203f2835e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

Filesize
30KB

MD5
f4e11d017956c9c152d0ebc70106f790

SHA1
e5d7bf7f4f566938d6619985cac90ab75a872f0a

SHA256
e5ff1b36f8fee6f70c719f1dcd2197ee0bfc3dac73107eea8a2b67e92354172e

SHA512
f997153bdf466ff1d314b8ea2de5b97579fdbd7a0a2b4c458deda903f48be8ad6412f7edc12f0701cb36927385e705474b1800d8098097e902cbebb121c86ad2

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Secure Preferences

Filesize
29KB

MD5
fa2cafeed6928303c9a6f32b413222bb

SHA1
a73fafbcc2cc98f28deb643f46d7b16a9017be4b

SHA256
6c906fef115c0d49726f75dc524b0ce296b6e813e9066f920ba47c28bcbf5ac9

SHA512
8d17b51a26d63e1364e5820b241a8e4f1b4f4634ebbb98d52cb5dd40294d6779c6b13b51da43e703fe60603122ed267b2896b38a8809a7de2cdb36634f38a3e4

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\CacheStorage\26cc8f430c37ca3e66a8d3408a02dcaa5fad402e\9ab283d2-5f2b-48af-8879-fa14d169b9a0\index-dir\the-real-index

Filesize
72B

MD5
7a9764d9f21a6bdb72fef47f93218cfe

SHA1
021fff7e305e69af2aaad66301c74bec73c995ff

SHA256
2c70ef85b9ccba9aae2670d76849639ad95e908bf0b11adfc8552f323263c6f5

SHA512
81500cfa40cdae1c4a37427044a45e5b59e6c06ed9d810dd7adfaf779ca2b46557ed62958e936b14df995dcf31ddc5c1a8dd4c30e8fe522c5d5434dd8bc4eb5e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\CacheStorage\26cc8f430c37ca3e66a8d3408a02dcaa5fad402e\9ab283d2-5f2b-48af-8879-fa14d169b9a0\index-dir\the-real-index~RFe637df0.TMP

Filesize
48B

MD5
bbba2b568d0af7dfd480b126fff09bf3

SHA1
6f838b4744a09dca01c9daff5ef50e5cacf4550d

SHA256
69e54babe28f78f9c9cd5aafde5197c41b952f5926d00c660b798b4d5afd032b

SHA512
dd1cd6b37c739991cd8dd668d5e1a1d2118e934bd9a1ce91a190cd7470cada4977ab377663545edc8cb28cd493eff3bc0085b32340b50cd29ae93dc33b3c41fb

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\CacheStorage\26cc8f430c37ca3e66a8d3408a02dcaa5fad402e\index.txt

Filesize
145B

MD5
e06508d733370ed5f0829d4ef97d28ae

SHA1
a2f505bf8b63d10c97e99f87a10c674169d2fd0a

SHA256
d8342eade8a63facd065102ac592dc923d49c998e03c0e5eeba666ab5c4be0fb

SHA512
17b9782c44f49828831f6f7ee7679d7c97c8c0bc062febd3044b21ce0466fab7ecf8f376103c1bc58c8a3ce4ef02cbfb3e25b63d1f1dbf4e7d6e96335a24f11b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\CacheStorage\26cc8f430c37ca3e66a8d3408a02dcaa5fad402e\index.txt~RFe637e1f.TMP

Filesize
151B

MD5
531bf36185782a66ec51aa06e4b6b3b6

SHA1
c35a0005fa5b074212703d51360cbcbe1f2b00e6

SHA256
5e76347457f906c1ec83a9d1e9e76829134e46334ed2f6f4f33651357dbb34b2

SHA512
06c48cdf939a6337f478d04b91ec54f96f0c115b3f6b32c6f800e4111dba1af97805d7357fa3aa280615e8acbe17541c013b9957c4f56d523589879e74670a27

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
f5879fb681e355c8026eb8114d66a35d

SHA1
2722e44d67158ab395b624d9170eba3847bb1cb4

SHA256
01712f14e0e98f40ee0a083990a890b438e12dee07ec1daacedb04a8c8adefec

SHA512
c7d9ce023a251abd5ce97f8b28036157caf9544c20df6627ca6422a49646c75cda6caf28bee3098f7229ad0babae54f506517a77cc95e9cbd5463a530de08a6e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1dd72ed97ee1c24513f2fb767fae2581

SHA1
71d3e130d02b03676b09f297eb4ca59c81c702ec

SHA256
6d33149d0fdab7dcf18273c977825c390469738d542b397460609a60ce3ca060

SHA512
52b5f9f1e22833ee83fef170886b25f6dc0f579c3c014236563c47e3ed496953b8120870904e999b5ea401209aa8b665380a2df8fb42c746cdc11bcbd3f89cac

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe62a42a.TMP

Filesize
48B

MD5
27aec4bc2d6924d9a7513fe441607eeb

SHA1
bdba969e211924fd9cdbdb3b22699ee21b607da1

SHA256
5c5274282cf7b40979e1e8fec7bb58b62046705f80269e850c9535568c0da7a8

SHA512
e9fb9114578dc8db0f119e39facc8040ffb541c88c62f0fd1f8dc8352214ccb5474cfa0e5b2cd850a004291999d51c32c1402155ea71523f88a29a5a6bdca45e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\a8c97e87-773b-4611-af85-c71fa0339a7c.tmp

Filesize
168KB

MD5
fc07ecae96473eb238d9570ac145b9c6

SHA1
40e791064c6ab7fed561242fe76cef504e9d67f5

SHA256
7f1d458d061048520ff23161194483cdec65a85a83176afdf570f2e8af441c42

SHA512
14eb4c3fb47acb4684545a3ab7a4f3488c18b25d8342c34e32da4c9b25b8c62806b06baca5f6aee834284de45325680a5275f06077cbb6761a2386550fa5ac84

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
6KB

MD5
4f4093bb6cec1b6ad1fb102495b6e27c

SHA1
f3c378ca12be3bfae073c7070d7d0d59033eae8e

SHA256
9dc65b2a8257fec16eaa1c66edecd916876c256982a85e149657dcf883262287

SHA512
26b7e90e18d3d5ee7bd42fd48984df388af77715bad3f0551f2883b628d0d2b1d3877ac321a04e4a9a85eb7e95f85b633c1cf0ee046a9017546b706469b42ed7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
7KB

MD5
8a86cb1aa4e7a02ead7320d783b3b4cd

SHA1
7cf4387b3932ad973686d2dd101062028143866f

SHA256
7a1c35ec74462a135333a5a2ef21434ab51598d47d419eee04cb3dd1d2da3504

SHA512
f7726ba7f824b1b70eb7dc096efb9f51e0ba3bd4f90c82d58e5b7df442f3fe195981ad9baa8ed6aaa688b8e8932db4843cb202f5603a89625c105496e77f8318

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
20KB

MD5
0656c1e03bda5121d2415a42a08c0154

SHA1
e274f81e529f2a666e973bce896c567d0532fbeb

SHA256
93ca309b8790393265fd2b06b20b70286e65a66e48e7cccfb2be0084f869dffd

SHA512
3b0d67527716cd45e83503750900ec214a29b6946f58d3fe0831ff8794584d778c12374ad02cffa43859ef981dbf6b7679a3a62cf88a6722f11f3bdbecf0676c

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
6KB

MD5
4f8ccc900eb3df38dd116aee0b5e9be8

SHA1
e60b4b1142bb81bf235db3a69249cb29cf26450d

SHA256
632de1aee403e200087b012a28ecfa1815d1feecfa58510d1842a8a2350e3e79

SHA512
7ce094f72033b6176cc806b45224bf629f6244b9cbd1f492a44b04278ef31422abd592e6829f1df6682f407d28c56d10c34f5954e5c12137fd0d74f5143504aa

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State~RFe622eda.TMP

Filesize
1KB

MD5
55ef08778e12cf853c243fad44a029cb

SHA1
0aa81464595e64ba4dc5baa9f46355b76ddd873e

SHA256
172f6964789c4ce59b2892d4827cef60a2a1ce0ec13cc57986c7b7a635c3299c

SHA512
4c5e73cdd741608260d0528d24b94eb28785ecd3879ace8cd5182a0959170fd0443b8e2a15b691d71aa49d2339abacc6562a8f19ebd62ae27e9b611476772b2f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\PKIMetadata\975\crs.pb

Filesize
144KB

MD5
51c912244e7ecaa42f87eacf5dec3d64

SHA1
6c1fbe878e822b41dc5fd8f8b6fd71c6555a74b3

SHA256
cf405ba3735249f0fb97d3d822289737ddbaed63ba60a27fc6732c9f1705668b

SHA512
966fd17bdeadc56b8f2a36cf78762cd981aec763a7f00027ca05ffa20da2c318773d0fb39f0ceeed86b49d8aa04544fc87a73ecc9dcac9e54d14b9ba52b7dfbd

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\PKIMetadata\975\kp_pinslist.pb

Filesize
11KB

MD5
4a8bb013f96500b496f93dfb575a5130

SHA1
c6dd89e452a7f5b5a777b83044dceb0ffef93a01

SHA256
bde12efe44c7edfb58e21c26c0126021139701f92f1c611e61197f448710470e

SHA512
1ff5c54863787f27802e684584f4624f31a47c50244edee611fdd433c400a7cf8aaf57a53c97d972206de4e4afd61b010a523d9fb662bdba69003c8e1c774509

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\PrivacySandboxAttestationsPreloaded\2024.6.3.0\privacy-sandbox-attestations.dat

Filesize
6KB

MD5
e351d3964a55bcef4a5dd39c012a48b1

SHA1
4516f3cf1c376e363ed7b353426b11041c4c7095

SHA256
6cde864b0b33d99dfeba776ff789c405efe07cac2c484571ea923133d8d89ed5

SHA512
0e0968a19695f5c0cca963bdd8465bd153a1f1b9fbe77c9a5de34d6f6320a38fdeb23c9fba410fc304abcdfe742ff6dff14c7d9e34bf35cd031713b9b3674d28

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb

Filesize
2KB

MD5
e2f792c9e2dd86f39e8286b2ead2fc70

SHA1
8a32867614d2a23e473ed642056ded8e566687f9

SHA256
ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7

SHA512
6a7af0ca1efa65a89a9ca3b8df0d2e24f21d91673c60cdfeeb02d33647442b01d535497249542f40e66e0d2dd3e9f8ed1f4a201fd97138d07a2b71366737e580

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

Filesize
68KB

MD5
6274a7426421914c19502cbe0fe28ca0

SHA1
e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc

SHA256
ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee

SHA512
bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\TpcdMetadata\2024.6.3.3\metadata.pb

