Malware Analysis Report

2024-09-11 05:43

Sample ID 240605-pth4vsfe9z
Target LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe
SHA256 5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
Tags
bootkit discovery execution exploit persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874

Threat Level: Likely malicious

The file LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery execution exploit persistence spyware stealer

Creates new service(s)

Possible privilege escalation attempt

Manipulates Digital Signatures

Reads user/profile data of web browsers

Modifies file permissions

Checks BIOS information in registry

Checks for any installed AV software in registry

Downloads MZ/PE file

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Launches sc.exe

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Kills process with taskkill

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Runs net.exe

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Pre-OS Boot
T1542
Bootkit
T1542.003
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Software Discovery
T1518
Security Software Discovery
T1518.001
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-05 12:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 12:37

Reported

2024-06-05 12:40

Platform

win7-20231129-en

Max time kernel

149s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe"

Signatures

Creates new service(s)

persistence execution

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\AvRepair = "\"C:\\Program Files\\AVG\\Antivirus\\setup\\instup.exe\" /instop:repair /wait" C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\ais_gen_core_x64-82e.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\vps_tools_64-72.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\AVG\Antivirus\setup\servers.def.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\VirtualBoxVM.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-utility-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\prod-vps.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\SUPLoggerCtl.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxCpuReport.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dasync.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\AVG\Antivirus\setup\servers.def C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ucrtbase.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\vps_binaries-72.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\NetAdpInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\regsvr32_x64.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\bldRTIsoMaker.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\part-prg_ais-15020c62.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\config.ini C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\platforms\qwindows.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ldutils.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\ais_cmp_datascan_x64-82e.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\SUPInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vbox-img.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetAdpUninstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\jrog2-72.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File opened for modification C:\Program Files\AVG\Antivirus\setup\ais_gen_streamfilter_x64-866.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\AVG\Antivirus\setup\config.def.vpx C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
File created C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr100.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\tstAnimate.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSDL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDD2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
N/A N/A C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\sbr.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk\DefaultIcon\ = "C:\\LDPlayer\\LDPlayer9\\apk_icon.ico" C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods\ = "36" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "62" C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\ = "ISnapshot" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\ = "VirtualBoxClient Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: avbugreport_x64_ais" C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\ = "IHostPCIDevicePlugEvent" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ = "IVRDEServerInfo" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-BF98-47FB-AB2F-B5177533F493} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\ = "INATEngine" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ = "Session Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\NumMethods\ = "13" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\ = "IGuest" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx" C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ = "IGraphicsAdapter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CF37-453B-9289-3B0F521CAF27} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "17" C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "64" C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win32\ = "C:\\Program Files\\ldplayer9box\\x86\\VBoxProxyStub-x86.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ = "IProgressTaskCompletedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\NumMethods\ = "28" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "68" C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_gen_tools_x64-876.vpx" C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: ais_res-876.vpx" C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e210f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 1736 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 1736 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 1736 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 1736 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2660 wrote to memory of 2680 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2660 wrote to memory of 2680 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2660 wrote to memory of 2680 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2660 wrote to memory of 2680 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2680 wrote to memory of 1160 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2680 wrote to memory of 1160 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2680 wrote to memory of 1160 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2680 wrote to memory of 1160 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1160 wrote to memory of 2408 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1160 wrote to memory of 2408 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1160 wrote to memory of 2408 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1160 wrote to memory of 2408 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2036 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 1916 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2520 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\conhost.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2740 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2876 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2876 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2876 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2680 wrote to memory of 2876 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PushWrite.TS"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=2541 -language=fr -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe" /silent /ws /psh:M75AarNzaSSeGsEZvbMwGjRktiv5z7xTCShag864XKrwLwguua1IgC87xaTmHem3WCTbofzuBMJbWJQO4UbF0B6

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=3cFh3l8MFeWzWDklfWMEmWK0cwYomZ1y0487FjqjJXUCZmcPlv5rNbdFtn1vyp9AesB1bE2wg2CuQ7KR3kRqQVHdq /make-default

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=262560

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe

"C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe" /silent /ws /psh:M75AarNzaSSeGsEZvbMwGjRktiv5z7xTCShag864XKrwLwguua1IgC87xaTmHem3WCTbofzuBMJbWJQO4UbF0B6 /cookie:mmm_irs_ppi_902_451_o /ga_clientid:66c432ac-fdd4-4828-bab8-647ecaf1ca0c /edat_dir:C:\Windows\Temp\asw.c52840078ed0ebdd

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe

"C:\Windows\Temp\asw.85de6e0ad670a8df\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.85de6e0ad670a8df /edition:15 /prod:ais /stub_context:7f2197c9-1645-407a-9475-f87453d5ca0e:9994552 /guid:24b5d385-1f6a-4ce5-a55a-d563d6de6727 /ga_clientid:66c432ac-fdd4-4828-bab8-647ecaf1ca0c /silent /ws /psh:M75AarNzaSSeGsEZvbMwGjRktiv5z7xTCShag864XKrwLwguua1IgC87xaTmHem3WCTbofzuBMJbWJQO4UbF0B6 /cookie:mmm_irs_ppi_902_451_o /ga_clientid:66c432ac-fdd4-4828-bab8-647ecaf1ca0c /edat_dir:C:\Windows\Temp\asw.c52840078ed0ebdd

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1008656182788184192-1552067372-165162374114770752492035851942177047960-1745925258"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe

"C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.85de6e0ad670a8df /edition:15 /prod:ais /stub_context:7f2197c9-1645-407a-9475-f87453d5ca0e:9994552 /guid:24b5d385-1f6a-4ce5-a55a-d563d6de6727 /ga_clientid:66c432ac-fdd4-4828-bab8-647ecaf1ca0c /silent /ws /psh:M75AarNzaSSeGsEZvbMwGjRktiv5z7xTCShag864XKrwLwguua1IgC87xaTmHem3WCTbofzuBMJbWJQO4UbF0B6 /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.c52840078ed0ebdd /online_installer

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\sbr.exe

"C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\sbr.exe" 2196 "AVG Antivirus setup" "AVG Antivirus is being installed. Do not shut down your computer!"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/4bUcwDd53d

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\dnplayer.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x450

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\AVG\Antivirus\SetupInf.exe

"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRdr2.cat

Network

Country Destination Domain Proto
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
FR 3.162.40.152:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
FR 18.155.128.109:443 d1arl2thrafelv.cloudfront.net tcp
FR 18.155.128.109:443 d1arl2thrafelv.cloudfront.net tcp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
FR 18.155.129.14:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 res.ldplayer.net udp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
FR 18.155.128.188:443 d1arl2thrafelv.cloudfront.net tcp
FR 18.155.128.188:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 iavs9x.avg.u.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avast.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
SE 184.31.15.81:443 iavs9x.avg.u.avcdn.net tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 stats.securebrowser.com udp
SE 184.31.15.81:443 iavs9x.avg.u.avcdn.net tcp
US 104.20.86.8:443 stats.securebrowser.com tcp
SE 184.31.15.81:443 iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.81:443 iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.81:443 iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.81:80 iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 8.8.8.8:53 j9121315.iavs9x.avg.u.avcdn.net udp
US 8.8.8.8:53 j9121315.iavs9x.avg.u.avcdn.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
SE 184.31.15.81:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 y7637820.iavs9x.avg.u.avcdn.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 h2899040.iavs9x.avg.u.avcdn.net udp
US 8.8.8.8:53 h2899040.iavs9x.avg.u.avcdn.net udp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 f2077074.avi18tiny.u.avcdn.net udp
US 8.8.8.8:53 f2077074.avi18tiny.u.avcdn.net udp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 8.8.8.8:53 alpha-license-dealer.ff.avast.com udp
BE 34.140.0.190:443 alpha-license-dealer.ff.avast.com tcp
US 8.8.8.8:53 alpha-iqs.ff.avast.com udp
BE 34.76.203.183:443 alpha-iqs.ff.avast.com tcp
BE 34.76.203.183:443 alpha-iqs.ff.avast.com tcp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.51:80 z3477431.iavs9x.avg.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SE 184.31.15.48:80 h2899040.avi18tiny.u.avcdn.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.133.234:443 discord.gg tcp
US 162.159.133.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp

Files

\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/1736-11-0x0000000003810000-0x0000000003850000-memory.dmp

memory/1736-12-0x000000007443E000-0x000000007443F000-memory.dmp

memory/1736-16-0x0000000002A80000-0x0000000002A96000-memory.dmp

memory/1736-17-0x0000000074BF0000-0x0000000074C06000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2ACD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9913330e091717d4fafc7d7572df3beb
SHA1 463ae19137c23cd48ca17c125280303388b1f979
SHA256 8bedc87c5967fe9f5e3853beeaed027f457677c94ab92f9369d852a442f54d48
SHA512 897bf05c8dc4b6d6a6a6efa775be6efd540b8d68f6a80c002416e1b0ae35056d00873ef79246ff4e08f9985e7e65c81c988664709523455049a9fa9fd849e8e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c86ac51f50b1ebe5e0fb030638feb013
SHA1 e1b3c30432f5fe38182cdc141ab8b6315fbb74cf
SHA256 f54d18c90701dbfae5bb00ca3530cd38b712ff7c05c567e0d75a1ef1cc1ef838
SHA512 456214904e84ad425fddae9e5fd7dc1e88c384a2e150670fd7fa3bfab9d92fe92649bd49a4aa5464e92c2b57636c6b51f7efa4cd8f4d3ae224f2a38515216f16

memory/1736-155-0x0000000003AF0000-0x0000000003B34000-memory.dmp

memory/1736-156-0x0000000074430000-0x0000000074B1E000-memory.dmp

memory/1736-199-0x0000000003810000-0x0000000003850000-memory.dmp

memory/1736-205-0x000000007443E000-0x000000007443F000-memory.dmp

memory/1736-206-0x0000000074430000-0x0000000074B1E000-memory.dmp

memory/1532-220-0x000007FEF6FD0000-0x000007FEF7004000-memory.dmp

memory/1532-219-0x000000013FE40000-0x000000013FF38000-memory.dmp

memory/1532-221-0x000007FEF62B0000-0x000007FEF6564000-memory.dmp

memory/1532-222-0x000007FEF4ED0000-0x000007FEF5F7B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_antivirus_free_setup.exe

MD5 26816af65f2a3f1c61fb44c682510c97
SHA1 6ca3fe45b3ccd41b25d02179b6529faedef7884a
SHA256 2025c8c2acc5537366e84809cb112589ddc9e16630a81c301d24c887e2d25f45
SHA512 2426e54f598e3a4a6d2242ab668ce593d8947f5ddb36aded7356be99134cbc2f37323e1d36db95703a629ef712fab65f1285d9f9433b1e1af0123fd1773d0384

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe

MD5 591059d6711881a4b12ad5f74d5781bf
SHA1 33362f43eaf8ad42fd6041d9b08091877fd2efba
SHA256 99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65
SHA512 6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c

\Users\Admin\AppData\Local\Temp\nse8420.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

\Users\Admin\AppData\Local\Temp\nse8420.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\nse8420.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nse8420.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

\Users\Admin\AppData\Local\Temp\nse8420.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

C:\Users\Admin\AppData\Local\Temp\nse8420.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03c923e3018cc169932100472261efda
SHA1 43153eed082c9ad01d767441b26dffd2edfdec8e
SHA256 77be43b84fd68496579acd5b881d9edd49f6252f6974bdbefd7ce9068b0a4800
SHA512 165fa4c9a71684bf76d39c05126c80597ba9f8829d059b8c9e79f28d0fe679ed3a0ad60dde8ddcfaa4dfec8facb4e1a580642fd1f874b483f39c7b3d0a56867f

\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 a04a36948ab451c5344aed3ed9a3f9aa
SHA1 c429b59db40462069c75706059d37348d4d8d6c5
SHA256 4879f7caca2ff3cda2bc551fc895ea24b06b6b61767659e8f55fb6317a28fb5e
SHA512 c549b03cd85de0b7be3e2783a6ee9fc09622a60750f43903a4a98f05f0d975384ddbf68ffcda5575c68cde2a9e8aa84bdc05e15174931ba5dd45dc5053f33056

\LDPlayer\LDPlayer9\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 70058f2d60daef1ccc7bbcba210f0ace
SHA1 ef214ade419a724272ac82e9de5233d7c0afa64b
SHA256 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873
SHA512 a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a

\LDPlayer\LDPlayer9\crashreport.dll

MD5 7d2b7e50bf352bcacd36ace10744bb75
SHA1 8e30304a46431422f8f980141f674416e554fc8f
SHA256 14bff3e96d291118952ed06f7f475f882b2c1ecc1eac9823c508c63c02fc9da0
SHA512 deb21e0633c48959ff20e7ab1884230e00f1b97d1e156a41b967521221f2e29412be040ddff649db9e03a5977654df744f1bb974091a7e5cabb2c859bfc869fb

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 607ef18f70e16441f02f84b2664454da
SHA1 8cf0c3607b0caf119f8ecdfc6703409b21d4a5ba
SHA256 501fcdded5db6f9169471167e87441b82c351789b2647777b53e944fd2055314
SHA512 9286f0f8b8abe9b556eff1019f15da3d0145c1c20e2f97aadcb4cf495f21a4a60fae113ef2df3cbb98cbb7122f3447d6f5997112b387454f8e4d156c37299c99

C:\Windows\Temp\asw.c52840078ed0ebdd\avg_antivirus_free_setup_x64.exe

MD5 72c1cad77d7a37f6eed6606b00b22738
SHA1 1883d039f42ead5318de8f5f37b61bad4b61fa72
SHA256 47cee4d44e8fe27f3229fa751c11259227a00b605d6a42e2cb066f100a9049c3
SHA512 87104f2cf47683f113398e71b795fbeadd6835b5d333e1aedf22e7d3afec7de3e138cbc949947235ff4892489caaf219405832df91885084e361806ac22d0209

C:\Windows\Temp\asw.c52840078ed0ebdd\ecoo.edat

MD5 3f44a3c655ac2a5c3ab32849ecb95672
SHA1 93211445dcf90bb3200abe3902c2a10fe2baa8e4
SHA256 51516a61a1e25124173def4ef68a6b8babedc28ca143f9eee3e729ebdc1ef31f
SHA512 d3f95262cf3e910dd707dfeef8d2e9db44db76b2a13092d238d0145c822d87a529ca58ccbb24995dfcf6dad1ffc8ced6d50948bb550760cd03049598c6943bc0

C:\Windows\Temp\asw.85de6e0ad670a8df\servers.def

MD5 2b62fb1ecd174c7e951f2b8af502c1c0
SHA1 90744a9355dd5b74d2ecc7ee34fccbeca1c18f1b
SHA256 1fc616dd97e72451eda1324979f65df6af823aaaee1c83e5c2c3f3308cd26a67
SHA512 0f14fbab88469ed19cde8d54ad74276ae4b03a783bf99def2d0f4d655a6ff86a35aa7ce4e8a7dcb936c70789efc4714b9bf1b317e485a6a44f150be6792cd7a0

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll

MD5 1fb62ef7e71b24a44ea5f07288240699
SHA1 875261b5537ed9b71a892823d4fc614cb11e8c1f
SHA256 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a
SHA512 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll

MD5 cedbeae3cb51098d908ef3a81dc8d95c
SHA1 c43e0bf58f4f8ea903ea142b36e1cb486f64b782
SHA256 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0
SHA512 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll

MD5 a639c64c03544491cd196f1ba08ae6e0
SHA1 3ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256 a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512 c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll

MD5 e1debeda8d4680931b3bb01fae0d55f0
SHA1 a26503c590956d4e2d5a42683c1c07be4b6f0ce7
SHA256 a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d
SHA512 a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll

MD5 b72698a2b99e67083fabd7d295388800
SHA1 17647fc4f151c681a943834601c975a5db122ceb
SHA256 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378
SHA512 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 6e46e5cca4a98a53c6d2b6c272a2c3ba
SHA1 bc8f556ee4260cce00f4dc66772e21b554f793a4
SHA256 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce
SHA512 cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll

MD5 a37faea6c5149e96dc1a523a85941c37
SHA1 0286f5dafffa3cf58e38e87f0820302bcf276d79
SHA256 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e
SHA512 a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 6486e2f519a80511ac3de235487bee79
SHA1 b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA256 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA512 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 540d7c53d63c7ff3619f99f12aac0afe
SHA1 69693e13c171433306fb5c9be333d73fdf0b47ed
SHA256 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36
SHA512 ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 77e9c54da1436b15b15c9c7e1cedd666
SHA1 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360
SHA256 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658
SHA512 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 b8bce84b33ae9f56369b3791f16a6c47
SHA1 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4
SHA256 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8
SHA512 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll

MD5 89766e82e783facf320e6085b989d59d
SHA1 a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed
SHA256 b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90
SHA512 ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll

MD5 769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1 b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256 d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA512 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 bedc3d74c8a93128ef9515fd3e1d40eb
SHA1 d207c881751c540651dbdb2dbd78e7ecd871bfe1
SHA256 fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32
SHA512 cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 c9649c9873f55cb7cdc3801b30136001
SHA1 3d2730a1064acd8637bfc69f0355095e6821edfd
SHA256 d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f
SHA512 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll

MD5 13b358d9ecffb48629e83687e736b61d
SHA1 1f876f35566f0d9e254c973dbbf519004d388c8d
SHA256 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd
SHA512 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll

MD5 8fd05f79565c563a50f23b960f4d77a6
SHA1 98e5e665ef4a3dd6f149733b180c970c60932538
SHA256 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll

MD5 7041205ea1a1d9ba68c70333086e6b48
SHA1 5034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256 eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512 aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll

MD5 e87192a43630eb1f6bdf764e57532b8b
SHA1 f9dda76d7e1acdbb3874183a9f1013b6489bd32c
SHA256 d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf
SHA512 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 e46bc300bf7be7b17e16ff12d014e522
SHA1 ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44
SHA256 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e
SHA512 f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll

MD5 c1fdd419184ef1f0895e4f7282d04dc5
SHA1 42c00eee48c72bfde66bc22404cd9d2b425a800b
SHA256 e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7
SHA512 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll

MD5 0fb91d94f6d006da24a3a2df6d295d81
SHA1 db8ae2c45940d10f463b6dbecd63c22acab1eee2
SHA256 e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8
SHA512 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c

C:\Windows\Temp\asw.85de6e0ad670a8df\asw3dda17a5e5e8f959.ini

MD5 d32dcc4c190b4a87b44716bccf7373a1
SHA1 042dfc2872b644c0080338a50c512ab377660ab3
SHA256 37b44ac4c0003c2632da4f3af50503f76f99186e9ef255905521a96a63de29fb
SHA512 dd2dc774c3a54e4d9d4b1e5037a5dc12ee357b46a76b5a03026301275b462cb582961df03ebe7a18a198970a955112bc5252341c7ebc8dd89526ec44e80ef58e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z36U24364SVUAOQFK611.temp

MD5 e94e0f8b597cd21521c3c7261c38a70e
SHA1 22fa796cc402484340d06648b9b94371a4011a6d
SHA256 4fad6b512d6e56100755e11bfc47fe294f48d8176262b201f6f7556d056933f5
SHA512 f9e4c9861ba78342a717ebde0c995c250cf949275e44227b46aa893c7082bcd427fb272d1ec06729e54a002355fbc9002ef7fa9ff7ff41da01be0b60f3b515c3

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 f96c25bb4feee47fe4111660fa0706b3
SHA1 284126ce4f80b6bfd6037f6137dee90c941e4eec
SHA256 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867
SHA512 b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 a723044f1c511790dd0ee3a3fa68c4cf
SHA1 670e6f907c2557c9685ad26c26d6d8fee5139942
SHA256 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4
SHA512 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c

C:\Windows\Temp\asw.85de6e0ad670a8df\asw3dda17a5e5e8f959.ini

MD5 39ffcf55530f2beba1bb0d7226b21397
SHA1 19ac5cf2246edd187042f5b647010d193c3323a5
SHA256 0e158befc912923e7cc011b2fb5ba46985da086a9e53cc0db638a9b5f8b072d9
SHA512 90fcffae0825d25416a0b559c221d7afff815f2b23d75d3cd225662dd9b4e6d845353754d7ff2cfd8fedfe158c46a60e4704e85ad4dbb3e34af490605ae7887a

C:\Windows\Temp\asw.85de6e0ad670a8df\config.def

MD5 47196fef21248823a99a0849083f9e5a
SHA1 e3441aab44e4c74d302bca7bdc06f4e0ea0d3e98
SHA256 dc5d936f71691ea2737b76b79eb07f629fd7f871b30a3237fe83c60dccdb5f29
SHA512 9afadef1f31ced31738074f9f1250ecb658e691eb9e89ffbcdbd1665d4d5b1d7b4f072a0c1842ef8d15a6127aaef21d413b9231adc8303c43d256e375d4ab760

C:\Windows\Temp\asw.85de6e0ad670a8df\servers.def.vpx

MD5 ca027a5ef5f6d21d7e42855fa4db4120
SHA1 eee669fe1c3cabd5f96c65ac992e4851f8eca9da
SHA256 e1b5e5122457b19ad5175b0b372d6d0b55813503827ad1d84c26f23b8506a66d
SHA512 8dcd63d2406f6f7e67053342553345bb372401a8dda64e1b41e937df7359a8e4c0afa9705d8fbb953aeed403d54bcd6a5d5bddf7ca1d6c43f1da37020bdda491

C:\Windows\Temp\asw.85de6e0ad670a8df\prod-pgm.vpx

MD5 6d08ac0131cac7a2f9f2ea5d9d0b0cc6
SHA1 25983c1419089c6a7570963dda2d06e022b3b36d
SHA256 846f9f2f624c8a1f001a4bd7c7ca3158c8c79cb11fa6d474cfdf8e48d0238a3f
SHA512 753890f34fc1a925177a594c8bc5e19dc509fb8b32c1eef429496c5d19421200bdd75879c529981823340718bee82dafdf3f262a9ecf65de9ef03d12a1684b2c

C:\Windows\Temp\asw.85de6e0ad670a8df\part-setup_ais-15020c62.vpx

MD5 d5b798d8816b252e7d718195dfeb8a8c
SHA1 860c5807fd491aeeb12d661d8cf2ecca4ca1639b
SHA256 75176962c8691f84eb299a555d4c82796b53a12161f1e6616ec50cf97393b499
SHA512 16cd2e8f57c05ba2bae79de39867cc35178a6d99cd035d7d20efd8788076360a408affa9b6caf3ea09daf5c32834b995e47b1ab4ec29fcc1fdfddcf0ba96cce5

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\asw2823e787d7a6679e.tmp

MD5 bbb61ad0f20d3fe17a5227c13f09e82d
SHA1 01700413fc5470aa0ba29aa1a962d7a719a92a82
SHA256 39154701a5a844eacf6aa1ccc70297c66bda6e27450fd1043778cead49da859e
SHA512 c614246263664268970562908c63e933ddda0a7f1c2f06b63eab9a06a2d8253356636cac948f709c37e66929d5d8b57663bf5f0d34fcf591ac7461c2af5b63e4

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\aswfadf007c02953bae.tmp

MD5 43dc9e69f1e9db4059cf49a5e825cfda
SHA1 519298f8a681b41d2d70db2670cc7543f1ee6da4
SHA256 98efeee831a7984d94cf13800aeb1de68e79bea0bb5d95ff7adcbb43b648ed4d
SHA512 d0c07cb1e251f2135fdb21893e6ca70efc019a8b759274c87266fb5a2c48ebc0126aecee0020bd48cfd65ef2f794b81b1e417000c91db18e2ac128c86eac4079

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\asw27eeb3f42c37d6ee.tmp

MD5 c545527e69a46359a4a45f58794a0fe5
SHA1 e233e5837bfe5d1429300fb33f12f5b54689781b
SHA256 8d86976b5ecd432772d4ac5965ff86bff6da04318f231b3e7ea64818de6211f9
SHA512 754c891b4f582948ba5dd776a87edba35f96453a540c20c5dd78f2d816bc83161e0d3f8a0f6052b5d0835f5a0b4eeb6d7a871aa611bd74e61ca25ea7046837e0

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\asw3e003d0184660d3a.tmp

MD5 917a284494cbe4a4ec85e1ec768339c9
SHA1 47ccc0a04ecc7c3c1ff79bf42d424cfda356137c
SHA256 57cb03fbc4750eefba0079c3fcdfc1b077e4347e0438f41e13b8614e7f11b772
SHA512 90849e580c9da697689c664b126ed97b085bd2fd6016ac9193afd7a7ac625c76db84c9bf55a4bd0308da889a16b27832383738de5ecbec7e97bbd5b7962999d8

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\aswdb95717e2fac642e.tmp

MD5 ce4d45d0b684f591d5a83fdbd99bd306
SHA1 e89637b905c37033950afadaca2161bd5b09fb5e
SHA256 907e054fef8297e3cd31d083299ff0ac495775eaa928e3e10e7000fdf6baaed7
SHA512 af0aefc20b9c9c91f63f34fcd70c27e9e304073d51cc9ec45113ab360dd5ba4ad104b5c752e022b8b153f435527b56f6bfbb6022dd4bca98f8d1778e2bfc97d1

C:\Windows\Temp\asw.85de6e0ad670a8df\sbr_x64_ais-c62.vpx

MD5 e38cc92cd980a55d811316ac62883e14
SHA1 fa83737abe11ee825c3da6843cc4d8e3b459729a
SHA256 be4d8a5dc335ca8446c0dbba4ee4ef07553a5c242bed560f11aaef4793855e87
SHA512 1422c8f94556ff0409a3cd1ff581f6c4ea56b01be36ba5b2c0e72465f4dad38391eb85bae28b079aa2f1204615d32a17b7e73e92ffcc9964f39c79626b7afe16

C:\Windows\Temp\asw.85de6e0ad670a8df\New_15020c62\asw1a8df6a8eda32b88.tmp

MD5 0b830444a6ef848fb85bfbb173bb6076
SHA1 27964cc1673ddb68ca3da8018f0e13e9a141605e
SHA256 63f361195a989491b2c10499d626ab3306edc36fbcb21a9cd832c4c4c059bb8f
SHA512 31655204bfb16d1902bb70a603a47f6bf111c0f36962fea01e15193d72cc1fffcead1f1a7884d2929ceb77ac47c640ca8039a93b4648747496d462ffe6a05e65

C:\Windows\Temp\asw.85de6e0ad670a8df\uat_2196.dll

MD5 c53dc6d8050e08d12939b95e2f5c53dc
SHA1 01f3fd1a4c730cad939d243e6bb8f9fe8f1e0138
SHA256 5a690ef46a5c889adbad580b773a6025040426ee11d3817927dd1e77698e8ece
SHA512 75ec453cfa12a071322877db4244746de6ecec779c4f267cb3b9729437f3e0a90ffa2fe1d42e5baf05c159c8c6ef6c71bc7e258044162e5fcbaad10a9e93d84a