Filesize
32KB

MD5
81fc8082d18aaa9836f05de2561df2bd

SHA1
44199a2bc9a65da84eb0e9cea97ac1718e5a771b

SHA256
0de455a6080137e8c57e65a4b14a8f4767d3bdb2a723682a454801f2b9b04c5d

SHA512
5ada4107a28416a814acc9fba9dfc8d1456a4b5c41e698f00d62dce399dcee7145698ac70b6cc860b220a04c97a0f085c91aa1ef0d0250ad25609faa2a47ada5

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\TrustTokenKeyCommitments\2024.5.3.1\keys.json

Filesize
6KB

MD5
e2e2e3b27dbe8ebb1e5a1689cbada547

SHA1
0f173e6f154e12ce6774b006a4cc42d7a680f7a1

SHA256
0af9be189481b755cecec6901ab03e1f41557760157501f7d57570222db5944a

SHA512
e9c6e2d78df50474ee1fd4c01bf05c135dfc180817ba204fa10fe4d7c0c7560954a905244aed474220dd773645dab7c647ccd53fe82896d70f9177efdf6a85b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\47e6c1ab-5d48-44bd-8cbf-b379e5bf3d10.dmp

Filesize
11.7MB

MD5
4143222506b39cf9b13f5a1fea8bb5b2

SHA1
099c9c33b1fad83338fac0631589d3732691fc04

SHA256
c68580aaec72228a5e036323026f4599e14c56bec8d589bcd7ada1e3c9efcf60

SHA512
24992d0dcd8063fef4f2bd760b7028b2f575b524d5d93f1d80d0f733e2b97d010d91bfd758dfce9ffcf6817a950be36c7d51ccb6e22c152ff79c6e37b3e5544b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7c4f2d0acc756b4e77ff77a5557c9983

SHA1
dc1bde09a6f1fd553ca5861afc1d3114f79c7bed

SHA256
08943edd43e62ffd43dfdf1e85655885205fee8bc7ea40d20ba49bcff4dcb728

SHA512
28193fe268722174de41adfee07d807714a92fdfb611f261f3954fa8d9c0b639cf11fec09b12c81b0f44a3ed3a68455c6103aae673ed9251871656362668cd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b965654a863b9113b3ba9466fde2fe39

SHA1
b5098dbda22cf921bfd17f591154d6b96adcefdf

SHA256
5d267333426124b02b947ca5d00967741c1afd0f144fa1e1df17f5b620eaf62d

SHA512
89f2ee01f723b3ae5fb1034a7efea8c994f25e40db1626edf71981fbf0426526df45d0481086f3604f298e1730c3ea943ef7f55e4d280f3ed42000c30f259518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
16KB

MD5
b6bccb44eee52c305e15fc4ffd07f25c

SHA1
42253c60ddfbd6a2042c67ab33669d8f71ca53f7

SHA256
f6600fa5a55813db44f67fca9454794b9cad4350e3df34046d8f26fcfdc71558

SHA512
c9e1b9c1c2357f7624e78af8c27631c02fd67a2f744126d6a5f1cada9cb74f2020eb633cbb81897736af1f1b676b26fd2174eea9ee1526e9971d4255d2257213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
20KB

MD5
7146738b1947d4ac1b95a1cbf411cbe5

SHA1
026164132797e3692e76eb3efa0425376e6c30e1

SHA256
08c65ba7e45ff4776b12589f5b4281c2ac293e9d4c2b74f2e050349fe1dd2ae6

SHA512
e0e4852188337014fe0a02f5a1785af41f2d90b3e03568b13e8753a0ed1d80d82d820615e8475d0ec403fd797308c4d8b0c78fe1c449486dca62c3292b96df97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00005f

Filesize
19KB

MD5
2155f385101771026a23f3dc2808c97e

SHA1
550ba8b46e714011059de97b0f672f0349dcf8de

SHA256
4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1

SHA512
653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
30KB

MD5
e9cfbaf4fe20e8d0372e5bb6bf61286d

SHA1
34aa51b5b6202c2015deb23f8bb9ea9646675370

SHA256
24f25178367c6c0ec04c42ab502e8f5f6d5f7ea5e874a97807339fa946f94269

SHA512
6856a48929d7ef31e9a4aaf25def04be0e558786a1aac5329965e842433ac1046cebcd592183a9d15bdaf8a1bff0833063dbee70b8c4c8097f7fd38be22647d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
103KB

MD5
144854e84da83ffea974a51dc947756b

SHA1
50ad7fa26be4433392808f4e3f0f79ffc273cd78

SHA256
8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12

SHA512
515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
133KB

MD5
93814153531d9a76d61ccfb82b438f79

SHA1
2ff6db75acee71f3c7a4c91065624ef0dc72a16f

SHA256
0c4f3b2fa7d46eada6f118aff8f06bb5f7ed71c4ae620586ba585508715909a9

SHA512
ebe09bfaa439f0358965e7b7ac573b7d1adf064896b41570425b443847fe530f88c9afa1a2bf9654462a4cd5049779a8c6abfbc1e67b3e155ee1b02fdfc4138a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
95KB

MD5
252bf30fd74175932190919bad5d14b2

SHA1
16b7ece0c440f397ef35fc004ff446b286836d91

SHA256
f8a49052664785daff870b685a6b0d3f11a198294c6cd38263bd20d0d78d0402

SHA512
d31461b2d0717efdc4076a01061994b5a31069a499c8aae06240becb755c393ac229f97bbfb522083826fb892cf11900791c411dfb24e1eea94a21b2c2c10766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
81KB

MD5
11c13f5dd2f1234f22bb80ddfede6c94

SHA1
6621865fbe839fc14fb53a829e2cec8f7c020d6a

SHA256
9ffa6d5c42f676dde0ce259812dd37400d8832ea07a80da2f7e77e84585be203

SHA512
31131a7ef5536a2cfd11a3000f080204ee0b6373fec1908375cdfcf179a076ef6ecdba25b6229ff5c9c7de63ce72ed74a46489e24a2df6404f795951d9007eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
87KB

MD5
58c3289cc0909f9cfc93c6e9fef9a7d2

SHA1
1aa1e97016de9b3f2a6a6b6f9e3e6e055a5d282b

SHA256
57550dfa3ebeb4c0c967826deebe838482b3b9ccc4c2ed0d654d3dab90e4f3d4

SHA512
3970ecc61d0fc1be0b43047c7b803aa296f53691e8ed91aa49bfdd28f01922564758322d1807e129ea5dbd841c10b5084842c88fd71c0be28b50085f112848e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
143KB

MD5
e279b5e0a16e5828f623ef1079b67b75

SHA1
3b78b6a493a6e453973f828b615cf13a8e7a97ff

SHA256
46f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf

SHA512
04d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
75KB

MD5
037be85209b3a2e688977d7bea7569b9

SHA1
4ccb99b8ea27d1509edf9edec6979162854b6be0

SHA256
9240079b86e933a476fd2edd5cdb96a3159357a15f30a9834f9d248429c61b54

SHA512
99c9eda84966668c99adf3394f426ea04812f4f7655c90a3110ce1b8ba58906efae0fa9d7b893b644350b83dabdafa27bc97c129a269c01306cdf89039848852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
18KB

MD5
ddfbb8b8ae34524e56662fbc3ec2f86e

SHA1
44635ccc2c499ec6732669ef6969ab26529d030d

SHA256
1746b3c1f4d27e2e7678d1e5311cd4a01083b25bf753950aae8609b9cedac542

SHA512
5af92cbc5ff4d29cd115c4792f3f8669d20a14b39fb4ba287cb341f726986b2ddc1bc0ce3616c4d0e939b9aad5165d9d90fffca0e6392a0a20dc611cbe754353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
80KB

MD5
444d23a7fbf8e53e117ba2e0ab05072f

SHA1
e7a3898ad7c35f893775db6d3b67f00cf6562297

SHA256
88d5672890e6211aa8f8406b0e83ba06f10f83d80a5df0b86d8cf27810868eed

SHA512
f4e75e4675f3d7a476192661bee327461206c562cc7137c5dc45509b4d4b33ca03564e01ae5392b03ec71e265f2e1b51704534027fbcc54b32dc0df67520b8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
47KB

MD5
43938921463080ab6ad15073c1131ec9

SHA1
12138123cf8888d1d1a89a204b6eebe7feba83bd

SHA256
ff2be8e1a72c8b3f3d18f4993b09f5b29bfc0c5164271c381c839043b840f947

SHA512
bcd9bd2442d0c8b169336b03ee1a3a4a1a5a75bdebff7d239ab8d9f07350bc875b06f5adece70d8bdf71a9d1cd02659e5953034c090d3654e2b077616d4d12e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
27KB

MD5
06dcf5f238a9726d485fa835cbc2928a

SHA1
9e2b155d21fd12ce77545679d4f60c8696393bb0

SHA256
140a551143269151e82965407e3f1a3d1281eb50beb3dd92ac1221822bbf0a6e

SHA512
9fabafaadbb75f41179daa1423943ddba07a1a352c69cb4dd67accf0610dcfa78a718a39d6129a8b94424b6b66fd73f0ea11f92af8ddd45be5e0227329795ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
84KB

MD5
83869285b075d128e55746aeb2857135

SHA1
d0d43cbcd35267920acf779904dbf17c95c8441d

SHA256
77557b36215ec57467548d796da7ba35344b012276064e654cf1708f1046e7b5

SHA512
7fb912bb92e50d4c7a18b7a9fd62539c87db55b52114544a024408cb96cea8c0f9a0af65dd439ba211f1150b9cc62ba9a43f3db7e0e75ac5d1d11448ce4892d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
19KB

MD5
856a3daa268de8801e7cfd5b727b6de2

SHA1
8e099b433518980e657c7541c49b498e6b83430d

SHA256
b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5

SHA512
2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
64KB

MD5
9a8ceef2725801e17be5c55b0a7b6887

SHA1
567f8cc2c9704f0f9186e50bb7ed9582bc3ac924

SHA256
c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027

SHA512
57c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0683aca8f50036b3_0

Filesize
289B

MD5
884f50ebb2c8b67080bba5adf47bc5cb

SHA1
9daadb15474d8d197aff5f8f5134900cb5d7c7c2

SHA256
0f38a4716f5bec77340045d3c0adb53f19ef8e2aed42376f12c156792f986f31

SHA512
c4fa6e36711bbd6cb1749bbdae1c397f9aa63ac5a767c266716e234f1575baa0f9801562da42cdeaf94a1ccb097ec38aaa8234d22d4a05754b7d389c7a6c68e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab894f82fa391ab9_0

Filesize
35KB

MD5
fa2a99fd7612a27bbd2398ad9b2874d1

SHA1
543210f02776d507e85858bd836bee9d8712b9ff

SHA256
4d224c7c5c8ccedcd0a9742fc1c80efc7f37796d5fb784cd629fe82e68f1725c

SHA512
8b2b8bb99c0b80c457cd5f415edbcf192a5861e466724402a8c32862ae93114ee5615bb1ed5c6cbadb99f149a4f3d94cb80f043f78c3eafbd1e63319a23782c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d41d7e999c0c0441_0