C:\Windows\Temp\asw.85de6e0ad670a8df\part-prg_ais-15020c62.vpx

MD5 29b9bfd25fabf42939e3a6877f9b3ece
SHA1 c30d865bc2d680311c68eb0bed0e356845f700f9
SHA256 ed586b6ceb3e9dcc7dd21dd7dc7addd89e71a2b90039fe15b751b367e402d475
SHA512 a22827a2f9bc3de3c6c0ed5a4e36c383b5f8d4989fc543aa1a4852034c84055925df7456c1f9466ff3923de81f9d58a6f12d8f24e782bb2e805b908ef814a90e

C:\Windows\Temp\asw.85de6e0ad670a8df\prod-vps.vpx

MD5 8f31182be4256be56cdd23c03e1055e1
SHA1 1b185cd4086282c246387f9ec676cd77c0b1de76
SHA256 737226f4b96a849b889268174bc57fd314067565a37d0a6ff09b2f89e8649de7
SHA512 354b35e13b0833e79ce9becf68800ee1a42e7e494f9d717dd0e806e7b3c65e06002586159d6cdae5694cfb871690a435ac8431adbfeb2cc17f618cb797358abb

C:\Windows\Temp\asw.85de6e0ad670a8df\part-jrog2-72.vpx

MD5 913a1102359c6918051a67099907d450
SHA1 7dfa2aa54aa96373357d15e3ac007eeda2fe92ad
SHA256 4788726d4edd31c0d0e15cab3c17af45ebee15d97e95890e524fb44ad3e3aee7
SHA512 2035cc9ce663970dabd1f6e88a33a144e80d6f07ec265a532ed70e7bd08ad6801441c990807b7331e1f64e2c2b3989d40af0eb758071447cfeaf5481fb5282fa

C:\Windows\Temp\asw.85de6e0ad670a8df\part-vps_windows-24060499.vpx

MD5 494c6d3bc460daac77acfe65246e3385
SHA1 6c754814208803a35ae0930679fd547823d8fdd7
SHA256 e7cced2e98ae170ec4db4ea7b677e020671f151a78b7ff67cb7c5278cfdd649e
SHA512 60c1c5849441f7899dc458e86175210048821deb2a8ed64574e454151c0b467a284606558c7a0252d9a23c37d49eacba082fae191bfe3c31834d872b26ee65a4

C:\Program Files\AVG\Antivirus\setup\Stats.ini

MD5 f23d3cc3a2673a01792f68eff5df8ec6
SHA1 6d36a8e385743223d6127b06e159c457b12433e5
SHA256 3e00ac2c309fa36ba0cf66f6375cc8d14847760f4edad05bcdef1984327b0240
SHA512 004c08221750dbac9494c90b22db20cd9cf797d5c911f1464057a3a61d89ec35318b395453bcb53438167dbdd64fe9f6111d3852999246bf496582661cb28a81

C:\Program Files\AVG\Antivirus\setup\Stats.ini

MD5 9b4b8ecfefb2a862c421122e64b72932
SHA1 1b84f922ea3dc24ea96ed7ffd68a76f925c69030
SHA256 e26b245ada8732d8a9d19c1ff16c476da2c6909707fb6c4b9e6231cf16f4068e
SHA512 f0b53e05f4f32909b8e06d3c2e0c7225700f92578a4b5deecd6cf50f449be76428672e5ddf13bc859f13531419b08d094c265a163377a93da4bae8a065e0860c

C:\Program Files\AVG\Antivirus\setup\ais_cmp_bpc-7cc.vpx

MD5 370fb8113ca63fa92f7037df74050faf
SHA1 2ed9d4164c5dafbd38dc0dee0f3edf7ccabfe411
SHA256 79421461dd25e721147e2e676b0c33c5fc3897126bb5f700e8f60e0d34175ce4
SHA512 c197ad2368d138af4f0f220ffa16d47e29bbe8456e19bd097ac3fbf16fd47439218a77546312d5eeb356f7fe6ab5ecdc16f010710b1b89f75f6175a6632c3909

C:\Program Files\AVG\Antivirus\setup\ais_cmp_swhealth_x64-82e.vpx

MD5 db7a407c200d1da0694f5c4ef6a92f15
SHA1 870648a412aeea32ccc03dc72f502ccd0eb1cea8
SHA256 5f0fee031ab19ff41278afba5f1b9eacf022d1c632e1b6bf3e777fefe837533e
SHA512 286490a278688967bc7bd85d6bea4b70d4bef80d47b49551f9b5354362dcfe94ea2d22a76e5b1558855b385dafee6052d3311b78ba43e3a281a27686bf9a9b2b

memory/2196-1239-0x000007FEF2E50000-0x000007FEF4176000-memory.dmp

C:\Program Files\AVG\Antivirus\setup\ais_dll_eng-818.vpx

MD5 953cc8dab407cc320911adb8358fcd49
SHA1 4ecd20b724ca5718b87d2cd27745003902df2534
SHA256 748a4fda0713ac82afedd5c2f90848fbb743772f4c6268e70ee65285bbc48c7a
SHA512 ecb068dfb5334ecada79e0eee629bc7d4a10bf3fc7ec0044f8747e7137f65f466f5d0d6a0bc5ad9af0c6748b695a153baf431888e1df32433d8276c44b824174

C:\Program Files\AVG\Antivirus\setup\ais_dll_eng_x64-82e.vpx

MD5 a469beb68e45ce02e4e541744a95783d
SHA1 32d05acc7b266fced0a014ad07843625b1908d1a
SHA256 ea9301a1fa0ed024ba39947e9a76822c52c978397d25d0edca66d234ca012a8a
SHA512 a1bd6a24ceb0fdd07a13baae4e0a1b98ab22fe702cac4cc5f8acf182ba28879ba6c27c2b66a44a77261b16b5aec5608e0a2f18f62ee6f416a9baeb88bbb8a8df

C:\Program Files\AVG\Antivirus\setup\ais_gen_streamfilter_x64-866.vpx

MD5 2641147e9142c41d9761b2da182c4619
SHA1 6cd4a9f62ae449ec3ef636e544b53686ed24d855
SHA256 199103456394b7ea5c6f99b02bcb452145f76f1b6d02b357f84e568b67b1e63d
SHA512 2e2839c794a82a2afd19697fd242647848488454d85bed1bcba128c2cfcbd9eab3f0f16c6436542deeb866413f52156df5a9108b8be2451d7e1e68720f539ae5

memory/2196-1306-0x000007FEF2E50000-0x000007FEF4176000-memory.dmp

C:\Program Files\AVG\Antivirus\setup\config.def.vpx

MD5 13d785aa25957854194131844bcd6f66
SHA1 04c2f25c33cfd14cd6786c228a8f95495431e8fe
SHA256 0f3dcfbc803a7f3f4159e19cbeafdc51011af38e8c980d74e6710b0ed5203113
SHA512 61706cb94289a041d10d63dcb1b6687cbed02924410902f5924f89ddcc0da27634127d0a445234f3fd59c952cf1a121e68136428f5292ad14c5e7a50480de945

C:\Windows\Temp\asw.85de6e0ad670a8df\config.ini

MD5 f7249f3af542b5efaf7dce9a1df4c491
SHA1 75ebbab13e5d376bc60026c93ae57f5498f21b25
SHA256 5c552a70d76b94ddf1c59838d650bdb06b2abac9495d901bfdf06d9fe60b7bfb
SHA512 28d88bdc323255017db18bc967860b146d2a40ea98e1e08f94cc0d4952db43cb1ac0644c71c7c1d124524602748e1c8e07155cf85782dffed9b7f734fa318f39

C:\Program Files\AVG\Antivirus\setup\vps_binaries-72.vpx

MD5 40c791ef407f6545d5dacee24ff4d6e1
SHA1 e0796804633cb3376a66d356d7f7f4c1326bd743
SHA256 998af0c455fff90e502d7c91ad6b8b57c855e2cf30959460a7e615696de965d5
SHA512 7d0748fcbec2129c33f7d7d4d482ab6e9cd1711bdc1debde76ac90b58c9d813ad698f3f0ff932f7c2ce247f325131c437a767c3704a94278c9af487dbd2a5551

C:\Program Files\AVG\Antivirus\setup\config.def

MD5 fed5cefbd384ee0903efeaaa12910806
SHA1 f1d4e24ee1cf576c5d281940b618585547cd407b
SHA256 a3f220d970fdf591e029f5f636070a77e2a16d8a93000a74e0dc0686fe318200
SHA512 7f9aa562897d19b2b1188518f4446131a1dd2311509f187d95d314dcec30bba1e4e8d83c3273cd11d69f842a94c74b8964041612ecd61cb59e2e74b7981e35cc

C:\Program Files\AVG\Antivirus\defs\24060499\aswcce03494cf775341.tmp

MD5 573781b656c4397bfe660e1040030b64
SHA1 c00f6d2c850c1ed4b09288911237e712c134443e
SHA256 4cf5ffdb1d88114036021b1d4183b0516f4f86f8e3345f59bb5dc9e7e4417624
SHA512 1f2c4ec81009bef4eac8d445e0d3cf518551a94668065d76a2d6538407e81501f62e8467e2618d98dfd74120f142ebfa8f498bd6b3b892c244096f6478f8723a

C:\Program Files\AVG\Antivirus\defs\24060499\asw3aec5271f9be3c1e.tmp

MD5 044a4e64027075c3b9f35a9a996d6c7b
SHA1 bc58f162b7a6717e7c1068e432d15d9ef81ddfc5
SHA256 476f3b6aa699bbdeb982bdfae4849b2217e3bb391f7ef0130a3a314b9bedd818
SHA512 c25669d9685782a4418557b3ab9cf3bc9467b6f9b1a28d58b6ddf82e44043ae886921d021f5ae7bdbdc7d65386aed33c59e242ff4de8d0480c21e015e0498488

C:\Program Files\AVG\Antivirus\setup\vps_binaries_64-72.vpx

MD5 69f6b45199b4cbda6121e4f1fdb7f619
SHA1 d36069d4db888ca69de06b2c79011da975a9fa0e
SHA256 88af2c13019de3853b759b96e806cc9a72ad93e07df649b22d347e9106c2d550
SHA512 38fa8b4ada9961c1b09a41473adab2309024224b7eae64bc43b045409ab4b9f8ba26e55eb28799b91b2b5f8556756176d99c4dc8e4b2f27360c9989e3f336bb5

C:\Program Files\AVG\Antivirus\defs\24060499\aswc7a5ea968ecd9fe7.tmp

MD5 ceab9157ffc84305c33d31d3a6d32f81
SHA1 973d91ea23da0ed187b093f6537e788ccc5a29fc
SHA256 da9dcbed4fc91921dc51de51aab9307e48bea6d93ed0f531074d7d5297b8159b
SHA512 d82109b558fd59efdcd3dc163043d115a8953bdf38bb57a1baa34944be5b0afdf2e6c2f652469d88e78bedf37c4dcdd13ff7dac0908855c89cce3f936175935d

C:\Program Files\AVG\Antivirus\defs\24060499\asw3ab633d0c840b6b2.tmp

MD5 527ed4ee5eb272155dab8273c7371bd9
SHA1 a82bbac45910dc6564b8d0653b0b24ea68b37e83
SHA256 26f033a17a8568b560a7be03116931ccb7686c804cb0064be9049aa570178911
SHA512 a39be1af344a6a927dddd2a1d657cfa1fa81572a55855776b77ca8020efb8a724397bcdc4934a62aeefff5337b5756596bc337e811f2286db8f296a089559026

C:\Program Files\AVG\Antivirus\defs\24060499\aswe2c063f1c4ab8e57.tmp

MD5 d6912d43413f245204bb5a94220ad9cf
SHA1 18c8b44c4f0ede3bae9f1576429e62798b87455b
SHA256 20ba111995c272d320da3dbe0819b5badcfa9a13bb9d2580f40e01cb5e2734f7
SHA512 c36a8199d7fabebcc34410692618551ab0dd307fde07f2d16ddec0e2cb6b5c3f253c6ed51d070835966e094ac8443961f831f286de19c6b10038bb78ed55b777

C:\Program Files\AVG\Antivirus\defs\24060499\aswbf061e3dc849d3be.tmp

MD5 ca88e068e27a54377cf2d3588df99182
SHA1 0e9a7d7d5ae71264b1bed8b623d3012b7c661e38
SHA256 274860a0ac9fdd1e8597628391f944d2ce9a3ccf8f399b6c6ad8f94f748eae57
SHA512 0f2edb8dffb20996d897f9f106408b1bc26e40a66d90e61382f1b1042f4ef6c34d1bb91dc2e09a6de9f29539e8017dffba5e246dacd843d1b418aece09ee1581

C:\Program Files\AVG\Antivirus\defs\24060499\asw7d9da53df0921e16.tmp

MD5 29dc788df0e70daef5d765516545702d
SHA1 5f931223eb43e55950160ed8a3e6a5ba555bf557
SHA256 a238a740fe82b97edc90d419b776add7c7fd3f2478b0b4078e29308199e02825
SHA512 29cd8a4c61383f51acb3c1576afb35bd678b040019430fe2af2fdc011473ed4a86ead31eb3ff18e98bb61e254c8110da71c1871473af898f4ead74eb3c4a52e7

C:\Program Files\AVG\Antivirus\defs\24060499\aswcec8b5021c312bb9.tmp

MD5 3e4b0c1e4bd1d410b9a9cad0194ae176
SHA1 463c9f2288d5291023aedfaba52a84f4babd23fa
SHA256 41a3b4d2a8194680b13635b99062ecb1793b14bbe087ff2bcdcb99ad1f8e5157
SHA512 695d83ddc50983fbfdf53f305778dec6996f23651a0c0f9567290a59d5651c545d0715247d9badacde6dbef859cdf32044ca40432b35a14d727b0ba11bd5b825

C:\Users\Admin\AppData\Roaming\XuanZhi\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\Program Files\AVG\Antivirus\defs\24060499\aswe48bb1f1bce887c7.tmp

MD5 ca3fc14751fb872614eb730d4b1f59a0
SHA1 d18e817118fdc586761ceea72c8f2ec67164ca7e
SHA256 7d3eedfd2e61ed725cb9bdbaa828d8301ed4670b9e460b6301e963d94817b108
SHA512 2219704b33232d0fd54ae537fa7f2c61f329a9a704b151502a5d39c235d0abb0e7ed4341108aa1c853f0d089c6b0a07fc17774d99706f85aed24abf92578155b

C:\Program Files\AVG\Antivirus\defs\24060499\asw7242ff02ef1d4995.tmp

MD5 323e8ca082e3530cb70049f651b8949d
SHA1 cad692628fbdce901f7f3cca54285a8d38147d3b
SHA256 dcd8180d824f5367563f2b9197e8942ae6e67b54222ddb66877784d40115c344
SHA512 e880c076196b849c40ad83b73123080b3b70b57fcf36f89e4f2ae09f13bea30f6184247c1c0147f87928bdb4d401dd066a58f47f15bbc1fbca5cec636885a6e7

C:\Program Files\AVG\Antivirus\defs\24060499\asw959ea62f3154f798.tmp

MD5 4e0c8424a5e9037ce3bcd129bc2b7ba4
SHA1 1205faf5e49be935fa8a7647fca6dd9b8bdbab5d
SHA256 164bc95cb7f2ec7a306e91700234c1524c2a8d697da0fefacc367fa2a3895b02
SHA512 c5bb31ca3046f6ea1ec762113ce47534bd61d53a9e5236fd75853f68004cbe66f5555353f46f6c4bf82f1e197b3b1778029e3a4354ac02a345a6561be2645bde

C:\Program Files\AVG\Antivirus\defs\24060499\aswbae240e8de6073e1.tmp

MD5 d2afd556e871a244c9add3d4bd9a67b2
SHA1 24d153ac3f3907609dfc5e5bc0da3ae87a212206
SHA256 36146f294b5af112d864b571f11a70c1b87c7ebf524abe3aa0b438f0d13bb315
SHA512 8b67297c74bc5a129613937fba8a04f1ecfb8cdea6b682073c02ce2961c7286cfe8c60aa3dfa8b8f61541d2d1cd27dcffc2375b577eda89cd11c0e9307dbab3d

C:\Program Files\AVG\Antivirus\defs\24060499\asw0bee5653f66835af.tmp

MD5 5a83875feac4b97cf0041cfd375c1b50
SHA1 3a5798349cef75893285ff4777622fc398a9681b
SHA256 c324171d285fbbc0543c5b5506c14fd5d5502ad8175e012311e5b1ea06670902
SHA512 b79f2b24ddb66e41ebba3ae8af92d99bd0fdb01e86ba691c089b361dcbae776f604cfd2ca479b17a2c4a9a2d393778d585931ba2042f9bd37c96ccc53d9893b2

C:\Program Files\AVG\Antivirus\defs\24060499\asw9951fe1f0ac1f7af.tmp

MD5 af097df02b06eb36254b85a9ac25d5ea
SHA1 2529635a2682829011b67194115b9c77b18ded0e
SHA256 a6dabd1b62251cbd9d4d9a2c31a936e8075c1a5c3f029574542923ddcf49dc77
SHA512 78609c0e2991afca98d2a233c66d3d7d726d24f7227e55a6721a1aaac3f1a2a05ffa70f6851a2b61b1b5d531ed67bd1435ca05b2dda5f536bf317bb592a67150

C:\Program Files\AVG\Antivirus\defs\24060499\asw24dac59bb3c3f1f8.tmp

MD5 1c35f8d706cc4abb4b94b1c02dd7a826
SHA1 5add50f2c7e2419f1610e1a0ab1b2b1f88344f47
SHA256 6675a32f5de08e4cbeda4459b2ac400f4dba377da4fef75afd40663113f7cd86
SHA512 fbbe47e92b57d38e28f4b23b74b5f332c3d5ae4d10022d2f8baa9bc38a4557dcb014bc00c487213fed79e74cbe107ade28d3d84d5eea630bbd0ac86d0bdd1b50

C:\Program Files\AVG\Antivirus\defs\24060499\asw948452778a7fe238.tmp

MD5 c45204aaed0c49d89ac262b25a1bc4a2
SHA1 2a3286dfc6afaf176213ae05eeda05284d868a42
SHA256 5cca5b24e09c30c61d4b278b92b6b6c1fd0ca5f3bfa94826d1a63b1367c40fe1
SHA512 1c693e5cfef8557457a69d3a6ef7662177fd05ca6521456e737a845ab39580e05d738f912152399601bd09cd48243f6f6ecad23ca56db7a07bdd3177804af8c9

C:\Program Files\AVG\Antivirus\defs\24060499\asw1410712fd412fbdc.tmp

MD5 b4b90ebf7ed6ff35973851a25ddde362
SHA1 1be82c4212a54263885778b73c74543939f3a794
SHA256 ba4baafefb1f9158cbf26c55bbaf0c83c9c51061fd1d2299b88460c11fe63bfa
SHA512 c1323b1172bf5c07ed3ee68d76a1629065ddbcfa109b0eaa93d90b105072897a23fe233c530cfb1043a80801263770c06ac10ef1e0abaabad1f63c7e326a1648

C:\Program Files\AVG\Antivirus\defs\24060499\asw7c38a0713f19f305.tmp

MD5 1b58d128985c159d8283aeb7a81c4fe7
SHA1 3708d092c649cd5b14fd98bee441b4fdfc40ff8f
SHA256 a72dad93f87a11412c69f5b85e816549cc475b033765f586be05cdd5a6bfb76e
SHA512 6f0b929e708d6da871f8e658cea482f49e9a1e2cf4e232009b4e9ba8176b9d08b612acd4c66d9add81a7d285d8a4e8b6a050535689e64953a160dfb0112ec658

C:\Program Files\AVG\Antivirus\defs\24060499\aswb9abedcd2e6c6d5e.tmp

MD5 83f2807f0a0328b99f107b16fe975ced
SHA1 9f7c8a538fc5d78e3e84c336fe1ff5cc1ddd09da
SHA256 e67d4fb97162c262f2ce804629ffe46795a7a0767d34a54459f8691c6b8f37db
SHA512 6d53fe84f4a129f87292d1b20b80cd2a76326e8f350969b8194f972c11b4e536a27a3201e78f4cd00da8da5a689162bc0b3174b1a428e971932cb5816752adb2

C:\Program Files\AVG\Antivirus\defs\24060499\asw0d2b1ca97330e164.tmp

MD5 ab5bd8e8c974cf84a64d3edee1f3d32e
SHA1 d30a4a3a19ae87a84ae71a22fe75f01cb1290ec2
SHA256 8355dbac11c27a4d1ed544673a4a69378c8170cbcf64fb0764e6c9bdc093fd28
SHA512 d87e4262d8a6b8e4b501fad95883e412b7c0a2332fb325e01c7fab258438e22307bd04d1a2be2673c968d9145c766c52fcba3215adef8671139162de4fd7e587

C:\Program Files\AVG\Antivirus\defs\24060499\asw7354c1ca2439d417.tmp

MD5 5665acea82401ffaab6d32455de265ec
SHA1 208483f41ed8fb45ec68dc2722797199220a5232
SHA256 6fce9c55f85bdddd7f3971a30eee9196cbf20a2bd42147695907e369374cf729
SHA512 1d5f55ec8acd2a48ff3c81b2fa9f8f12dbe65c815c6f16d6a0af844c6867bbccd7a73fe22679fbcd3013cfe225186f1f16f9876b3c423bca2fa36702eb9a8d3c

C:\Program Files\AVG\Antivirus\defs\24060499\asw0407a7e8d007c8ca.tmp

MD5 d28cfe60f2f1140f58519a0611aa87da
SHA1 d8994a5ab24025063d6b8295f4fac3c3edf545c4
SHA256 b86b8df3fd8dec6fe8e516c31061fe6a3b1b3ff383a3130f8e9febf042a8a26f
SHA512 cf1368c0c287ee63124126b3b8bc631acba86c4c9e7ea335cbe4a039ee2c2e00d62fe53cea7efcf8f7c366a72a34264e15010c35f477297bbf335c09a786c085

C:\Program Files\AVG\Antivirus\defs\24060499\aswa73f84831580c5fa.tmp

MD5 71e853b42f93f8dcc3cad9933f7050e4
SHA1 1031b0ed23c1278b18936fa091f14f52ee42b051
SHA256 f206b3081b1728ee4d399937bbcd12e14aa77be26bb2ecc7d9fd65abf245f74d
SHA512 28e17bae7e6fb135b77c98f54c89e7484c43745dd6ba663c0a0215cc7c65402b069061cddc485771d8381f29d4cb389de622ef921dad9db1df4b0f2a48468c49

C:\Program Files\AVG\Antivirus\defs\24060499\asw77a3b4cd7b0d1bc2.tmp

MD5 5082d74bc287d7a726691fad1530d2e7
SHA1 e15c358511bb9ac5cc05610edd523c871e99cb40
SHA256 75fa813c73ce9b24570c48f5d027076e06c83aaa6f8ce2feb9e61fb22c071898
SHA512 f005077c05b73842d8347592f595cd6c6618c6a7b794f89f87ebc0033d558c0472e562d2a8714ef16d886fa56ed87df523d16626f8cb9d182258e3f401ce9f6b

C:\Program Files\AVG\Antivirus\defs\24060499\asw8416d42b31028fd2.tmp

MD5 3848c165f2b415eb211947f55698a4c8
SHA1 8e8761f8ac67656b1dca5b1da4292f301fe8d412
SHA256 f258bcd53d690fb44bc4428855bca78f4e7f0302a9f95522c38ebf997955ef12
SHA512 8ce0277d98cf7019a64149972b17239bf5da630c2d0ac48e7fc96271d73ff04632d78998a2f3747ace1413cb2a7877dc328ec86b54ecf2f02c7c7fdabc290069

C:\Program Files\AVG\Antivirus\defs\24060499\asw94d791bb73925516.tmp

MD5 b055afc25fa68acb7fb20114e8a1fc12
SHA1 b20b5e81a957c90c4a211a9bb8c2c51f97bff9e9
SHA256 3a14537ca4e6f39d47cb8cda0fc81e2970eb3a112cb64c5ac4dc5bd0bfe53372
SHA512 bfd3e6122858691b27f67dcce0b84a2f5032b5c83bbc68f2f1a5d2d2f411fb0ac06d7e2a7f99beee1671902dba1f05960dee9f6c22308af0befda4777cf25704

C:\Program Files\AVG\Antivirus\defs\24060499\aswa8c353510211aa00.tmp

MD5 29f9b605dce1f6e1d0ace7c3ca89aa8b
SHA1 5b00b6dba34e90254369fca547c12abc415091a0
SHA256 90971f5a09e220ebefad248d59e5feb6bb6e1b806a1599e1bae1e2f18c986b3b
SHA512 8f111e838855a3bee58faecd6683104fbd68bbe937e88ff1df72fdcc8ae7f050d806aecad9a29032dfe9d2cbb8a3f52c37d0a5cb8d9b011aa5c510048edb89b6

C:\Program Files\AVG\Antivirus\defs\24060499\asw0d9144ade36e4d1e.tmp

MD5 0d69c01da75ee8d79be0c10fc21221bb
SHA1 93fc84013d30493867b8df35b90949829181d69f
SHA256 5d3620677a2a006785c734e1580e08f99cfd6d99846e4d9131a81237d094c5c1
SHA512 0b26fe064b74f28c828f2a18c55683b5abb370420fde45691d0f66f4a32b1b695b2bec1c388b6c12119855426e92a106560c1977280499e35422de9ef90458a2

C:\Program Files\AVG\Antivirus\defs\24060499\asw1a2498c9b38fbde8.tmp

MD5 fe947ec2ac1a66855eb13d50d5e9da76
SHA1 888222ffa1ad5986798f3bfd51a9ed7685d88e27
SHA256 9c4f3b387350905f1a3f76b2f7713938cbcf5e400a12520ede1038eea98c48fa
SHA512 0394d42e5763512dcd777cfbd6f3d6841cb75c772baf88a62fe081d0a7279884f65b2513350639cc4aa761060eda903eda1feed1a60be257306e4be3eb44be2a

C:\Program Files\AVG\Antivirus\defs\24060499\aswe04a844e9a3a58f4.tmp

MD5 72610141d5a8da549efb60b2061bf577
SHA1 ca86c49e4242f9e98a2f853757091b8bebfbda6b
SHA256 4a3ccc607113e6655843f6842a2d59007b8f5658dffb7b2e2fd8f5c684c70de9
SHA512 7f530387fde637d52dafbcd35832fafd5ea2d7329549c878301d88b0e7e52214f164137a87c8922c6f1a30934c2c6cb8f7100fb9d22258ed3f19e3f18ea2dedc

C:\Program Files\AVG\Antivirus\defs\24060499\asw6bc42fddc8d406aa.tmp

MD5 03ebabf0f3fc4dea240e018a4109b093
SHA1 c540c970fa72299efc6efdc4b8458aec7db9851e
SHA256 8fac6b87a915f1e58e291253f6fd2f251bffe72a6b05a654f86196800b36b1c7
SHA512 51dcd0b21a1522e15e6e10aac4ed4c1f9f47232193e876697d2eb60229230089f7d9d4225737d0fc87b9b23dbdcf6962787d1a719785dcad4e56240fdef84d5e