Filesize
3KB

MD5
1b7b02c395c022b97c577bc7e085037c

SHA1
0085c462b73525fbcc6601fe631bb5647f825b73

SHA256
2d7e9483d1fd6b554bd773ab21e4c8adb203ab515b8d0b17205ec7412877e9b1

SHA512
3b9fa3339ad9a080acdd8eddebe8a84fee17e1227d23b6ab6314621d192fd90d1bacdda6293240f109c63338dce15476c7db7c30d31a60f871905813cae4683b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
09c33a33e81dec63e017ad972b2dc47f

SHA1
bc7b4461862b29f6484f2b0d0678cb0e898a6fe8

SHA256
f0cfa9435db9f3e90ef7728501d06d46c37b50db5d00e11efc4b099edcf3242a

SHA512
44a1c3d2adacad33c4dfed411ec75512a003b3ceacca9825dbecf099cd43782849b91298ad345c292b1ef65c7883dd1b023052534a8270a3c3c9e897a23d7523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e080fbc3ad040841_0

Filesize
454KB

MD5
d61172cb254a5f2b1a8e859e32f5e3f1

SHA1
e36e48619ff975dbee7b8bf9f8962d04f41258c1

SHA256
0e4fd4e9d4b863f9e3d6a81275db91c052b28eedb9b1cd0cda7bae42887c399f

SHA512
e6de6bd8ff203c8666a7d530f7f3fc78b7005e3258b7442a1d2e723bd5c2db0a8d53f5220246124a4f15372a4dd236edff5f26e38cfeb6c9ea1faa6630c46eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
dbb6ad2359d5818180da5884d7789b4f

SHA1
e864627129ab0abc7898a2b0502a189e12011c4b

SHA256
cfddeffc3ba28300e5463df6d101db0c3d524508192ee0a18680af20bcadbeef

SHA512
b8d35042f55cf55c4265e5b2c69727c1ac801cd8d9eaec6ebb05749533dbf1a1a30d22b45d1bd2460a5616e4065a4bd3be63435360dfd01f2f5ddfa1a9f7cd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
582b67d65f861761a250f38c83e2e66f

SHA1
c7940b0067866fda6d0c821ee514c29d0205b88f

SHA256
1eafbcc10bb2a83c1eaa5613e117f8e63b3e4157241e51df53f9635432cd8638

SHA512
25ba626326e50337bb2149bb58915433da8f48715e2aacb58928aecb75f27f7418dc5d89ba8be7eb0c644b3a42556d9ed3f874df2323860f5a95b7e55f8de0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
b97c2e530981198ed96e41a9cce53931

SHA1
9d64b14452fa9926df6b65833287210313f2915f

SHA256
f986db58514c5b3336ba6fce9e9385099a30224e469079af2ecb2d8413afb66d

SHA512
0741072ca680f08d234f14a1dfac8f3f98f058376732d3ac77cf2eeb09b80bd499a401c220d400fd5355684b6ea0eb4bb3b8c320287529671d6022d179bd7cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\000003.log

Filesize
5KB

MD5
bd533b87b2fc96cd8fc1f79ca110d118

SHA1
b8026cb09d78d998c2ab7af8f33ef759e3458585

SHA256
39d0202091bdae00e1344dcf51437e0cc52191d6fbf191952d95fc4f208a4e44

SHA512
0eafeadb4b256ce5c40c2bb463fa14e65af54a783f5ac5cde8c3d613805223e70aa655af2cc2507d8a9490664052b1c3b909098f5243ea25d6861942070ebed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\LOG.old

Filesize
385B

MD5
61adb74961b5bebb23fb3ef72cae5b78

SHA1
03ffba18c08251945be5f5e9da37a27ef22726fc

SHA256
6a255d67688b2a02226889db2c043470287c16676e404fd1043b0c8b260b4883

SHA512
9803e3178c00d6f83b2b34dc3f192ec794163a684d5003203b6f08b237d3210546cd5fec8198adc3e2da1c4165d9b9d276798ee67deabb085cc7aac004b3b991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\LOG.old~RFe5f4196.TMP

Filesize
345B

MD5
97c5b49d5a8d525ed8e7413da6627df6

SHA1
00c93663622e8743de73d562055eeba36bbe1528

SHA256
b4f46fa851694417b09f9f0478eb4f9c46b76e07c6e4a5e8021564fc6873e421

SHA512
65389a8c28cc3ed36be89542e0908adb4731b8b48110693cb1998bde22c39a68ef869c63a63ee3b9c0e6505ea7384a06f935813b78f968f7f084c2c73aaf1730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.temu.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5fde81a8eb62cc337da07ab5af059a1e

SHA1
42580fe0c8c2e045206d8c5d61ba82ade7cebd7f

SHA256
100c4d5078d1674f7a6a36a8d98bebcf2b2dfd24dd21839e2eda2a9e0537979c

SHA512
42583eaa1715e077557b55849c0335e4784a2d54192df5a4e69164b3b9ec8cfc1742e35a9d3f2c33229d5c8e1924e30f2741f0f62a64fe7e46de5a4404df6aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
c128eab708dcb4ae22b3ac6850ffe0b2

SHA1
19ba4f9417cb32d8961e7fc42c556c21c9d82fc5

SHA256
03a64d4eca2cd96035bba1e2242ce4a56430c928c5b6b10f6d970ec8ae599e0c

SHA512
6405eb757e6923c6310fb3ad0192f2ff2aa8acf5e78a0250fbdbd6e297af3d55e34ee78dc62aa4e0c9f7902e20375d8dfa4935e3f4124d3c00eefb22bee542d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
8a71f9e865731a782aa245d4ef474e8f

SHA1
3e6cac028ff6162c0bc65d2164a5482a90d30ad4

SHA256
95c57f7853ee98efa65e8f90be222033a1c96d654fdfafccc920c1c51716a05d

SHA512
8c2105edb7e9604f19ad52e70a92b02ade644e4dbac0ae3f997f5b8e55524ba21bca1e2869aac86575601206144763bf00c4b6c3cd03cdf0875eac6b44f6f2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
31KB

MD5
c27a9868ca455542cd0aa03d74b496a4

SHA1
6f80dc269455c521e4141c64b9ca816b5baba1e3

SHA256
b49ab83213cfa716043ed912c68e10e589c11dd6b46482ffb4d75c5176f4fac0

SHA512
de176aee135ca0a6a06caa89ac47b806f154a316395c09e612b4c244c2f8997d2c6a6960790cc50fc12f8a994c23948538d1ea154124505c063204f1ff3aad66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
6791ec44a11aef339c141fa575a2e435

SHA1
35101d8689c7b57d40a6638499f6fa8115e85cbc

SHA256
fb75bff5093152f3eb35e4e47d5affe6a201b2b53b5a19f79239861f355bb5a4

SHA512
33b98053dba3d5517f4927fd727aba0584218583255372d177ba3035452e8b8b8a2a0c1e86cee0ae09782f5ceabd95554d3b5861168e43a889de6c29dd4e9553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c36c31c0cf79ad153391f261832bf220

SHA1
f2843f28c2491e7d8b44761868588a8d7c9aef5c

SHA256
1b1f42d4ba4afef29e8a3dbeb05954cfeb7abd3e34e2df0808ae74d3cd37f828

SHA512
b244e5aefb427942bd80356740e22b6874deb6ba6457eaec75d5c7e5a9a15273775808de72fbb9fbe97b214a8d7bdc211057e513040510bbd51c2b4e3ba3cccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
825d7b8ddf68ed5adc8a00c12719c074

SHA1
e56ab135f7d4b6f9d7111b574f1398efa5d93210

SHA256
957be03246dca17fd71e8f98f18c7bb2057efcee97a5f6ed81d61dd844273887

SHA512
70c43bf3d5a70aa23c0c1c9e0919eb3ae868aad3181e5f1f0ee89cbd43dfaa6d0ebf5ac9fd5c437a777fab1df445265b0ed7c4f31b7a2db03d72a65db357d2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
0a77805009bfcf5964ab38523688f83e

SHA1
9beac1b498ff680ae94034a2791dac262859cae0

SHA256
fc772d858423a6d8032014da6143989b2c2f817f4479f8357963058f83bebe7f

SHA512
f6840bce8ecbd49df3f076d9146d5b14af5da29f118ba817f3ace8236f210c5ecfb9fd4cffce9b9bafe1658d5636f4285dd5ee70347b0d58b0ff8746e8f389cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
e560291384919a655b481d751fe12f57

SHA1
e82ea820593a9929ece485548979e005c22d2ee1

SHA256
be3fb05d7a104d30fd0a75c0b9b502c4e425ae24b1d6a34786a2591da017dfde

SHA512
0f0b0583d917988483123ff73d37befe650ef423ed6a01ed471dae839a1931577f4a44d7a2172e719376caadd8aafc84326154970c21d65d3904a2977520360c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
f1c143b16ad839424835750d44200ff9

SHA1
b738db95dc6f29b1bbbbcc0378236634fc756abf

SHA256
d42d4665e8e50ff97668e03a4bd3d9499bf5e12fe617ce4a58b9383e0d012929

SHA512
96788c92a97deb849030702a1e33b4af680903599956f786ac9055ba9ec41663998f10e630421e0bd4e11cff2a1bf16b54070a8ef5164dc75ae3aad5b6a3de80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
90d4de33f6fd4101275adbf4be324ce6

SHA1
6de1874bbd6291312bd211ae3ca486756743c4f0

SHA256
36a08d6a4aee25b41b2d998f5128363e25a8979c76075c41abfb66753f0b540f

SHA512
3ef58f1d77d91e8dd66b07c45968738a838f0c7561bc1958f7df158ce5cbabdc23a6f3a2c5c7085aae10ccdc2d13175f5603ef8c1fa30f4508d13beac7fedc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
d88b778dacfd1b908213249f6eb24e23

SHA1
7eacf5de7fdc314b333702d5f0c1b2398e760838

SHA256
a73d99d70e6712f4bf5955be6edb09f253c32ff507f31952e561f67cbedf3ec2

SHA512
b92a69ca05206140b3e624d30f2455e597ac4562f83e665a8432b1c20e878d9c50c96a29155124d3a6100f20b79bd0be5ced2c4a2d46e183adf0e9d14ef0790f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
2364e051361b391785c97155cefc9a03

SHA1
834a71c21bf7c3fa82c597b65c034666328da3e0

SHA256
fed9ef611eed223cd9c9a5bbb21fa9a06e1f7b200b4f806ae58fe04750214f18

SHA512
8df5b5b356b897f488d1c5c3bb401e9f9b44d68bff6dfc9c6646fe70a06190cde28afab96e2332ccb9e7e362de7154602ae2cceee86b90b657ff4052c0d2c6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04adfae14ed7d8807f885a7b4f8a5f55