C:\Program Files\AVG\Antivirus\defs\24060499\asw82a35ed96cfab09a.tmp

MD5 26e35ed9fac74e540e52983213ca2d73
SHA1 c371b9ae41f0483eaa529af7c8ff76250b6590aa
SHA256 0c20737290a1e32211a4851e5f80dd84c49708aa43b1020ded5f36a0aa270f69
SHA512 60b37a36b83cf2d06e01454de1e5c72e9ed330d67ab18c949e63bd6e29c62c324a3f35ad8c842cab9c780176884b0bc33bb5996aaf9f0d6a9869b2544c174842

C:\Program Files\AVG\Antivirus\defs\24060499\aswdc24f1a13659bff8.tmp

MD5 6eddcb84b3aa0b3ac9d17cbb5c4ab6d6
SHA1 35712dfe5b26b42391dfe47ab762d4061ad91005
SHA256 fb57e50c623f7fbeb3edb0319b58c6a1b49a9dc639ab9455b2e4a2e35ed57e95
SHA512 02c06421dbbf82c91805c7442cc4406a49e30a736f54bd8924ac75b6c1b84ef66952184e27831f919542c390300987220f897cb425bdbd651fcfde5f53081497

C:\Program Files\AVG\Antivirus\defs\24060499\aswb7426ce5f59b4cd4.tmp

MD5 af8ec4de316d1021a4e13c1bf77d91a0
SHA1 7369ec871fac4c6ce58dbe7c678556af25bfd8ed
SHA256 0c686534168834228d37e7f544ed2b2f39c3c06f8e246fcc67336a607aba112d
SHA512 05c7f5cdc1130886b4746fdf43c9e6466b5cfe3ec1a98df3c2ae601c77b2f9221c70a702db0b5814424191b3979ba5bf9f2caea5bc75b63dd03ef20383ad0eb0

C:\Program Files\AVG\Antivirus\defs\24060499\aswf03999f6e148e388.tmp

MD5 932b35c1258990c16c5abd16e8aef4f8
SHA1 bc4a0c2e26b6a004f8c116d78151b3bd95c00a34
SHA256 54e7d5be13c1d5457def015cc89912d328f11122a37c2a3afb8ec0f3b8366875
SHA512 0cfe081650d74e22f832b73d1dcd7e8fe3f14628c46b1ba5a439dc41fcab44ec75e467a55dfa27bd3310e3da5c1ff42adb33813c405c0473e75461cc955f159c

C:\Program Files\AVG\Antivirus\defs\24060499\asw3be1ba86d6a4753d.tmp

MD5 bcac7e3c4f462039f1db5144752e2dd7
SHA1 c0d10efc98d188c126252887576789223af3b650
SHA256 fce1750b67a7b5d172a3f2380ae0e5bc4d38b2b9d73cafeb247c1f76055a7696
SHA512 b40285c051d6ff9b1fc3bef489df120be3c83142c96fdbc8068f1ce1daf2a92f89c24778fe9f9b87066f26efcd639d3143f404d9d7d864ec3f6fb71039bfd0d1

C:\Program Files\AVG\Antivirus\defs\24060499\aswe023eaade29bf15c.tmp

MD5 a65d7854311248d74f6b873a8f83716f
SHA1 d091d528b2e0e9264a0d377487880607ac870155
SHA256 68484e75c86aed8c948d83a9c55ca4d0b557987063f5e47493142d8e09837e4a
SHA512 fe87aacc0be8e6cc9c05725f7be3392ba850171e028f157ce786eb1ab6b5f06dac99b21394967253b6a7d0148b0013a2fd91d6d55afaa7ace52b066c60d4a79c

C:\Program Files\AVG\Antivirus\defs\24060499\asw430fed91c3bc425d.tmp

MD5 ced1bced491069f3b1fe35cbfb91bb6b
SHA1 836bf0342531aedcd6866c8a19d3e2599c576916
SHA256 be36bd28ccf235743e6a8dd8a8b944956c520d56ad7503f31a157e6876694fc5
SHA512 e882ef19b90843cd483bf44826f4b8df22e1a44df2ec83ea529902280ed532d287ff132701c3acf1b207492c9a8e55f738aa88902c936829d3e8b30d6ba85d72

C:\Program Files\AVG\Antivirus\defs\24060499\aswd8d916cadba21459.tmp

MD5 11f98d550722fa37a3cd33b2552ef4c9
SHA1 cc0cc377f96f19f0c438378dd1b8d0839ebebcc0
SHA256 21552f5086b2f9e37846ad974afa40f89ad87fa716aeadb27b29a698daf4743c
SHA512 e7b661b492bb3e58352b1e8a346000a420f8bd868e82a1a341243e7c8ec43bb1e29569463d1fca05b44993128e340eea699623a2934c773760f97cbe5e268f16

C:\Program Files\AVG\Antivirus\setup\vps_defs_common-72.vpx

MD5 083852bd1036874a04f120ff6f2f3f0d
SHA1 cb9dded05c8280294ee14e18e368ce0c81356c9d
SHA256 6a12be54dee1be8175ba622d1bf12ea05ece11f22d3ac7df8487e7648a6a5c02
SHA512 64acf75b2c2adbb5f48f6ea6c928fb3ee5d25a9d2ef725212e616bf4ffa191d66ea06a75ef658080ce03c592731416a2ac9d8672178f14a171efb85819e230c4

C:\Program Files\AVG\Antivirus\defs\24060499\aswb7379f3083e858bf.tmp

MD5 ad06319743976d131952434ff3022641
SHA1 6e9e1f85ab1df31148ff32710cc9ed7ec5947e8e
SHA256 c928be3e2f65537e18620773392feadc2b234a262ec04d982c47e2582332f253
SHA512 a228e8bf442da3d3b060f519030c6677145f6e2fe6ef5de03f661e8cab564747f7c63aba04f64a08ab340fec5727015572e0e858d42a04f7cde27366c500dbb3

C:\Program Files\AVG\Antivirus\defs\24060499\aswa4913ae6b1fc1da0.tmp

MD5 e37cb393734f85b4c61a1eb81e8f5747
SHA1 f4f0188e327a22a29b67d54b62935457691cc9e6
SHA256 140bc964a8c230b7dd8793af4ac7b590615db2c28f4bc12dd72ca96b99ed2aea
SHA512 2e3e80e55c66a6f2546e67793c1ccdb8d2a72ebce233ff29347bc57d73867cc35ef35ac25a5589c6d9ee80c0b447105bd73be4fab228b5842e3ddca5fbc02dab

C:\Program Files\AVG\Antivirus\defs\24060499\asw3efe18b6ecbd7484.tmp

MD5 5aadc3e31806537f0a4bb2b285afb291
SHA1 b56ded31df2e4cb29f1abacb52492e2dc8955472
SHA256 ec2d0aea821100cd30600fa6e553a20fbf61d3cf5837c2182f7d21754df00d56
SHA512 a756dff11bf80d974232e761767b3c425bef2c5ef140c8e5d36aab4896ce8f15b5fadffb520e16adba7c45a62b03503454e6381f1fa886b024415128aa19b1c4

C:\Program Files\AVG\Antivirus\defs\24060499\aswb57cc6d0b9e03696.tmp

MD5 de83372613b2c66a22b01aa77deaa1d6
SHA1 241c279371ad77e6c9a1795305d4e2aa70c6a709
SHA256 96656ca514b11096deecb895fb7926f0bedae5fe32e5330dea881a5277dcf477
SHA512 fdfc9011ad7d111e9c955162f34fbcf59ca552139d69279fc44f19215a3b281d2cf4b2c30bf3cdff3739d3a7efe80dfe93f7e6b2e65cb7d76bd8f1fab0a7ac75

C:\Program Files\AVG\Antivirus\defs\24060499\asw72f7943f72d971d6.tmp

MD5 e271d8180e601124d63ba55d0748b624
SHA1 9615496c70d217c8fdf33ed4e27bb123545bc501
SHA256 376f85d01efb5739c1fcad981d371bfd225b19396d426dab33afd9b16ea6bb50
SHA512 745f7323bd2306eabf37ae17fee46aeefd1e6a5194a85ea828792f6fecf9b0b7f9288ddca476076194e775cfe5cd0c31feecf15a5b36c1ae4032978bb0e83cdd

C:\Program Files\AVG\Antivirus\defs\24060499\asw3c65ed3ea8954f6c.tmp

MD5 c9844445b3b7eee2b45655aae413b5eb
SHA1 003d93dbf93d49c87948f0024fc53e62fe9acdfe
SHA256 4b78bdbaddc9cd75b06843ff415477ff7e0acae26857fc5217bf1f6a5f443df4
SHA512 3cd3b56efe9f59a592489ba0056ab89cac0f1cc7cc5a827b4203bf68640b0a3f34591e115ae2f09f125c5f3e94666f810d8d159aa8b74a2d0d08d799e5a7b5ac

C:\Program Files\AVG\Antivirus\defs\24060499\asw40fde23e5cb5075d.tmp

MD5 35a76cf7ffdefd9316cd49fdc9575d0b
SHA1 75df7e545b6f6b78d5641382309a50918a24cca4
SHA256 8c1961e0ca74439a7d26684eff130d16561d9eeb33b0bc426625359f64aba98a
SHA512 9b2ed0c84de57581771e896c48b424dd6ef198bf3f87791f31964460937ebd12873c00392921b5caeb482e98960dddc4843b8463f553441deabbea096c286678

C:\Program Files\AVG\Antivirus\defs\24060499\aswa77d9e1b2a06839a.tmp

MD5 09e5ddfc788457f54e952c9ee9fdba4f
SHA1 77f0f8580d86480e00f014f799de36e7f29ac320
SHA256 6c005771be2e88c447fe935d00d94262733c5e081bf82f03f6b79c3a40e89659
SHA512 c6ce41b43a275326e3ca044c531e5837b14d9325e7e2662e2e90072fb851e1c0df75f0f77e87f0eb89101ee106d5c776be6f736dfddece2de3c55ca19370839d

C:\Program Files\AVG\Antivirus\defs\24060499\asw7ab8273a3a47ba78.tmp

MD5 69be9d4eb3df7210d63fc23cb9674fba
SHA1 3e8cbeae9c3633822bedf220c233092cd84937ea
SHA256 ef702bf5c1d21dd5d3bea2502b0e85581be11055c9fefc1dcbc8de0e2df19583
SHA512 1f957bc723d7ddef2c15281401d3ec47db52eafe20ee3af8dad284ff201dce3b6b4c78a3848b61d65808f275e2adad913608b935530699e1158e9b959116d379

C:\Program Files\AVG\Antivirus\defs\24060499\asw6fd2beaaf297c628.tmp

MD5 385fe9c311625869a9e33ca267db4b78
SHA1 33eab130b83e9eb47b84b058e7739751f35323cb
SHA256 ad6c15749a554137efd888ef1dffc3cc90a8ad7290bac9816ea7a77839768277
SHA512 efbc573ad4925b3d48618d84281f08e7ed04b1d581fbb384867d1e3d1288cd06ca276810bed8ec280205b240c5437ea37b78e78d05795ea3eb279785d5a35cf2

C:\Program Files\AVG\Antivirus\defs\24060499\aswc59fba65dba44732.tmp

MD5 ff97607d3f3a19092cd719dd437cbc40
SHA1 6958f2d03eabbfbb0995e24e48d9edaebe1446a0
SHA256 740645c1e4e6ca7be799dd2909b956b657e8bc76d8b2da3d3a5112ea35f9bf64
SHA512 0de76d1eaf4fded9f32cbaf6b9785ad1ffc7a27e567dd25cd002246889f9adec65f0fdc00e0578bb4c9b8bcc1727195a4dbdb5524559325d7e0bd8a09df3b489

C:\Program Files\AVG\Antivirus\defs\24060499\asw8cfd38bef0d58ba2.tmp

MD5 653d0ed1b7443bd190f8dcd521bdc55f
SHA1 f72a16788e776215e4791181ecc8d8e285a93daf
SHA256 0fd89050027fb5952cebaccc7dfd5ea7d4fa45aba206ac11563fcf0afd3a2747
SHA512 adee4ede55a177541bafce1e3656c3e49a0fe860cb839e77c8fca3ca5ccbc424eb3382b7e7df7c7b0592a515b537f135d5cd1aa8fbd0917d4b9d464cc18d2237

C:\Program Files\AVG\Antivirus\defs\24060499\asw81d1f2b7fb3f95c6.tmp

MD5 e363186fd2ec913c09b52a6096441735
SHA1 7a4710fd2f29e42dd168f1fdea124b2e8d091245
SHA256 d21da4a8fc9b38942e213017028ab23d496bb7e1b67a30c3415ed3a3908707fc
SHA512 c36c4ac2028c9d2863201ada420035350860931304364cd133629b44ec9a3b6f220a0991087ab48e77871238f95e11367a0c40e222f2db8438ee1cd92c91128c

C:\Program Files\AVG\Antivirus\defs\24060499\asw11af9c2894ba7d5c.tmp

MD5 6b4ab38fa5acda4160d1b2df760706cd
SHA1 c8eba3f8a7d3f197a49361da29afd7e59feaea99
SHA256 6ff9d0d6fe7e41c9e2f3fef82587accebf8b015526e2d95e83a0e5eff92fdfc6
SHA512 d89a9b09e6b65d574eef4bf064ae2f3d1f886bf4390d97267abc6157e5ce54123986d738c5c62c652d537f33a67c13b2794aa3a481c604b0e8291c311e8fa9a3

C:\Program Files\AVG\Antivirus\defs\24060499\aswb9f6bb3f401fc24c.tmp

MD5 d67271bf34dcd4794ae016d824ca8b0d
SHA1 6ecc7241bacb2a75371e84a938998470d84913c7
SHA256 d5552e5e54a86305536dfcba5b0b0648acc0b270687b443d7a158c1101320612
SHA512 610fc6ae8b9b25b3bb3d64717f65531d432e8aa85e10b73fc4c46769f6aaefccab2fecc73e72b5817cc3526fe6ccd27ea3753422c197218e4ee656692e1647f1