SHA1
784e287447d0b7437d99a10fce001f0bbc03646b

SHA256
91afcb868f4d110d893751e829a06c6d72d0133d1fe2e8d713da4adf348df54d

SHA512
8466406a62f463de95ba39056c3f3589d278aa4ff0a209c6ad750e1c53568db8000451855b3e685ab6f91b861c60bc0281bd415468b180a3d30088055e9daaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
67ddada425cf8cadcb14cf72f7473181

SHA1
4fc6b8b002df5a34c2c736803ba97e083ccc14c1

SHA256
f72f08cea99aea727e64007b1417b87e782df15ab467157c2cab91a9f58708a0

SHA512
cbbb807505c5c44b9c0bd9cc4391955721d8682a9c6ecc09a4fae5fa8183a975eb2849f452e00d036dae57ff772a76298f44f0d12d2d51fafa7b39c3d123a416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
13c2aae149381258895d1172e52a5568

SHA1
15c3dfa2e4972ab3e57339635a1b64ea51894e3e

SHA256
a95201bb516ee4ca105d20a18d1adba5b8386e26dbe76222a62a363890f016f9

SHA512
35c33cb5e94015ed0f897d324d9b16f2faf7f4576ef118ae971dfb6d22c6c984a7bbcdf8e455ce7f3635d8d1202251cc59f43c6735c0a102fea75ddb19f8eece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
79da4864ddd6900da7022b2ffe991f31

SHA1
d49d2a02c592ec0e5f67ecab5cfbb76c37c9e3d9

SHA256
9280e00c1db355d67c19c3bcd34806822c0ea134aca1020df504b6491432ce12

SHA512
a8300422d8009afb6d38bcc89f2ba9885385df65f9e0573e5dd11c9448b917d2de550cd508e5a0795961e46bcda0168fda0b60faa7b41a45ee4a86b379dacdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c83419ea2ddfecad297b53ab6d6a89a1

SHA1
698dd17716ff3dfa7262447ab8a0af9ac39b9a3f

SHA256
8b09db2519073b022ff55d62e18d0ce54fac8fe7fea8d15b50a59c0fbdb97300

SHA512
ce5734f235b6b4fee7c24f48b60fca04cc8bcc4b94b641c3ed6a21683997b67c77387330f922ebaa85c428ffaabb3008e1d1be9136dd1ec5d98817c819f6a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
37b59fa902f3b3fe91a041b0fdfcad8d

SHA1
6ff0ad0cff6d60064e8682524b23970ba024daed

SHA256
55d6e58c0159485fd164d1989e38d74deecbbf063cc1aa53e0b3f3f353bb6a13

SHA512
f5c5ac3b4dd7fa3cb419c5303b3f8da3fba3d7cdecdae91e608be15b840cf6c30c58798898878ba21d70c3fb868e6305c8b4e114a3fded9e9a1d734be8278ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
a6e0d6fea53be5fc905c70c36488ea70

SHA1
2a4710d0d8af070ca0e174ff78e7eaaed1899a11

SHA256
44754c660d08a2a8f18a6065f4d6a94990fc5c6f814460800720e5775fbc44fb

SHA512
2a956a740c8d3a967b5c70cd482d665396061c533435dc7025587341c2d582a02bc8f556e8d629ed62c9cfc5ae6ca2798b57365b8304be25f1822693fb91625e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
7dca1f5d6e8ef7d28cd092ae0cc42d4a

SHA1
d387a369c4f2bdb497fc337bbc6ac1670df22c32

SHA256
f2ee834ae0bff79c013de4eefd5b92538a43ad72bbbf76db1ed7090622bdf1a0

SHA512
0cb91e0a54fb2d1e988a85d81761b885b38ab384fba5b4735c8fbd85140db1ee5e6fe2785392bab5603a340bcbed617a7f2d463d8c9d7074052d7d5b2ab6fbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
bbfca3894ba6121ceef98a881a77d044

SHA1
b616179bff653e1bcf5f1d19bd9328d2e1074fa7

SHA256
b8c35ecc5e366c5168613f65a93140257d8407f1fbd0a5a91f6d0e4663b2619d

SHA512
4cfb7f34823361418fad67fe247eb5ff24c95eecd31483928339c22ef15c01c9b4643df6d628b3d754e91b81be75f5beebe90507138b4f5f4cbee3bec5320004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
06a540f644ebc942aeebcb1c5490fd45

SHA1
3c14ad11e9e89deb159b2e091c62d19b5297f002

SHA256
5a5f147fceb66b956d7ae1f441eb762aed7d3dbd7e7397938346ae5700e64108

SHA512
77288575b64972745a82c4134059041978607de5bf163ed71779136e95b18893a4a3d9aef391b6f46b7e010f58c469ce4db59d9afe5a39a8d0d8accb46983da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bd34f60162bc633a8fcf14f14a8c6b99

SHA1
2fdf7fae26e0ffefded47a1e902611a3061fafe1

SHA256
d7624665a9ac2ca5db20949c9631036133bb32c73674346af91c184deead7a9c

SHA512
087a08ac9db9cfa4746b372ad819e55e1359b9aa32b1c26e1c18c831a0a9abf7220f56a0074e4e96d4f631b72aee5980002281be9726318473e33d082e355eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
febcd3550b8371b2dc22f49eaca00824

SHA1
7cf0b4ac165dc83504a3132636b10d9e583a627e

SHA256
1f15a6bef63eb0877878740e32b6506a67fd0b0e75cae8da3528b8b7cb144bb0

SHA512
d15459024b03c392fadfb778e4829b7547384ff3bd0dd2bb0156eaed400f2f5311d7c9365d623a530b7ac16cb2214072a0aae650f12776966914bd5c27fb2702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
642d1f34d4bee213405572fc09400598

SHA1
6cc636e5dad1e341ef6920b8a0b6d4f08b877afd

SHA256
ec36073217eea9f1d8e54931c9df7a7d793a93db24eed8941cdf9c9c339ca46e

SHA512
9729f4e9fa776822857a7b3d9015571379d4a4a6fbd565b734ba30c3e66c0f68d03527b81343b22927318b8bdf68cb445795a1393c7ee33a422c2d7a752ca65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
728b12a583d652dfae70aa769871fa55

SHA1
1513035ae183fdbcc34d1f097945b473ad568ebb

SHA256
521210bdb49f19e361df2eb5e2663665fddf1cd33026c904a7fdf962a57ab547

SHA512
6372b98e60beb292ea50c972bf2a8dbacc402c2c884cf48e24b274f03733c471487cf1c79f8a915d1fdd474bc696dc3af3dcfe95acc3c0afa656c34921e38929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
ee25c91f72e59dbff27107d007ec0067

SHA1
ca013057d073591dc2dc7bafe47e57b2aa6a3dc3

SHA256
273374498287e06d1457cf85cbd9c97908a9c75db8f76086cbdfd67be39b95bf

SHA512
dccc37789d943f4c78de175d92701a01918d2ca1cae91838e66dfd93212f72b2fb5f95da9108728d7a99040c6b48d770a29bccebef86bb43a76d0604b2682308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
5c299fd998d7f5494791f8f5e1844f4c

SHA1
d967b1264f8fafd15e7faa6ed358ce41513077fc

SHA256
fce2fee0a5dffffcecf4cfb2afd4dc384f43988b0f96d49b095af393517950e8

SHA512
0be1c5405496dceadb04d932d3b043a7570404a57430cce09b4550d387d8856c6f1864715141cfcee0019d163801eadad7deb5f7c2550a9e1ad8a8ae8b5513eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
042c8f690f8c52592172616b312dc0b4

SHA1
11fd3aed803fa26dce2cd079e1d0e385da2fd7da

SHA256
3f96b9505235568487fb477a2970048dff1c31c94cdbbfa1b09376ed3201e220

SHA512
a7e621c64f059e5065b6ed9fa82eb2c59d3c1f34a6eef9593da9ee884d19e24e11ab1e92339a29522f7573b2397c5bbbaada9234a8b9731cc280d6a76b304ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
3febb9216d60c1517306d4b2acce9d7c

SHA1
759604a1c97db0f87e558e315a8c9eff26275a8b

SHA256
5c6852478084b94750963360238bffc765cccfa54f294c12a7756cd5a75269d2

SHA512
3f29a1e7ffdf2b407dc730947bc95f830c4a5865032d666679f0b7b2942aae356fc06021d1dcf98704b37bda32fdfadcb1434ae5c82ea7959e10063df208312a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
d876aa037f498b16cce1303a272d6c64

SHA1
5ad33df6090fcfcc3a6cc5f7053dad8e04e3c9b2

SHA256
1f9239623facb7b46c46819450a6472de0dc472f2f059a38c58ef6e711c011ae

SHA512
0fa49ff266cf2d8d81d2a863e48bc338e0f29ade111b203188d6d04fd39d18d2a83e3ef668c31a7ddc6a3273dfaf622a814421159e48a09a1ad6eed9bc9aafbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6f09b0e46a649e19c70bfde6188a5cb9

SHA1
105dad9a65dd424397507aedf39645970e27ca86

SHA256
0db90e2cb283d15b00d099eec6c71f754b7855f6ba22f3347fc5654875bdccc5

SHA512
ce6ecef6d545882f65377adbc5cddfc737363030b99ab4e12a3158c68928d8f954aa5d26998964c7a79401ebe27c03d16c85ee25933d88ea05664ba0ea1a7568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
fc880bf1f76d05014e6008ee53f64b96

SHA1
d4fb874a1ebdc6c38b719324d16a32a0e8016255

SHA256
072d03084c805d82ad24831f2f2124c8eb23c5f445286cd595eb3cb6c90fb2d4

SHA512
69dc4f137bc45e3ef18d3180983f5e89a1b97175bbf6cbe9d226a35ed612384a286a0c5f7a50ca21e3de38ffd81c2ab240f80812525223e0910e5841d87464cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9c0bae8d1dfc7667fb9fddd5828a5c79

SHA1
6281cc6a19a48cb3830cdec51805d2eb869703ba

SHA256
d905784b85ae45229f31112b1859686f71f48500528221d8b71e7b7d7c40da72

SHA512
a3beddc6b7ec7d7f162b93db96bb7904ed99befffd5df9ec8fb4f5d17c80dff251c5c2f96088a8cbc9f50231997644fed497f135402a6b261067094a2098b571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
4b1a5ace252c19fb1e6eb6be54930efd

SHA1
c6d2ba256ad769dcad4a8c4424368b5a4b5d2410

SHA256
84f3d23dcaeca24e732ec7b03950d6b4655baca30f6876164a6aef2537eeca9c

SHA512
d1ac1664164b523ea9a8826342330a6c968d1d5335acae161f010442fe4f6a1b5c5dbf68e4bb48ac1236f8c787f27b685955851bb67c77f2e0a210e37e691944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
da2723a953074b9f53fb94daacdfa98a