C:\Program Files\AVG\Antivirus\defs\24060499\aswdace05d795647970.tmp

MD5 534fe68a98dd9a38b72506bbda9a9daf
SHA1 8b33da97ba8a55c28745536ec46cc3fa22876c96
SHA256 847756a48e1371ae2a6008772ec5e7993db907c2cef716740e67c71aebd89bf2
SHA512 8495e8c23b463d84513b25d472e31cf8b0be902d9a4f24bea11e4f39f8745d6b6a7f5d26b5e211dfaf9570ca9f16174217a6ef4365c846b1650b0fda0ccdf6b0

C:\Program Files\AVG\Antivirus\defs\24060499\aswaa1de81087fac103.tmp

MD5 cb4a7a9c9143d12d76f5367ab3c612d8
SHA1 02997965cb84d64a8146bd6e47bd79026157a826
SHA256 de92f02c0a0e4dc70196682fcb2e922a43d46958049fa4540ab1b681b2d4784f
SHA512 fdae5e9718580a6245561d9a09f72dfa63cb833cc77963e53aa7492d4d746a1f3acf40e2d263ff1417802116766330f9fad8a2992b9b376fb5374301f6e0759c

C:\Program Files\AVG\Antivirus\defs\24060499\asw756f4a4b329ceca3.tmp

MD5 009de7b7fec051c553694b0d48d65700
SHA1 901548ca5da1be98e433b7fab7c33c4b8c34f61d
SHA256 986d90931c8952683128ae5a7d84aceed4df5cb31a9482073d35b25758eabbf4
SHA512 23c02cb0c56b27021c9fddbc469efd434dc289f0ec79bdd33b3e2559b1e74c87db408aaeb89f42c2abf54a7e75e74533f8bea7f1a949ca1c8893cd031c90914c

C:\Program Files\AVG\Antivirus\defs\24060499\aswdb70eebc94d339b6.tmp

MD5 cb8231767e26a32418a03d7323708fa2
SHA1 a7dfcadc71231f4044f1759a6f3ca6a69dc7f48c
SHA256 a3df99d26fa44719f22de3dc47685544fa4195d12601b8bbe53720b3a483742f
SHA512 6790151fdc7491ea904b1612d59b42f2b67b4b4ac7db4552b5cb4f62e4129100a0f0a08684e0a4ece1dfa88d13125bed4ed6df1fa8fb39cd7e762892bf95269b

C:\Program Files\AVG\Antivirus\defs\24060499\asweaf302135bfb5153.tmp

MD5 822eda264f5ea4ed6c75b1ff93505fb8
SHA1 c7b292f9311e7c221680d63c58f47478e417f623
SHA256 935e38a46c4b799168326dcf2dbf41c53b71a8581e3ad50c950b3f25f7f05076
SHA512 f069362ab44ea344cd5c2a254f92ba7ef52c732b1c7b9e9dd109e61b8e7462eb7ab04cf10458dd5d33686d6141dff1bf4fdc9bd0b779f9aa8c88e5518f86dce1

C:\Program Files\AVG\Antivirus\defs\24060499\asw5ee9b8e1fe0aa47c.tmp

MD5 75d418507e14e7d931523c4b9cd81058
SHA1 0fee437f8bd7b6b06586f19dc5c8b9597f8d3b61
SHA256 a033088bb3c11089a86861b3583edf74a3e991bafd4263ade2f1d9359c9960ed
SHA512 2e807a73d21df09245a044a9bf7a22081435fef5e5fc1e5651ab0c937c27dc4033dad14c6d97f90f873aae05921d33c7ffd0babcfae5f5f84395ba401084bf59

C:\Program Files\AVG\Antivirus\defs\24060499\aswde8922daed69cae6.tmp

MD5 1231a851242972c8388732b649cfc869
SHA1 39cd18181d777f82438ef10fd053b9a24c52dc3c
SHA256 2aad99822cc3a1f68e476b08f49dd54b3baf644721a467a7ae229e99b2fb6974
SHA512 1df093fc3ddada639dd0c5be883c321b7b2a02a4d4e08e42a7b3e1605b10f72eacd86daf01c6efedf4dfe8bd13868e99a92ade7040dc70b0879ab1f5fb2484f0

C:\Program Files\AVG\Antivirus\defs\24060499\aswdadb0dac0a71cdab.tmp

MD5 0f46bf12ca6b128f7c9a9f251e5db411
SHA1 8f4a288f0334bac27c7580278f554958f6ef7664
SHA256 0665c4a33e3ec785cd75732bfe73b8ce985da91366867c896eddbe0be53e0cc7
SHA512 74383481fffc37fa303602e7372d251d7e189ccbd18ef7eb2c1078eb95a5e453ba559a318a7ce736e4b523e42ee32d39d3be64bee862e8f923d5a356f3f2d665

C:\Program Files\AVG\Antivirus\defs\24060499\asw3c753eb418876a0c.tmp

MD5 e4e6715828015fd648404170d66f6c1d
SHA1 eadf496ff767ba77ffd7de828dd410e09332f7b6
SHA256 80d4a87de1f57de1737a791ef3af28ef947f37d594290cea5c760cf2bf468ce4
SHA512 ec8a5e86ca05924a2ec802c6efb524ea6f24f05db06da3e4c949f8668c2896fe35de80e23bebc2acae61e284a1146b7771b3bd456421b82e0fbaf9b16b8ffe9c

C:\Program Files\AVG\Antivirus\defs\24060499\asw560f85f6720ca396.tmp

MD5 cc171805495180ae75c0240feccde4d5
SHA1 d5362f46283b9348c44ee4e7e4f137772326d1c0
SHA256 2e9358abee34addc7dc250c646224ffd1234f31867a8c98c45620c253226d193
SHA512 8a25446b365e3fe4cc2d85803919986daa2b47bfc5741d5794233907eaa0fc9850ee0815f1f04efcc16866169ee3554bf61c7b13580c0df83ce2021ed3058e08

C:\Program Files\AVG\Antivirus\defs\24060499\asw924195b0f3e1dc83.tmp

MD5 4d61dacf1a4d8e7d4e2865496541fdb6
SHA1 b4d612ca9336cdd5101fd6545c3695b8a23be798
SHA256 4b3ed28963a4126173afcd03ef75c782fa636c3f7d965511f5a635f9bd13aba9
SHA512 2b875649e5a0038e5d09123311f3d9d837434d77ac408eecdc2cc56f6937bbe5b6f3a9bf57008e5a2f000d33bd425d45fc63019ec37b28110369a93397929b88

C:\Program Files\AVG\Antivirus\defs\24060499\asw12b7e295ce138c47.tmp

MD5 4e56ad611353c61404fe249767b65130
SHA1 1072c9e59d05cd7450e21004dd893875ecbe5963
SHA256 cb74ef52c9414f6137b65227e6121b84aab5c37a8cf16c690ca5d97985433738
SHA512 b96eebcb47abb375d6825fa51845f76546d32c563122bda7420e9130d5aeed174530e942cf2b4a43fbc29d14dc1e9c143579e832f047277ee020e2b84e10384c

C:\Program Files\AVG\Antivirus\defs\24060499\asweffca9334f9845af.tmp

MD5 ea74de7ed002cefc43364ff7f6dcc588
SHA1 19b5fec30bd1e2979d86b6f824da4a8e1b6e1d7a
SHA256 3fb18a7e489c3e312d4c6367e575c2268d38577ead550baf3252b8532d003086
SHA512 7dd36502fc9da5c8354c6f7e1ef198b7e7fdcbac9c85508fd830f78bba800094ce822d0b028e44bf8e66fa4efaf41d5f980efb0b31be412dbc939ca4974fea0f

C:\Program Files\AVG\Antivirus\defs\24060499\aswb986856fbb5fa831.tmp

MD5 a1d5004c2a39044191571c9ce754c7d9
SHA1 4854130b5315b4273b00d459f43854b731fe751a
SHA256 974dedcca26bc77712511f56a633e1d335c0ee4bc9336ff241a1c3c5dfde7e8d
SHA512 5c22673b68ff5c663773c17c2de452322325f04a9c637aa8f7be3c0f0c46e17b933df142f03abb72f7a2cb03d94fcea64a623e681c83956e546b070b326eb1e2

C:\Program Files\AVG\Antivirus\defs\24060499\asw4aa4ee87895b85e9.tmp

MD5 fede58c5e447d2fa7d39b9340d72ef0d
SHA1 4f258d23692d795e2a78d73ff299063a0abfc33a
SHA256 cf52174b647373762150cd11a50eb0ebf1383caf6f641e3f79cbc713959d2a2d
SHA512 d51a55e7475d2d78cc7f79915729e05075b4c24484f60ce89149d1a5a4c598fb260a766b9b5e255d414d8adc3f3d19da1cbbb89a18601ca313f1cefd226d10cd

C:\Program Files\AVG\Antivirus\defs\24060499\asw92416e049872f857.tmp

MD5 525f4fe527ca7c09d4ee3cf687547757
SHA1 8332ab48a2ef07033b97d2178442d8c6ccf6649d
SHA256 aad3b0a87587ea79ceb4cfda51ac5c93c565357f1c62b21b653ad5ce916244d3
SHA512 6763281d8aa1a985e767d4d7b8c22ce361ceec646022bfe33c66452548cc519aec23e9afab61c12f5c3e6bc7ff191554f226f3b8e94edc2458b8190056a38fed

C:\Program Files\AVG\Antivirus\defs\24060499\aswba1a9ecfe3994c78.tmp

MD5 30182c8fe2f3e1693ebd9023b53aa51b
SHA1 a1978bc174447aaf1ceab68e28476fd0e96d7398
SHA256 69298d35164f216e2151dfa692637d698032319731eca333ea827ea9e2985d48
SHA512 906204679cefd5c34438fe70e54e9975275b693e9435a2387a5eca52531d2f255f21c5278d8994d8c313eafa4a74144949d1a5b6fcb44534300fd130ca94e070

C:\Program Files\AVG\Antivirus\defs\24060499\asw393f82067be54682.tmp

MD5 8638688482115566e6e1fb6a0d4b2d5a
SHA1 d3ad3153f3f30c316f863e178d75cd6d1b735257
SHA256 7dce60d097210055f523577b22019d4a86f8a55167086216921fc74a2fd36d49
SHA512 9f91e791cca6d1aa5506b6f4532ded9765b52e93ba3095a0fe612db7d1264f1f5b058a49c4c3758917743b984d76f9d67a7297e202feda607f35fb2c1438f020

C:\Program Files\AVG\Antivirus\defs\24060499\aswdbac31b17820313b.tmp

MD5 2c46894fa606cbbf1acf903ee19df89c
SHA1 a4198ed27315b091c036385cbe7505eb46c4cde4
SHA256 afa3b09078a55f2e689dc8b97486d9e4bb2a3cd5c5f5061af7f8547dc06caef2
SHA512 37b5b1599f57849c80c17dffa5242bd1e69626eff8fb64a4db97cd8b2a8cbee14509ca38f357c335713d2fb90e4fdaf0d20496e42ae915a9419b8eba9405079a

C:\Program Files\AVG\Antivirus\defs\24060499\aswd54dd5e0ab98ea24.tmp

MD5 ecb5140e5c398db5fa5b037945d7499e
SHA1 8f20b4db92ad9ce48462c23a08ed42880cd0c6a6
SHA256 d780168e6a90824ca75ced1b05d99c91504e8b4f5392ccd23739e0cfce991c57
SHA512 73a1ddb3d65361162ce0282396aa2b7caf4233b347e66f503d02e5b7d9639c140eda924c2903dded7b4162b7043df7afbaa68c3f3733581d758e6c9396036182

C:\Program Files\AVG\Antivirus\setup\ais_avg_crt_x64-7d5.vpx

MD5 ec45cd7a3a32d0d1cdcb25e5e9dbb66d
SHA1 9d55424b028bd0eb41914d7f7bf880679b67082f
SHA256 7d67162b0002a93dfd47416df9b94a82eef0f7542e6d07d7bb5d7c160adaf501
SHA512 67cea5f8e7f88689239a89c74091a28f4caf162981d234a27861138510f80bd324762387f69b0f9a4262d14f611fba5197efedd5617d333569577b946ad9f742

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswdc8cd8f6d70fbe53.tmp

MD5 cc44206c303277d7addb98d821c91914
SHA1 9c50d5fac0f640d9b54cd73d70063667f0388221
SHA256 9b7895c39ee69f22a3adc24fe787cba664ad1213cea8bc3184ed937d5121e075
SHA512 e79df82d7b2281987d6f67780c1c2104e0135c9cfbcb825055f69835b125dedb58dcd1d5c08cd4e8666f598d49602b36289b077e3a528db88f02ee603a6e8819

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswf77b0638b1467f00.tmp

MD5 f00887195128ebd4b8f7e95436e86a98
SHA1 e121114df338f20666ffadbb86043b0695f0d0ca
SHA256 adb851f8de3154f32d74b3e65577e2da195ace2f78701eb52e09313b271d7544
SHA512 799d5d2fe101db17c0e0eefed83ba9d1fd003480aab55cff6169586a2f771d89532e3798635cb5915db74953aca425f55eee09aa0394285fb374cba431f595ae