SHA1
e0f067f57015cec986877118abed0f40c0df73d6

SHA256
d6e92bb8488a4090e086ef6d13d436902057645b3892bd1e1fcb15b374903107

SHA512
285574b8887e9f4e48931cf4b85bd328b3806a508aee1fd3fcc9428098b7658c9d7f03a2b7a1a6de7bc808355f275f9b2a7745016e034f77ffd30e5775fc79f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ff289bc914384d8649d327373771d0d0

SHA1
482c1a94e085ee97baba08fae131169744158107

SHA256
a06f282b806e97e7474858b959fabf14044bc83a0be51f03810386c16b6cd723

SHA512
5de7c85f7ae6826658fe08771f9336e6abaed3728e51462e859eccbc362f63ddbd9526bcd0e72fd9ba498a68f3ebe0bb897b3c83ae0e6cdeb891fa5e6a58b1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
519c3d985fe29980d7c3c472e2ff9f29

SHA1
1590f047e022808886241a0bf6c2eb0d1a7f6064

SHA256
451ae85963ba89d1e926d5e45d8dbb385fd5cc7214ba48b09eabb73bc6e722e1

SHA512
0a80f29c978e6b6754923f11a04130964e1b68ab8cdfe32d9a86ea5a96d80737ba0864cdbdc8394dd8726c912bd5141f5ecb9b1cd24d063a09c4d485ec98b8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
efadc88ea6919114f24db0f1e558ff0f

SHA1
42849149d635d444625093607be249f0fbdc9a13

SHA256
3cf40db9328c0b614ea63cd785b021a7b9a71225689ee027a077db514b2d5f2e

SHA512
14d6fbc9f1220b10951ff71739b2a06508d2bdc8f46a170a63d6100789d1d1adce75f45dd53c50be8ec245782bc503ba23a885acb9ec369127b377cbb52fa82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f918b54b1b7a16fb712c8437feec9e2d

SHA1
95792b0997f287c26ab7bf1837c72028c4d60aa7

SHA256
f2339aba4afdc54dab340bf31ebf15e00d461e9587a376fd64f53e66de63944a

SHA512
ff401e955396c6b9563ef6e9a074570704074f35ad3e61e1fc0d8369f370fc1176f0cee6f3fec6e6ee047d43fbb36b1a55836c22663f49a0ac173851ba005f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
e7977bd8c2733230393d5487cafececc

SHA1
ac60f6f8bf69be04ea5970fd5a79048317531992

SHA256
18bee7cae0fc06e23c2ebd155b8178ab21cf7b54b3ccba74b5950600fef01f8a

SHA512
5f1372a5a9b03df3a9d9382980109a3ec8848a7145eae29f325af651286dcf10bfbf9def271f030c10dff331cf3b598f0ff9344a63353508f77660339e9fa540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
4cce4605d3b4dc7db4fa7eeaf8bab69e

SHA1
3f614ddff6ea3b203a117adb0fb49f6c16edd9b3

SHA256
663d67a6a9fea953414af5487b38f27fcb3e2965a6d46666b8e4a70ae753e6b1

SHA512
337d37d9c7f37161226795973fb48980a1ddbc0f543b8484202ce285f3e7f636d9b10924a15582ff34e9bdd378659d0e0d07733c1ff933a934153bc661e171fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
f5d6c7af225367173b6dcd2cb51da9c7

SHA1
4c039f1c95b65366da9bfc5f8dd6eaaadf3c8b72

SHA256
d479e2fafc95efa0a0390401d258af4b3719ef86b8770b6cf628008b324c4d9c

SHA512
79276835b1b3244c50bea18a61a1ed9f93e3813f07d5a1d6b106a7022406e22bc7bcd04e9545b15440d383a069c7b6cbfea506dedea58bcb5af6a7910f8c67cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\0bb4acc5-e3da-4140-b74b-ba1211f30ef8\index-dir\the-real-index

Filesize
120B

MD5
ef2098f7fc32a10ee16daa992b16e6ee

SHA1
549d118d419058583f47a551009160b48e7f1195

SHA256
5495ee65c93c86cd10753975c0ce6313b1159e8e2f2a316544cdc9beafb1cb96

SHA512
342fbf41700f2d2fc68e9a4a3dde648e378e9a5cf23892e60e5e2676397fa2001d1be690d11de9bc9bbb137bd6205c7450ef2317d103bbef196dff952f4bad4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\0bb4acc5-e3da-4140-b74b-ba1211f30ef8\index-dir\the-real-index~RFe5da51c.TMP

Filesize
48B

MD5
ed5eeac759804ac93c8286f25eba0936

SHA1
61b7ee973c2c7a7a7962940220a286aac4965140

SHA256
d992b67efceec66f052f42cb281b5369abe86a50e0fd87ec20bf8136f812cdea

SHA512
8450c7eb4e5751dfc8ad1366502942ef92b3994af7c4b41c4f1615fff1198fd167541f0e650cfb8a688d9e9e1ab2b8f4bcf38834f1cc3d74f0a02e3dab485d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\40bf3d2b-481b-41b2-b8c1-df43d7b9b6ef\index-dir\the-real-index

Filesize
72B

MD5
8ba2c070ff70f66bd02a7308de822d5f

SHA1
0a475e9fae086eb76ccec006d23f5bda6101aef2

SHA256
59a2e8072683f7c3ab0d7c67ab952234ba049b886989bc4154359e5f813df364

SHA512
270a9677a65d399d9cf6702e3afa9ac9d5887c31db607d4a0f98f9b15c32d61e50aa4db8258581eef67a09c60a6168963c4add5a603acc51be17f1c04f2fc13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\40bf3d2b-481b-41b2-b8c1-df43d7b9b6ef\index-dir\the-real-index~RFe5da4be.TMP

Filesize
48B

MD5
843572676323a4150ae9427390047952

SHA1
f9f95785d85402ee0e0f0f1f85780d7c083b5f9a

SHA256
5d5d6090acb119ccca702e00ce1eb74cf515664a95ec44ba5430c9f842cb93a2

SHA512
c89d784723d98b1a615e1de5b41c52498ded74025b5a15d83585dc0d0d9d3575426d7a5f8e21fbe4bace31d64f0208f52b1cd39a25e3a8602717968faafd5747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
208B

MD5
17e33c6c8d350aac5e7afc39f49cb291

SHA1
23e2770b6595ccd24190ab875239748654c27e65

SHA256
72183bd3bfa762ee12ef64e2a67d39b4f45f8ad60c98c7b363abfaa9f60f33a3

SHA512
1302938ca0911673121ce4cdfedb8611aabcdeeadda84cf186c98aec5e874961b4d5b8ae83134988cc3f4afa76927770f6bc27d16fda54a0a7f73aa023fa925c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt

Filesize
205B

MD5
0ce5748eb2a87f5ef051e6ed5c69f5c4

SHA1
441bde13471ea057a16335895901693ec0cc7757

SHA256
e82c97a7c137d6e2a5e3b764da453c177501e1816980396b1443e7a95121e7cd

SHA512
f73a69c8f6204bc36fe73aaa8e63abef2872fcb32f74bab22289fbf694f1a64878d3822b0f0ec384de3dae4c8c13527d254621291cf2cda95cfc958e3e758e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfaeb59486396eed9d92017d1b603e59ce130a62\index.txt~RFe5d5641.TMP

Filesize
119B

MD5
f24413a46fcef5002bcb5b8d166a06c1

SHA1
23ef5a9ebb74d8dec2eb02367054f8a946ffe55e

SHA256
15f54e6a3e3145d2606c03eb2a050db5b0b22d86ef349e92939ab1a3df7a4903

SHA512
4ba845f65930ea482b8193737529022be78a93b5956a8c32527221fb8d488d8575608d75135488b3df8f0c13e2b5b8993c7eb5ab79df3a52b437a7e16530dbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
165KB

MD5
b259da03e48e0addd5d0bde5ca0e2d12

SHA1
377c46d07d267d4b3e215a759a348fa33993372c

SHA256
0551d0ac7fb2f87a1253da6d100d3c47663edd88910b8f89b293fcb33188cffd

SHA512
971fbb259cb1af49ae41fd4da0dee0695f12fcd1493aa546771fe367a1a2746f6f570cb35563a2b7a97978bb417707f06ebfd609fe9ca0215b5cdf03b10160af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d07787c63b862d2f1077160e1ead49d5

SHA1
003637383748beb4041d4614d6f45bb0e9c09941

SHA256
9a6f09565e2a6eb44c628857b4c8f2b51aad9792893775a7b7961a94de641974

SHA512
9b266b84375cdb14483c9c515ebf3e973a9c2543821d44d87f0bd7b0fbd4b2e6d76ee3309bc4934d4c1cb018e6ab12d0704c6fd97a300f016b1a5398143b1c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5da413.TMP

Filesize
48B

MD5
30e6f823878d8a1b29e94654fb9ad9fe

SHA1
6739fffbe8b36b6b4b1dada1066c172c76942d67

SHA256
ff47066b74d5dce60514b4e989ab657900a074075fe43631845b019fcf1c3b7d

SHA512
e00471cb340db28c46e89c36c3f2c308f8338cf13efc0f28a8da7d5ee4843e7f86a4a0f02561c2c0a5940d2d6effd7411f4297e7a24e3094ad8cb18867048699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
6e4b971308f49783eba27a8ab1697dd0

SHA1
6c928717be4d11e8b83a0cc88af5f22429d5b06b

SHA256
6f1a4bc75f792d905075d58671b472984899cd8d709e9813dcecdd0a71ff05bd

SHA512
8f31563ea0b8d126bb9d1b3f33078835d71684f2ecae1a9b93394d79ae24b8fb559cafba3b172fcb6fd620e125ccd05eef22b37fa0644f811ddefee17598b9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
98KB

MD5
dc1fc40e087372f78205bfae8408afc6

SHA1
4205ea3673ce4b62ec580435fd07e0105b809a8f

SHA256
7ee3fb5a2b17f7f28016da3e0ad0f794ea4c6603dc6ebbbb9bf0dee24578c72a

SHA512
6b65f871777fc40bf7ba748d9dd75ab21f207cbb9006cbc9988b3d002aa2f86bd10dfe4913c4c0518975d553974efb96bb3fa07e983ed263f00ef9e53b7f3b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
a83b37319cf3e39d867c2bc1afbec953

SHA1
cb1c49e7885a7b3d0e2f031b40ba6fcef7cfe20c

SHA256
6cc7324c629fb2b05484698a108b04ac6d25bab1f2d43a7c1c3af4b0dc66a473

SHA512
f10ed479a9b264206773080d1f065e42ca812c9c8ead8db5e08ae61d61993490ea4f930dd1702d711dc2ff8bb2982b625ebe8340bde609500f2f839297b11b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
76a73a653e52f3e5d17bee9fd3c8d3d2

SHA1
26eef9dadd0ee492801fb379cb47dab50fca3a33

SHA256
9393702f07f2cb0bb0611e4d29efc0fcd797681067692cb8b720e399fc708d5a

SHA512
8295b39669d9573ced089c128bd3e525c483ab396f6d4493fd519e9f315f4155bf703e67625dcc6f1388a2ee284e78b3ee5727f6345c7d99ac5de395d5b64dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
88KB

MD5
b9d83acd3464495d9262038479e9b001

SHA1
5bf820ceac769c209cbb053162f2734c4d4e9947

SHA256
d8f87966ffa459bdff22de4c08830c255edbc904e06bb648f08662d9c7e41348

SHA512
e66c1c167a5bf0a8f663094d1fcd38bf5ab88d4ca9f51cf44e9667c16866bb476824f2f833f45e0df8b9bfb3646cb7cbb6018c033221b3709a6115a36533e064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f1bc9db-6c26-4b94-bb67-02641e77e583.tmp

Filesize
936KB

MD5
79e1a051e0bb64259538622f94be9988

SHA1
9b53e95bdb4a0923ed84a69972dc7168bc2fc942

SHA256
5bbcdbe935746ee78233c06331293ccf7a62f359cfd2d88a910cfcb8d9ec65f4

SHA512
6beb6aaf5afb4b5f36cee371a149ce5dab8a4553446553a1341996affe10f888f6ec2de19cf3ef355552d71287844fa8cf988d90bf050008f4a7591cfaa31511

Download Submit
C:\Users\Admin\AppData\Local\Temp\59d54aba-a2ae-4172-bde8-0eae2535c454.tmp

Filesize
2.8MB

MD5
f75cbfbb5eaa5f46574955ed6651da78

SHA1
4ce276c03898e57667b401761fe1df5f11304a68

SHA256
643962e7cc16bb8e9edbea5f05473764199c7179d06a65bd88a0d101d1d5a9bd

SHA512
287847c5caae39fc80e90ae105a5fb0c9349f402872721c599eb9c9ccaf171437879f0ef8bdeae923bf4520befa316b60acd3e975caf8496f05dad24e1b34e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f5ff2a1-2845-4fd8-a363-a43bef239287.tmp

Filesize
2.2MB

MD5
ffcff8e2ba102530ce54f9ea1529ce48

SHA1
0d3ebcf3ca535032d825b6a0c5a4c5e45733033a

SHA256
bfaebcbdaf420eac93d20ad94680fd13fa391bb8d4f7a29603b5172628fc093f

SHA512
e5c8aeccc919a8b07442bb291b1da38a0f82f5a1352b8ac1edbbf9b471675b92cfae53d118c819ed32dc8992ef8efb943e8ecea73d28706a7c88b8d83fd025ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ba733e2-82b1-4eac-a17f-235517ada772.tmp

Filesize
1.3MB

MD5
06d466a1cde4306356506b35153c5ebd

SHA1
c43850528e8150e1f0e253653d2f0155d00585fd

SHA256
6b1205e9b435c6241ab9c244b1dc3c309c1d82211268501e71e43c4425fbf590

SHA512
5d79ae61fea7097ddf4b5f2c639ddd1ebdffb7d0e69b74aac47e166afbe94e88e3a4dbd1cf34d55c6c8b0fcba3c30b676c8460b120470c17278caf22896b0b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\ba9777c3-43e9-4ee1-9a47-cc1954730765.tmp

Filesize
1.9MB

MD5
21b06e448a0bee23eb6b80dfb39f1e82

SHA1
d60b3a9021a704247af4ba58bd539d42f780661f

SHA256
3cad9f24f2ec2bee7bef2410ef713924640bda964e865096db6dde37103481ba

SHA512
9678b1302eb289f04c0fad0a60455da7d24da4bb72177561f8668f0995d695485eba915bb222d7231a8188ac6ff3b4b0ffbbfe3b725b9c0112ca6af9465f5709

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb01daa0-3063-4237-95a2-2f4e6b2a9369.tmp

Filesize
71KB

MD5
23905ea78979b66c6d307de1ba55cea8

SHA1
73c187582cf3a843367751b565180dbdd88498fd

SHA256
d3e2dd4dc06d3f0feeeb44ca24cd60d076931ff6c0ac1692b509f40f58d8595a

SHA512
a32f59e91c5be60eb032f33a5ff799e125143e9da4d93ae0b57abdd80b778ff0001ea28d553a947560b54b9d214ac96e5d0ce98d36d655b26f1b6d4ec64dbeae

Download Submit
C:\Users\Admin\AppData\Local\Temp\ea9025c7-7991-492d-8a6d-053a2c41419f.tmp

Filesize
90KB

MD5
65a028a0d2831eed0228ecda4ab9ef2f

SHA1
86d5eaec3e1c7ecde3f37ab36a017599ddcb2138

SHA256
5cae2b06bc5525e26e08cfaa43be7a5f8df88053397676cf81a5402a1ea0059a

SHA512
edad812dffcc0c8b399d3c5c216973bab2fe9e9dbc0d2c6efffc8cca5f1c58e126b83046c4c90febf003f3afd3d3c12c9ba46ad9d18975f2a6c5094643ca4f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
9750ea6c750629d2ca971ab1c074dc9d

SHA1
7df3d1615bec8f5da86a548f45f139739bde286b

SHA256
cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c

SHA512
2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\AccessControl.dll

Filesize
26KB

MD5
c36eb8336b91d277dfa8575eb00d6364

SHA1
9ec81b49e7675548449e010950bc50bff7cbc960

SHA256
4336e05960fee8c775b343209911f14acbfdde1e8d5aa9d1f0ea680fb4407307

SHA512
0abe6e367d1c934fec8a89617b5fbfea5ab7f8e557ada7a667aedb495f637c8782a2f4723c2d68b9edae4f426deb5bbc0536f643fc65ecc2cd33295078474394

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\CR.History.tmp

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\CR.History.tmp

Filesize
224KB

MD5
992e163ea144d93b905d0a691b237fb1

SHA1
714b80c8eceb0aebaf2d781da9c69ae01c9d9095

SHA256
0055bd318874a129589bc5dd76eb26411c5473ba2b23ac641af775b4cd5c1db5

SHA512
2e62ac511bb4b99750f7fcdbcecaa35659556cc768a4a9c250838f2e303a341eb2a26e960d9775b9d0a39b9f8506fecd45aaa6af441876b6baad5c9dfd8c7343

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\FF.places.tmp

Filesize
5.0MB

MD5
b8787406d75f708bea34db2858975817

SHA1
c0dae8260114f0bb658430f8b80e7cdf64ac48a1

SHA256
fea0554d9d780ef4835220bbbf16cc2fc932d5fba36798dc513c20af588b903d

SHA512
1d689111a9c091f65acc635661a826b21380cd4c3b6966458d75988d8274eb60edeafe45ef39b193050d808629129c0be675e1bca13e695baa40b565b24b95f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\Midex.dll

Filesize
126KB

MD5
581c4a0b8de60868b89074fe94eb27b9

SHA1
70b8bdfddb08164f9d52033305d535b7db2599f6

SHA256
b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd

SHA512
94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\jsis.dll

Filesize
127KB

MD5
4b27df9758c01833e92c51c24ce9e1d5

SHA1
c3e227564de6808e542d2a91bbc70653cf88d040

SHA256
d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb

SHA512
666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\nsJSON.dll

Filesize
36KB

MD5
ddb56a646aea54615b29ce7df8cd31b8

SHA1
0ea1a1528faafd930ddceb226d9deaf4fa53c8b2

SHA256
07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069

SHA512
5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8FEC.tmp\thirdparty.dll

Filesize
93KB

MD5
070335e8e52a288bdb45db1c840d446b

SHA1
9db1be3d0ab572c5e969fea8d38a217b4d23cab2

SHA256
c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc

SHA512
6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrE5BB.tmp

Filesize
463B

MD5
11480836741896f0a32c6d56db5c2130

SHA1
ba12af22fe651ab1bb79401b3f3b680f63dc98a6

SHA256
66ccb25ddd4a9bc6bdcb534fb6332ebfa5d7c4034907e7b77e2d27ce1e398199

SHA512
6bf7916b3b81cd748f966e36953dc13309082d0b7464cdef7945c25e0d8539a7129c12c1c8698d7a6655b9857d3063f23660e5efccda279a329a387ed54fa5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7426.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
bd94620c8a3496f0922d7a443c750047

SHA1
23c4cb2b4d5f5256e76e54969e7e352263abf057

SHA256
c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644

SHA512
954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7426.tmp\StdUtils.dll

Filesize
195KB

MD5
7602b88d488e54b717a7086605cd6d8d

SHA1
c01200d911e744bdffa7f31b3c23068971494485

SHA256
2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11

SHA512
a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7426.tmp\sciterui.dll

Filesize
6.4MB

MD5
f40c5626532c77b9b4a6bb384db48bbe

SHA1
d3124b356f6495288fc7ff1785b1932636ba92d3

SHA256
e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f

SHA512
8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2164_858682754\f253161a-8fe0-43fe-9e80-9d97a8533fc2.tmp

Filesize
839KB

MD5
f50e00df362d5a597b9e7f549df2587c

SHA1
cf6aafdc3f25bcffdcabd3a5db2e40d1cf42dbc9

SHA256
1518106d36a5770684ce0cd86279e19ee601225d9222f7f555421990a130eebf

SHA512
4691ef983c58d2f027bb0a283ed0a3b11da972588c4c4ab3462fd2e4546f0df85ed1c1f56a481cd86470e3ed02ee8859f22bd04c75a47ce1fe5cb5c983e64577

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_1166762769\CRX_INSTALL\_locales\en\messages.json

Filesize
6KB

MD5
9764406c182b5e377dc9e8023968e82e

SHA1
53999b0d5620d8e80f357edf7230560feec1d40b

SHA256
d8254fc7b70c9f3f5e16176f6bfba0fabf44e10de59b4a32ad53a5fcabf15b2c

SHA512
5b6595aec0cf73c52bb74f5b97ed92cb21fa68649911027328dfd89a0445d03bf26322fc98e410f9eaa748c01128058dfa55ae912ea5b6db6a73a433327efc8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\_locales\be\messages.json

Filesize
1KB

MD5
ab74027d0eaa6447c64c50c29168ac28

SHA1
a6e65c6362c4e80ad2b5f28f8a6eb377af2938b8

SHA256
00ea40f1306a99eaa642e3b613ce277411d53d88920d5deca5b1d0798b51d30e

SHA512
055c2bdef9f06a90ea2d2b10cf79318ec9c185fc334a70d8cf4551cde947958f5881c3a50c4b5715cb3a4585722b92bbb4a5f59156762bf819c0e6aadc5bdaff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\_locales\en\messages.json