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswba012e7287c53188.tmp

MD5 1e5d2d2d6ba5379db875e46665e05d8e
SHA1 2b6bd4815c6cc44c3f7b18471849961146c60d03
SHA256 f64fabce8aed2f16d65d8533afe11ea814e7c01dc7a839f370c7505eacc556ac
SHA512 a996bb2f83c5961e9c5d415dffd630d4798968dec4f99ceb00c6a32b96ed48cd5f93d6975c28530ab2ab666a074d4c9c7ed5ce32bd57418b94ba84e29b2e8e0a

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswc38b1ff815a21ef3.tmp

MD5 32e739b5f838dcfb8c1af0d3ff93eea0
SHA1 98bd2ca3c6bb7e5e750a7245a254906f38a70c05
SHA256 b250b0e69fd96f5f398fc6a0e16df54f632bc9d575d568e885cf25082bd80a8a
SHA512 818eb27e6b0b1d5e9487b588bdf492bf3ef176d43a83a039f651aacd8ec748bf8225966d6957489383d05e1ac63f69e98e91e557719c41bab690c1a2ff4c780e

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswf02a67ad7a42054b.tmp

MD5 9966aa5043c9b7bbb1b710a882e88d4c
SHA1 a66ba8f5813a1c573cfcbaf91677323745bdea91
SHA256 514be125e573f7d0e92f36f9dc3a2debb39a8cae840cbd6c7876296e6d4529b7
SHA512 3fbbecef13e3c8baf13072bd14348daa5f824c58d7b04bcb65246a6b03c9d7b6ec97a78645f1a0dfb6347db4a698e770ed33f1f9fe1378292c3dfa1040fa71c6

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw08c9fe0ed2b85c69.tmp

MD5 842d23af3a6a12b10c9a4ee4d79ec1c1
SHA1 2cd46ebdd418b12444dc351c0073dafc5b9eabd5
SHA256 33adac3484118f56f3d8d8745431cef241d643b46956e08fbb62a63a6f2236da
SHA512 45a8238862b6ad157d261e5120d1bfd3925fa7e429025d7470ce82f64e51c209f4231f37b3445a4cd3f6649c4b0222bfbd845a16c0e5e022685b081b39cd9296

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswb271260c89d060ac.tmp

MD5 33791965a25f3f37d87af734aade8bdc
SHA1 6bd02e05bab12a636a7de002f48760b74edd28bc
SHA256 162a0d97d99794a5b7d686ed8ab27bd09d083ad3c02c2721104c19cf68164fdb
SHA512 e1c79e606d4887c0e5f7ef582d2ac2e3d767c24636a3ffa35032a0c4d46de40eb660f71127fb75ecff6105d9a1ea2c5c0f891c589a4ca5ad8ea9431097f6a412

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw94d4e16a40a04860.tmp

MD5 5fd759382cec7f4c280bdc5f3215d22a
SHA1 7fa466c8482bed4a4ab4745275db357c9a84cf3c
SHA256 36f418f9eeb0c3366bb3f6fbc3f91f37117632c0a5eca697d76792aa5c2165fa
SHA512 101ff9f83f704eeaf38ea20428fa5501f63aedd69ad808498564b43f37f7059fc9caa484c4a878819881508309f1082c72809d3e704384ef159bbd512dc24f3d

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswd116cf983a46502e.tmp

MD5 d3d084a56d8cbe2f410db77ce5a79cdb
SHA1 0dd30e1f1feb93a58b8c47cd26f951388d1f867c
SHA256 b009ad33c5ecc934791565e8b38c55b4712f79d53a257a04295561d12b4a122a
SHA512 23c954818ba45a7ab777042a44a0abc5712217d2cfcd3714fe043da1ac22132e0f69b9c795b712a84c21caedc405c59ab43da9b58f86407085609723c44bc881

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswf01de4871d39fb66.tmp

MD5 a50f84e5bdf067a7e67a5417818e1130
SHA1 ee707c7f537f7e5cd75e575a6244139e017589a5
SHA256 47cd1bf8ded816d84200dac308aa8d937188bddbb2b427145b54d4cd46d266f4
SHA512 892db3be7cb4c7f700a9dbe1b56331b2f6c6ce98a63f56ab6810ec1e51b362ca6577271aefa70cf4fbe867f5762044965b0b81da1f43d65120b4a860aa0454b4

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswdb9d27e0bdbb93c7.tmp

MD5 9f434a6837e8771d461f4000a52ab643
SHA1 46994247c06b055f5ce5aaecdcd69e00a680f1e5
SHA256 8a6b6c7731f6922e6e125feceaca919e4d26a96349c7b0c90e469396b34b29c7
SHA512 31a0a88672406a047da8c06be7aa7e3356d2108d0ef507665409d8d38ecad285de5ba29763f26bfe27f502f2171697ced2884a6542e4be4f39e94572fafa0a4d

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswf45e594c28dbf676.tmp

MD5 252077d2df92b6ad8b9cfeaaa78ad447
SHA1 1c3e8b683f1b4cd5555a26fe0bad692c2e8f9fd9
SHA256 7bd17163aa56783867b42a267a3805b342df6d7e832e6ae8f0045d80d73543c6
SHA512 7ff85c1adbe350247b49f8698b5d7706806bc14c488d8d9e6caf14e4e678dc340a76cebe858b96365309616aeaab443791ccff7a6ca62ddeb0a28f1eeecff822

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswac202354a21bebd7.tmp

MD5 29611d3442a5096ffc8eaf94d0aefe1a
SHA1 fbb3510d6e3974a69242fb743b8b15b6bde0ee33
SHA256 775c77f0c4d2a87b207c9678dfdbff3496559561a95086dcc6ada33c47082a4c
SHA512 925f430b8fc079776af9388bfb6b741b7c580a6e226ee88e1817bbee0a1584703b83a5195cc3c24ad3373c8e30789be4847b07b68fabb13925db1ce8c3ced726

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswf4fac4edbda6c4fc.tmp

MD5 0b1c38c9babecbe7664c80e0dc2c0e68
SHA1 eba69ffb10487780c1b5e35430dbef0e43b8cbd0
SHA256 cad6471e8393046ff3c623454fc904b33e6166e58ed05f98dc36c122309db618
SHA512 3fca96585f4f6f3968b9d76757b5428531c7aa3b72d0390cd552f567e47b7937b522bb417af06326ed04e45f83f228312774ae64c438bdd628f1eefb057adcb0

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw86a340862ae28268.tmp

MD5 c58e2f3828248f84280f0719fda08fd2
SHA1 9679c51b4035da139a1cc9b689cb2ea1c2e7cdec
SHA256 a1b79943cdf8ded063cdaec144f8a170de8bbe97b696445885709573c5e0faeb
SHA512 57ccc658870e9d446f9c9d130adde6b96428999697b007e844b7714998d2a23eabed92460c1275a92f1ceca29be232d5d97e29f0d4d07cc749cde41bcb5f8729

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\aswaf5719a142228384.tmp

MD5 4142a4627d4d537389b641545dcda4ce
SHA1 d05daefc74c4c089f5df7f3d2e333b2f0d2889d5
SHA256 c8d3c40ea5c4ee9167c79aff577ba9598c1c95b649cb363f980fe72eb3641f56
SHA512 11fff083d8e64ead33ad980c459d3661dbe3aec34ea40ad1a4d54ea996985d964c09773f027932bb544c168c3a1e37d50ed82739abbb66d1c67d809bad0fbb89

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw589068c98f74de8e.tmp

MD5 01b946a2edc5cc166de018dbb754b69c
SHA1 dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA256 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA512 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw140794b705f143d5.tmp

MD5 6bc084255a5e9eb8df2bcd75b4cd0777
SHA1 cf071ad4e512cd934028f005cabe06384a3954b6
SHA256 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512 b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\asw367291237f1bcd64.tmp

MD5 971dbbe854fc6ab78c095607dfad7b5c
SHA1 1731fb947cd85f9017a95fda1dc5e3b0f6b42ca2
SHA256 5e197a086b6a7711baa09afe4ea7c68f0e777b2ff33f1df25a21f375b7d9693a
SHA512 b966aab9c0d9459fada3e5e96998292d6874a7078924ea2c171f0a1a50b0784c24cc408d00852bec48d6a01e67e41d017684631176d3e90151ec692161f1814d

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswc9ba48439320ed49.tmp

MD5 18c9b3e3cba9f9dcfd4f46be55de709f
SHA1 88e493b1bd4df6c6e91bc2ecf522d552b39d4cc9
SHA256 c7d803e0464fa96c062b58dca0ec44ce792dab12c62e220b86c1c29ce6005c3a
SHA512 e699186403e7017ff69c325154602d63a164111f77ffc463783baaf6aca3d08ea09ce66462ef5ccf92eaf7f81344ae3cdb4d212bc54773129f4bfb7af652c6a7

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw584952de6b5f1807.tmp

MD5 00a96ebeb236c3d93389e23c7c40d6f1
SHA1 e0c4d209404b1890f988a099636dbcf4b79e4d85
SHA256 16b9c409c3f4cef7a276170aa9dd020afbfb70bafb1f10acea5e8d0e7aa0f6b4
SHA512 1558e6e4437a6b79a3061f960067333852a66dc3ac121617db341bed114d6ecdd9ac460a3c7a85f72af1d031754c08f732a55a1d1cc9bb5d27cea801e4849d15

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw771e7814d0361641.tmp

MD5 54864a516d26061e225ebf656eaa5655
SHA1 1a2cab704a4a56da8424ef114d977518f2dce65b
SHA256 e378bc303f7008a76a845736d5a6b0d56746e4904a9792fdb642cddd52028b4b
SHA512 d529c7064175cf77607c54f69084973774c473a21c55ecb6bc9e26404a6ba1f893087be91c7c3003cfc66b4bd8e73c8d40a6a203378e98dd72da23e175303ca1

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw4cd2880f17eccd9d.tmp

MD5 589914e52bed4161fd4b288b2c07de94
SHA1 e8775b997fbf7e2c39ac881a217f57744b41b6bb
SHA256 67f146e4508967d30df406fb18d4d771217b6d3585659a5c9aa2499cdad01500
SHA512 7b4b815a1a1b13a7a12c6283d0739c31ea93abf70a23aeda480b2884416926ad910b05e477ad2ba63683540348d16bc3df50d598c32146d55e5b1e9a17ddbd79

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw0c28b768e6b95c89.tmp

MD5 d8661447deb6a1f46d5e220fc75bbae8
SHA1 554bef2243f0e4d2802723d43af056c6fe3b1d35
SHA256 3dfc2a67b380b0d1ef0a206c6b2880fb975267d206773a2e0cf98bed206727e8
SHA512 d5cc94a459b951b2d32df163078b7e026a35e9332f01e9662e1100206bbe15c352e32736678e1eb88b9d3a60fafe3c8c0dcf5ab385dd6a2be99b7466768a937e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswaaca1fb4f853169f.tmp

MD5 9846995dd9919b1e376036e06953fa74
SHA1 dd96f69d9a22a1f6d8dd5d7272ae4c33b0c08b0d
SHA256 e7c72a3db22143283d7b4d9ed66fb98a37fa9de06ea1296b076941d22c2120f1
SHA512 0f3774690f2b796fb96f7a6af4dca5046ffb0a6169c909b450be66f0ea38bce6aa8eda6af29d873c5a239975032ba5b89e050d84bac3e08a7e327759e6550020

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswa0f5926f36262d8c.tmp

MD5 ca9350d978ec4e395d8d76b54da8b7a3
SHA1 fccfdbbc86303e2f84f5a882fc6337de72252444
SHA256 8e022faf3a8f7df42fb5c955b78a1416c455b819b4708cfc3bd619c914c1d5a7
SHA512 827a6e9773e698cc69b415c2d4fafc0ffc514a0636e05be68f3d06acfb97daacdcf35e34a9e5463d684c1a40fa330126843322ec5e6dbd65bdfe26ab21b684e4

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswa2175ebea56859f1.tmp

MD5 2791e9e5fb104a377c5c4c16b27f2612
SHA1 0d514d0d2efaf0c14a18d32d5623f0becec184ee
SHA256 018c64386a62c9759da743b29079b9fe205db71385c758d42e5065a58b7b8c14
SHA512 6a7d6dcebf7ccaf27f8aa60b27a755a80b72913e078a53b9c2d69622be130221e1ba81348951c3ff5e3e024acb03e93481df4571ec65b2a5675c60962e37370f

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswa0f7a225c8abefab.tmp

MD5 1641a8027af5a754dd164d6044917014
SHA1 5577d0be9d5d3874448e9f2c77286870c05f6d1d
SHA256 f8c0711a512059c648e83bef2f5b23119a454f457496e1dfead71d6942298863
SHA512 dded04a5211fe7762952afe39d51fa3540c0d7025c19468d2b5218f58bdd88043977f9eff99aa33decb6599bb3a4dd2a326cf9fc4fd7f6c4f3d38ef18e77d339

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswf6af322544e996f9.tmp

MD5 fc9d5650c0a6992895a7b2b5cf6d39e7
SHA1 cab181c155bd6b8abb3485304714e2243ec3270a
SHA256 e36f999d1e2bb978274a8dc2d6b7fcdbc04227d51645a0250df8e2bf915b1ebf
SHA512 8d7f2aeb9b01077856e835f5749ae22407389562204331bce54787d519765e0b537ee77efdc8b01e18134313730958f22104601335d7f9e90d0e9062b55de28d

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswe0dd85cac0f9001b.tmp

MD5 d3805f7ad81f965327a67cf7b1acf853
SHA1 ffa849800d57097d4c8795d8c2c8f184573a1be8
SHA256 4ef4b7559269a0a826617eb824269eb610bbbc668c0de36cd50cbd7da0e4df85
SHA512 afdec49739b165450ccec8cf3aa12cdbf946617ef066b92e4ed7f271bf2bb81bf5a635031bf13a8cb300bf5f7d43b61a9fa637281b2ecc1c4d8f54401ed3622f