Filesize
1KB

MD5
001f612251bd4eb1f259522a4aea5366

SHA1
8ff5d37e52ed798f194e6be9149b4cc466f655ef

SHA256
1bc874db115267c117d0e4b23456a76723cd76cf75570e88c191903a8f19fd97

SHA512
09ae93b2311d1d60baaea017572da0cce5e1816104aeb1764faf72dc2052602e73e326a6198f3bc82d2e22b4ecdd7f81746c375d79c0214768be7eab7b808b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
1KB

MD5
70c7984777731215a65a737b98c49dfe

SHA1
60da2b4e5a80334aff5cab61d67fa0facc62f2f8

SHA256
fbc68d0c4ed3346ae2a84580168d43b8ce12bc97564e04131ce47a0c3328f1b3

SHA512
2609a01feb2f4aac8edb180d854dbb5c93e9b053791d2bfe9c1bc3d7baacb8fcc75c0953d7e150b2203ee1a2f4e65fffdd281bcbfc2fa29326576d7b887052b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\_metadata\verified_contents.json

Filesize
11KB

MD5
2bdf4d8c93eed2de85525f1d49b9f427

SHA1
7b2e62fceca17a6f3167b0bc6b13a9284ce7dc33

SHA256
d6b8ce4560018a0ea71c49e2fd9e539e2ea2fac775762d14277d55e47f503658

SHA512
4715bfc6e9ca088eead36c2420476a5f0c5cf22f69d3895cd13a4cf25dd1208fa329ee3149563f2b4c4e9210d3feb05b51380ea946772ea9fca4ccc999b8cfcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-300.eot

Filesize
20KB

MD5
2d728b382ba4d5774b5cd3c985af6e63

SHA1
f9f17bb74029bfe8a12c82f1a528da926e78142d

SHA256
790fa6f6cdfda35b03950836a557d186a65f7c50cfbcafbd15c2fb8004bc11cb

SHA512
6845c0ba03c194b63aa3908ddfcef66259575c346ed1ba0b5662a3a08e8e3a0304a6f49ea9ecda12e4c2e0cee899c1c72ab9cfa15426b8506a8749e98bdd1137

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-300.svg

Filesize
53KB

MD5
27ef0b062b2e221df16f3bbd97c2dca8

SHA1
1183c2939f6cad1ac69dc16d4a0b943d546e4b2e

SHA256
74df0c40c70eaef5c8fa9f3323b60940931240a3ac6b1623fdcafb1c4bed5185

SHA512
0eaf53651f23745292e64b346ff097bb6fb0294e351a4701dc304541de65926b8b8d7bb5de8b8be5ae8279a178f4f977a39190ae29443acdbb7819881f1fff64

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-300.ttf

Filesize
39KB

MD5
8c3dd994987820cc2b171e629be201ee

SHA1
39d6e91a35dbc4b4d588e400b0d20923ddfcfcaf

SHA256
b5f97120805971ceb303f56728f4b940e88a0b0ca8a6185b9561613faa510acb

SHA512
fefdd89cf660e389a573d7c576a788811eaea735e23153784ff718cabda78cf4624d0c273e43dbfebbc2325b5c0e5e6f3e7cae09eae55d8b1d6eacb2ff4f722a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-300.woff

Filesize
23KB

MD5
3afbb2a57bf45e649851c02e8b8903de

SHA1
87af1ba8c716ef612137987d750b2a27ea17c439

SHA256
19eb6a474121fafad38c135802d788ebe347a0e1f9438e7e24477e52c458df87

SHA512
06fdcd6c03a06d270fdbfaef3cab801b9fa8429478c4e99e11b02969bea293e78181a64facc6e853cd98c5656fdf1b739466a02fef545836e82b506d05bf332b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-300.woff2

Filesize
18KB

MD5
83c3deca5df9e979b477c60c55772d98

SHA1
86332ac5f59a4f86a4c736b1b923a4a904743750

SHA256
a6c5ec600dfa7ca47ad224a89eb4b5ae06797927da4a03e54bd105cb1cc482ae

SHA512
6de271d508d7a7a96a21092676965aa1a3c7fd5615e70f36debb8662e4f92b03997e87a5c636f9f63a2afad0dfb4d2f3e3f54b926908fdb2d4ade616de9977b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-600.eot

Filesize
20KB

MD5
1d509ef7e31a881f30ea87aae524fb10

SHA1
9682d47dc55e2f2722c939524855168ac2ff1d8b

SHA256
41cbd2cce0e80cc929588af21c12ebcfb92d98ef90d681899c4a2d275818d7f4

SHA512
03b7992b965977602a2a301e46d27fc6cf41fd2b8c95afc733212697f5ae155e15dcfdf3100274a7085b551e6ad465762e77e40f228038b0af4c42cf67f0dc04

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-600.svg

Filesize
54KB

MD5
e16f375be3c2a73b58255a02f6d3a9ce

SHA1
acc429c1bb8c8748b9fa1d00722401c8d8a8c007

SHA256
4a464102b4370f93e3f5d492dfdabc3a8d7f8052cb817d4fec0542cac04c30b8

SHA512
fdfa163b25cc25042cb34159cc357e3337b32630643c39bdf1b37a13c486ea3c02293dbcd2be790b25438e6f116566adeeaf7b437e85ae4cf410e117100b767b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-600.ttf

Filesize
38KB

MD5
5613b984da07ee40456c6bc790ca2f21

SHA1
acec6c48759b9a14a56371ae0027c1577f05dec9

SHA256
8d0e99cf50d6d7ac44bbceaa8062697392b9f71532d8e9716ff9cd2bf5a78103

SHA512
7f65f9f5574b2a8b1f35f3e5636f8d6e20f57137b878e143e092739dc585518cf2bc4f151a171e952d48d038b1fd0b44f703acd7f20e33c88e45e0a02efe9674

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-600.woff

Filesize
23KB

MD5
d90dc5001b28fd92491e2240ba90fd91

SHA1
c50363443e57440d39d47e1c126e38785e24ff7c

SHA256
d44d59ec2328d3dce4046b23380c9f9506db2e31a99cfa1caa207d41485a5cd5

SHA512
63279222a2d6d7a58958ebb9932ccda537d1e0ca008915d3a1fd5dadd35e8102cfc5fd9343d9386ac71c0f5418bda2d022d52b8a909f60d410039fad4dcaf46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-600.woff2

Filesize
19KB

MD5
0dd0a359a053b2b5bb856a9580da9780

SHA1
4f8481415cbf3e5900f926e0f1b2822ce991c36e

SHA256
784a7423298c587ce89819cd81d6e225877b32605b4b40eb3ccafb3f3f3e5750

SHA512
b7e09a097632e2c1a06eb08c7610b715bd2aba83e35468ced16256de4b96acb113f1946de74998ed1f246ce8e8e8f2a7a780b18aca2e0b56130c5c087e127c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-700.eot

Filesize
20KB

MD5
e5abc8bf8bd5635024706adffbed5846

SHA1
cde58bdbef093f6a589a69188bbeffa23708291a

SHA256
602e36025f912400eb552f0f522bb8a75e9e9db6a825695c89dcb49a5828aef9

SHA512
fda634368a61e4c22a0d8cda09e0c94feccf1579a9c3d20d2faa8567422c4a44ef9ae139a5efdb05619adfc78d2f6f4e5ebcfed40e7a0beb9ce0117eaf183a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-700.svg

Filesize
54KB

MD5
2e00b2635b51ba336b4b67a5d0bc03c7

SHA1
8338e3159cc9c5ff55cac72674afb7e90118ff19

SHA256
7e40ecf3b9b2ded5a267a3fe330eda6d71c10a1fc716d12237812322057411cb

SHA512
60979ca59776caddff6cad8d391d8191aa37f838f50c2c1343749060e88aaf40db8216e30e6bf00ac164be967a12c0221d72b6b60416cf455a15b5501ec4d969

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-700.ttf

Filesize
39KB

MD5
81ca5af45045261f536c71baafd77298

SHA1
4f613dced987f67dd32883fa0cd9298a20c102f2

SHA256
d123a1a00d692830f1f5276c64edfbc7abc9d0640bbb02596f83e10b14f89c0d

SHA512
2156c44e95f51c8a56ca2aca1d5b6127a9e76ce709506ddda2df37cac554fd04303f14a11232a18ac6098c8502ed515d2ccbd1f8671a180490acf8a573457284

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-700.woff

Filesize
23KB

MD5
efe9ead0aecdedc597ec9d4e745e0a58

SHA1
df6a1ea1917ea01c1f53f73cd9412afcfd254875

SHA256
c173db3aba8f65231290d9c956253e0f8bbfb12750e1c4c56b26cf64fdefa735

SHA512
ec781dce0b93d82d4096f8fcf1b3397b686d2415abadf543dd00ddb55a5aa49a87d063ed4fde670eca3ffb0c97c72df506265daf73c4b03f4d6d9a98996e9109

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-700.woff2

Filesize
19KB

MD5
15df1fb3e82321d94a0ca758c62e25d2

SHA1
9fce105a87ee8b8bef404942cf48c42ba5ea1ac2

SHA256
b41570405890d4f995da7b265ceb5cfb50246a940f9489525a8f526cfd160356

SHA512
6e18ebebd7d7101cd04394595e4243abaebac2894ec303978b8fcb892a2922539c945ee5c549470ce79e44dddb25ccedc03fff272fcda17883c29b504e5de2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.eot

Filesize
20KB

MD5
916fcc0b03b40457b311609ac7226183

SHA1
193e96a3b8ed9720bdd05d56f81dfd9dea43b5c2

SHA256
6ffc257b02167f060ce8c84cf4137f896b812a814ecbdbf9e85bf3af99428dcd

SHA512
974b5ade776b0915c3cca3dc4f0b5dd6b635f0053f10658fe63145e16de623023ede0ba3571caffb1aa6e4adcb9d3b3ee3dfd3d58d00028311621372bcb78b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.svg

Filesize
54KB

MD5
7aab4c13671282c90669eb6a10357e41

SHA1
4ca4e88a77a4d81138206a10793507cde43e31a8

SHA256
f8396d832e2b270319c4e17df620c06f77293f5c4e7ffdce337c9b90fa75d133

SHA512
08a74874f74c1b75f7a93e94faa632d1bf21c2d42c85fb66c9b11138e60aeafea8874b7bf33facf7503d19dc7965142d78e5015a0dbc340da2b4550d232d7116

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.ttf

Filesize
37KB

MD5
abd464fd52dec0108904f062f30b31d4

SHA1
f51881b3732bcb7aac9592f50184720e7d726ccf

SHA256
0c4595868d57ebb5f2793e22e8493bfe2606cd8c628a039d2d1a4fa79f642b05

SHA512
7ed6d565101bdd3e15596c7cc9ba8cb4c4a7be57333fec06bb01492360b409194f0ae6a8db1c368a1b1880ae260c122d1f0f551b74a6ea18e932d07687ccaea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.woff

Filesize
23KB

MD5
2b6f63fce9104d1223d83dd12cd6038e

SHA1
1ac49ab02668c5deb14a497faefcb7bfa6c15731

SHA256
32ad89cba217fa7f180d331f6e43d87a75e8eb1b97ed102d178c534fd6e51038

SHA512
1ad5b9865a50dce57ff6571352ecb4467ab7c6821fb343f4afbfc85c7cf35a4c84a8ea4357fa7878919947ad913aa2d8b8318277373fabf2297e78ef20117aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\fonts\open-sans\open-sans-v15-latin_latin-ext-regular.woff2

Filesize
18KB

MD5
81d0487ba73afd292730e6f89e83c2ea

SHA1
20f0b5b7cac1d9a707d3cce56b7a4c16a5a11d46

SHA256
557116ee5706daa3b6cb2f52e7490e22db9c30ebfc447a5c85458a5fa0f6f84b

SHA512
f069c794442a237d55a31a4f17fbfbf5d8c4d82c12508ad45371641dfa177f03b7ef59360d2e91237d5d3c38cd11b0f3a145317b58af8d0cfc0e19c65eb313c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\img\icon-on.svg

Filesize
1KB

MD5
7d6f6b27842ae1bcbfa45f04669ed7e5

SHA1
b58d4e18d1de9e869a457520353e73384376b2c1

SHA256
cb5031b92d05a40fbbeba5c22fcbee49542826602a8ebc5aa2de6084755bfd6f

SHA512
69734737316105daa385a22944e31542f424e2f217d2f94ff8f6469c12f34577f7def6ac0c74fc4b0e13079791731afba23d273df95e5e0fbf7fb326f99c0163

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\js\background.bundle.js

Filesize
168KB

MD5
f8a8d9dbf5fe7367770fa891e647e7aa

SHA1
e7b208ceef2d60a34a24b5e680b740eeac0c272d

SHA256
029d7a6b0044eee1b1f7a936e159dfecba10b318de7e05ecc3f6795525dbcbe4

SHA512
8e62b23c1de1ebc0d34f59ed795021b4b4116fc7c49bf1da365ad4895616ba8403403d45bd2c14ce58f967b5e266e550971a0157833884a58a913774b82942bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\js\options.bundle.js

Filesize
524KB

MD5
fcf662e70f2981ea9fce846985a3db9c

SHA1
fb458741fd44ef6394418f2c83fab11955dd14f6

SHA256
e0b4c21430222c675ca600d1aeab56d0546549c760e44052cd7277dc3700e9e4

SHA512
28f564d0c6f3fb3dd08dada6b93cd20872e77f87ceffa3ba3c41ae8ffec89330b4397557408cca03737b7426255a23293bd20f6e2a6a72bb84eaaf8ea3830496

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
f2c4252c26cf1eeb8fb17d077fa1de5c

SHA1
a5b4ebea068b4e5afce5640be066906611fd3248

SHA256
6e1ea4ad05b129daa8fb1f303edcd635e8eb6586266c0b2c6d0fa17139e8a55e

SHA512
faee86ad9df82dc970095d17070506c285b48799c02b31897a625c98999c872b72639710898788a0e24c3e226a1b31c6ec0b2cf5efa93899730980ef81e61e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\views\options.html

Filesize
478B

MD5
268dbab3d2bef14c65aceb15ec0037e3

SHA1
c40f859765f4e32e07b29c5cf675b571a49388fb

SHA256
c10a217d93d9db7f3e50328b3f8a9314d8fd0376da88c00f5d5b9f2924326820

SHA512
010ee0ccc0518d0f00d8f14a03080b4507eff1c80e15acac5407ed86d09d82ad9691ae4354dbb23988e6ef8226709ccf083a02d67b0142b97d9d5b997cbffc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_121871077\CRX_INSTALL\views\popup.html

Filesize
398B

MD5
e3709558c6998c808e07553bdd7e60b0

SHA1
ead5e2d02fdbb83b75f9a40c445184847d07c027

SHA256
5b5d11aab7f8844b6bab4497f82caf4a736f565301c4866c9f9b3f259a604437

SHA512
bc5df31470e49854d556fe8712d0393dcacd8c790804a6ffc0a41e95ab55bf5d964e3bad4156c37f06f4a2d68a3660be1a5683bc11b3b7fffe77a9735859dbb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_373107483\CRX_INSTALL\img\common\extensions_page\icon_16.png

Filesize
540B

MD5
67816b9f9f56727c41d64793d0eb4902

SHA1
99dee423dc2ec6ddb923208240b2fd13409c8ca5

SHA256
7b9847ea5d27c37df0430ff4056ecf18b2248d18a10d7ee1cd7f8908f0a82d5d

SHA512
6fab420866894593620e95ce3cd988e6a9525b6bdb0b4577f8ee5fe513f3ba187996ccbda9d0b54b493122136e52c7bd179da22cd8106725f24401816429a3c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_373107483\CRX_INSTALL\js\sidebar.bundle.js.LICENSE.txt

Filesize
2KB

MD5
4e994bc011dc4913520bd9f4cefd135a

SHA1
de9aa409a953bce76c488dd9b7297a23f63eb909

SHA256
923090b15eca2d9a8c7f02431cbc23961b45e34a33c6ca0df8c162abc6f91688

SHA512
2d64ebcf3b135c6249d4883c54de3f9bc0cef36c9c071b1295816ee416481659ee1f62d06c92c1b4a92e48c88cb29312398d8cf4e54d3dd5112d801ef3b080db

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_459642536\09d966c9-c26f-45b8-a151-d82f8efaec88.tmp

Filesize
1.2MB

MD5
d343a7167bf2962f27b54de17ec166a9

SHA1
cec2497d5ea819f05be656b8e15f79a6eaf27acf

SHA256
a00f73fe6dedd17fd34252c40d89c6be5524027ddb2c0effdbb298d7d7065de3

SHA512
64ada12e0bbd202c2f4817bb804d7583baaac469eaac0fd8db0df6bbc9d8d33603feb0cbeae6830b205fa056765da835b0e35b0733e3ce8964b8890aba382a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_459642536\CRX_INSTALL\contentScript.js

Filesize
1.8MB

MD5
1d61d5c9b26317049a3146f54fba151b

SHA1
5c99e0a7a24edec1fda4efda3da699f23af3b496

SHA256
2bca9c8754de24fb5e6202f72c8ca085d2d82d04cf4a74006ae6d2583cbcf005

SHA512
575704a8c97b61ca66d7e419c6764ab5dc6738a2811f30e8ef293b5b28b3e4b780a62b3ba678922450b6b486f5365aeab54f195c12f58176db19282e48eb6280

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_459642536\CRX_INSTALL\css\fonts.css

Filesize
1KB

MD5
222b7ccb780369911363033e77ee7aa3

SHA1
4b583b94fd1fee73a39b28a0aca1708b99adc260

SHA256
06ffeef3e678be1a8c9fd3907510165a13c782ce9f1c01364ca5f6b6f2c8a9ce

SHA512
907f9b8ee33cf37a577e89eff48d18af3b1b8473d1da0ec1893c5de7f060943cd54000adc24ff9a775996f17886be20a6d3dd761ce27c7f63f36434ea7408140

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3900_929465246\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
e7db79db2d24cb4e79aa5450d91a1e2f

SHA1
833b846ad190a75b303f4cd76fc4bce2ae98ed08

SHA256
1096113ff4406b1c23dda9eae8fa61a602afe6426e28279776bfd93ec7427b23

SHA512
d746629d6c6646f2a2035bfc24b0a0b9bba90dd5f046cf7723b3ebf60afb2c727f72c653bff2315794bd24a0cd7d2a6a52d23a227168b59f9536832fa1fd8355

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG Secure Browser.lnk

Filesize
2KB

MD5
eb9d6b55c43638a8a40011e6f55147e7

SHA1
0e1b07429367118734875c738eabd08ad0267b29

SHA256
e4fc9faca30ebe7b3fd59b0f1377f523d62a4892fb1f78b9d7fdfe216696a119

SHA512
b1889b4ebd646fac0bdab56df72042fef43dc5fb7ebb056719697f4df1bf9a65d8274219ac2b3ce18b505fbb7850a3bf0b93771354515820dd0ffcce5ded30ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a09d433be43d31c16ae6dfb53099c593

SHA1
d1cb82d0544f1439d05d1327331c8b3c6cd68386

SHA256
70cab1c1fb1b02bea5d47bbdd0690d1346d887dcef245aab091daa79977dd84b

SHA512
242e5393a6cd92d170581094fab8ad0ccfb3a5ae6d8dbd64f5a7c454b43073ae98792ba304c118e580a6a07ddcdd78cc48557adc657586084cab5c3952c6bbed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
bae0e58184ea4b25f87d6b9133a2ca79

SHA1
93b39f226095554a7199d2ab51661607a338274d

SHA256
d3bbcd6a6f685fcd4bc29c09d5bd42697c257c4db47b10059058789d1ef05230

SHA512
7959505ab8c281b36257787f2eb1ed6a351f699b3e2141421b5fdccafaa58e510f65e2faea4731d522093d6b3aa6ca9c84e97135fcce6172e63485ee827a75dc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 708596.crdownload

Filesize
5.8MB

MD5
e126e85516c400f91c7faec6de177490

SHA1
364d5712f99012549c4c0425bebc0c6cd6bba218

SHA256
9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07

SHA512
028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 972030.crdownload

Filesize
2.0MB

MD5
244f8953360ebe8de2b162faf941969b

SHA1
63946a9930ca9cbaef3293cd9a509a85a97720a3

SHA256
409f86680d6e6ecc1d617467e2863d5e5a10e008cf34a3c0b97c759c70fe30da

SHA512
4e03c76a91e6e6209cda275060ab4e60100dd6a3ee001d5db10079d19b8d7f8dbb7d08302e7d8e881f062180f442303cba588b740458898ca8c670c91b16e976

Download Submit
C:\Windows\Installer\e644a77.msi

Filesize
32KB

MD5
66140e921ffc869e5dbd7d0337503f1a

SHA1
cc26b0818dbb2a4d3e242fd1caf7b45e036961c0

SHA256
d2ef84b42a4358e58f5566d842c389b229ba073fcef20b2a3007b6ce76a06d2b

SHA512
eb4a787e76a6700112349b5eba78a4467ba4a2364d30eade70acba480e4df1c5d48bcb31ca136f81b350c466911af97cb1da1ba964c2d35003a4e3e86c738772

Download Submit
memory/4100-3493-0x00007FF8B2390000-0x00007FF8B2391000-memory.dmp

Filesize
4KB

Download
memory/6808-2938-0x00007FF8B1D80000-0x00007FF8B1D81000-memory.dmp

Filesize
4KB

Download
memory/6808-2939-0x00007FF8B1470000-0x00007FF8B1471000-memory.dmp

Filesize
4KB

Download