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw14c375a3c696ae6f.tmp

MD5 84d7a38d4f0a1f63be32d3d85a84b5d9
SHA1 d51faa128f6e2b61ee282d05e986579eb9696769
SHA256 f344fa150e3ecc77387378e017fbb72a5b90cf2c8c451cae90c4eba3f04bfbdd
SHA512 f6375a45458ac9a018c9dbb70e78c67ccb9a7e8a21483a330fc3bbcd95a15576d6ddb795435b71b028dc9717331a63313d450e9699e5c7088e9afa70c5e028b9

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw8a688a1a4cb58624.tmp

MD5 c2214603327f41ec82d53ef166da91d6
SHA1 96069a26ca213b4e5762d4a4257cbf0cf5d71337
SHA256 a4cb4009975ce0038c9cf9b230d237f105193f202722094d39c63e49d923bc97
SHA512 830d26552ac2aa52e3c751549203ed9808d2b569a144425030f0cebf0c6a2c7fe18b6cef95d95cec2af5ad92bbf6dc23d272741bfbd2aa4fb7640937a4738dca

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswd1ea852df3d889c8.tmp

MD5 93e94d0e45aeec0c186bc3f74577bdf6
SHA1 9268a0568a0c296ceb54881f2c581a2549b3aa5c
SHA256 2e693984cadb0f5076160d800252017e5089928557cde628caa0966d2b3b8f0d
SHA512 b4b9162f0548f31533a3c09281447ac3261415659176153fe6dd3f3c4255024eafb808dd7de2a055f3640d0d76c4531ff4ba111d124cd6e8eefe62ad65c2d585

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw0cd49f03f03e67c6.tmp

MD5 f16cc6ca3fe38a47608c5300a5eeb7f0
SHA1 ff69bce13fe14973a96f32923fb75f8b3a9b013e
SHA256 247b3dc70ca0540ba7a31e66ad765b2273d7253c20db719c0b14fa48420ce545
SHA512 9147681876ef5fa21d2fb4b7d87ecb94a9f2e56dbd677c9bebfebe1b59d4cc18759b4ed61d1f4092358a3315fc0bee6ca92b538174a6b4f82654a85eff742dc0

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswd31f399506b19d26.tmp

MD5 71e4937249b1d5394a60371eb3deebb1
SHA1 0365f5435dd6d0ed1854c1543c55135ccf53acf0
SHA256 fb3d921311b54253cb93a1dd0cd8db7ca96463bfe40cccdd3f96d19b58757708
SHA512 48ced3bab54fbbbe2bd4988a23a53e362503c0df5f4c8e623a4560347fd8b8834685b9e0f287574412342a3dab8db446bc2a96e69705398703672c71ef622407

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswdbefc790b0612d34.tmp

MD5 d52c7926d68a33cf1ba357af450f5c52
SHA1 274520849dc07123e53406736b69f10dad265503
SHA256 0acc16ddaf549de0850e50c1a9f68cdf2e2d17789cb37a1d466373193e8f6a6a
SHA512 890b8d19dcc83325471e6fe063ee9f148399c5a4975248600305ca3ffd6fe2567ddc3dfdf401a7e6b181dbb44e02fcc272c33a283ebbebb10d1cb7e6da5c5241

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw62698c1aa15b7361.tmp

MD5 eceff9c92e14b580ea84365f3d60f7de
SHA1 00699126456379fa48cb122e21b7f4731a72c57c
SHA256 265591a709a5db413d73c95b538da321edeacb40059bdceb142f997a3d458b49
SHA512 fd325d77eb2c30e1cd1b2d871986e057318c1be911793521c7bf79fb2c5dc359cb7db90c6d6c5711fedd734b6b03117b8baf241dfbd78585cf55a25983ec8727

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw44071731f4cde174.tmp

MD5 38a5ea69421cd83f8e76961df77bae83
SHA1 f2c26b9a4a013ed99285f35aa055fa537d7cd25b
SHA256 5f0529ff65ddb1a7d1bc9bf85720d39200e4f9d12b936cd20041b6129c37174c
SHA512 16418a67277e8e6e3654b1c8eb814f5e375aeae73c4bcb7ad06d022260813b6dcd249f44f47b38fde52f76c2456d98a0a79befbc6d680315c6d7a0843ac36045

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw116ee5b9aa8f5671.tmp

MD5 26b7a7657e4b9658a1dc94439d35dd96
SHA1 6b2df3b21b3edab21918e8c0181c2f6638187743
SHA256 3cac979f82a0508b24da2a63d2654b89883cc11062b77b3c2d6fdce7e74c5db7
SHA512 d90855210e7e7db7334471b3d81bd8e8916c5fc98647083d567e1a1741b9c18b26e5ec397579bc19f76a15ea440c82fe0d9e36f4cc90ccae3e57b11a4c00dd39

C:\Program Files\AVG\Antivirus\setup\ais_cmp_cleanup_x64-7e8.vpx

MD5 b802e569ed7b925fdd22a5be520e244b
SHA1 2e6449d1897b021d061ce25d225fe28d96f59636
SHA256 6deed7d8205edc6305f51ffedc82ec625e5043431bf3c720572dfb8550f42888
SHA512 a9aeb07adc5397b432758e7618e608f9b72a39a76f5be88f94e99927673419566e6799ad5b913182e73c35b7256fd35aa34779cd16c694719d922664017ae826

C:\Program Files\AVG\Antivirus\asw4c7181df3969003f.tmp

MD5 4957ed73d5e5e303e351c8f8b7b53e1c
SHA1 e61238f49e44237c56d4d5b41aeb150160880b74
SHA256 59727f7a256b7a70971f2e62b43b0a923937f85689fc3aa4ae50e4fbfbf83499
SHA512 db4854667285bb1cd8d07ab189607ec5bc489afb2d0a5b5a3388f91cefd012feca689787452901e0eb1de6e8792e69c0097c38b89bba0d977d0b29e5e5ef2feb

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswf1007fabf8602413.tmp

MD5 cfc08fca16c3647a42e78ef7556e4090
SHA1 83c0d044850ce034632e4ea8deabdb6a44fb2652
SHA256 0b08756920415c5f087e65c85da1fbc7a1fafc0d91038e0425cd339c0d903910
SHA512 623028520da82aeb5be1133af4432d4fa2dcc5007c3ffcf99ba25fa82532769a78802e78b65ad62a4cd69af4dc1661730f03cc0cceb78fc3798050b9aafbafda

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw597b19134c382fcf.tmp

MD5 0bb3382779e0645cfb6422a787063d7b
SHA1 e8fe3a813ee66a33f5f8f4131c716b97138ae379
SHA256 4cf65b89eda312a0bc96f571f889b5c7d0aaa7f63cac9eba0978315518eac7d7
SHA512 3a4cd4dd7b2e809bac944827243bad0bba77782172c7b54d3b3e0f755133b3f37ed19a393f60bfa1c60818477a2e6c67719975c16d2166c80f2478337b0a0696

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswb904551e21f46735.tmp

MD5 013140c067efb346386c9aa47fac6fb7
SHA1 d182af7e337b552b70c692a255660347a2b17a34
SHA256 ec1c5e3c9dd3a818112b3c2920af5bc558b7ec3bcbca432e945eb712d4a0d85b
SHA512 57897b29553b145634d20048f13795fffa85e48d2b3086889abf765fa9449f130b7171eb593bb995a0eb25384b349a1d6cecc1e3260506681fec7f5575e2ac46

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw67696b8b376d13b0.tmp

MD5 d39831f59fc93eb7dfa18bd5c371a2ee
SHA1 a431cd881ad4ab1cc8aa1f2bfbbe82d0ea09b7e3
SHA256 15e214446a836735fba73b2b647feac76fb6b82c307da67fed742fba96f9ce00
SHA512 51f1ae8d9cb9593500cf9639daa99583c9e1e8589a15c9a540cd224a7384489d7142cc338cab0c7eb8e6dbc2545f2f323b4561cec2d28e627e1663886259a3a3

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw009ffbe33bab65f9.tmp

MD5 146ae739f3acde4e04f992e1f6dc26f2
SHA1 9d0a36bcefcb06bae0284482c9f207799409e93c
SHA256 6385565a417feb3cf7165244826479d2ee12215eee930390b3ad28ee3608af12
SHA512 05e06f644c7694dd530dcea20474b5cfc4341e267fa05e90db2bc700a5e2e39f957005c7c75c8921d924e602974e20944e9bf3ef48dc82fafe5645cf5b3076e6

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswd8cbe2ef65517181.tmp

MD5 004a1a453191f514d764107a0eaa5c95
SHA1 1f4a82d4239691c74bda12feb4dbe427703ee61a
SHA256 38b98b4e2f41867da273a37c9224a4a111974cc68f7daba4560bc2dd9e404b39
SHA512 ef50341144632fca0dc680e0c03b4548a66571e10dced82e291f6b079e084ed4e8f14757682943a8824080230757259f8bfe91c37e3309570486320fa3182973

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswb74b3a4056316192.tmp

MD5 aa4ecf393c106e9687b7bb8ab91bb431
SHA1 3a726a8a830c12b30135cbe69b597dd1e358dee6
SHA256 4adff24cfea9d01a4b0feb1616b601123aae66f937189191a3ea85b964797b91
SHA512 3b7c087e30c6bbb406f75bf15b8fe72a96b7e3e5f242f4847efefd95c0633c86523221204de34ff1b699867ff6efea0d235727970a443afbb71829c28249d6e0

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw8661ee769763096f.tmp

MD5 49e08414c8919c5bf316c2c8327bf51b
SHA1 3283d95843d91ad9ff38be1574fa727c755bedc2
SHA256 622246592d9b118ffcf2a30ef619d0a81d921dac5735362050093471d6c9ffea
SHA512 3ae3a4d4a5e8a4e210cd1b954864a148d5e1b2a3e6dd208e1ce5ae0fd31104c789ab4e8fa9fb8cb6ca35f98329a0ae9e610b4f6ad9653b8b03b4a933b1af5ae5

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw72c724be379e0add.tmp

MD5 6c7857b8cc69ab0ba8e0ec9eb6a60bf9
SHA1 62a9400b4ddc439797a46d02493476be6311d642
SHA256 3679526600fc83b81424caf6e39010fe20a2619519a1f293aae65e1cf93169ea
SHA512 248622ffcc61a20687bbb6a16771a9ec07a707e67c9eb65663e6dd5f4414d269c739e04c20a35b1619510ded81b8707dc854deada60ca87cb6cff3739ddcca16

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw9eea16f23421e9bd.tmp

MD5 c0ec87ee5b27bae483814a8dd12fabc2
SHA1 1375eccef419b27057734a91a7a2e0cb751e80ee
SHA256 d5f8c30abe8737c1473da4b0a0e17105f7e02787a26d5b56e5d33f6904b81387
SHA512 409b826c85727516231bf65f9cd17b278edc81ac7c7a48c40043ad05d0ecf0f8ab871076b7893dcd139e3f44257848ffeed85ad9058b98ac578e0c234cd42306

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswdc2f4445c495f3d6.tmp

MD5 12ef188b3d44a114d553902b7e9f3901
SHA1 e7aa13c21b821969af032eb7e9a60a5fd9b889e7
SHA256 2237fe7b80eae43679e2a770291a9a34f6811c320fffcda247794e0972c6f39a
SHA512 38ad0445167d00f84149fb1c9758677e591fdf74c5cdd8d405d1aa3f21475f8006d0c7737aafef446d506e5f9a275abf489d49f9c484fd72536046f8c96f3a2a

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw1b5b831bde41d99d.tmp

MD5 d0f621b4fd5a2c6613333ff1df29ba65
SHA1 ca623f7413eebd7724771af1f2cb9e384a3c1ee4
SHA256 4c246a9b3c55b0ca1ee1f53a70034c8d0a073876b8b938bcea3e294505414714
SHA512 c9bad970ae0f52dcecfcc4a087c48f7e1b0f4dc73432a77898ae22719e5b7b0be0c48b3a879e2e96beefc94cf2b976479ea18ccd0f091bd63ed2694b182a1f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ade3bd7ddadbf1e201e9c7ee990a405
SHA1 b654e54faf5c7dcb5cd0de017b70d78ef0162c51
SHA256 9ad136acf3b725cbd0d8ed53e84888ac171b701856eda3437f3aff7b51cb412c
SHA512 51b3df6ca72fc81c040bbc1ecc5041915572393a4dde9aed84345cdcf06f9d40127c2c7bfaf50b5e29182fc1a3a913c156d2c2413c123b8033038907ac063774

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswf81b55db8fd141f8.tmp

MD5 86687c52e23debedaddd5baf63ed82f4
SHA1 dfa253dd1f9b4f84a54badd7d42ebd7a9881b451
SHA256 5253093eb83612fdfa121dabf3e4aa63a8b24ae74a6d14ea2b59f02c2059df02
SHA512 f3d33a391737f046d2fe6913c7d6da68b077d6249b8d09c70da009d9972e29a619c6b956f52d3ad2d6b0400d4dd63a893229f3d094a8928204c607465a586d0e

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw72ebb53902d29028.tmp

MD5 b4489c03753849621a05fdf7a9d6c215
SHA1 b27fef508549083c38a91fbf2f7eae4996f20bfc
SHA256 22c729fb45b274cde72fbe83078d28d76e94d61914e0087cebb73cefb8e590bd
SHA512 bf1ed673342c226b01bf372beb38f6f6cde582492beb9f0c863f09e8c3d0664d748f2b3a0536e787313af4b5418ba600d031fac41b083ab7b61f319ea68e252d

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw84cee7befbec608e.tmp

MD5 e36aa2b1607c38379e6749d106d316db
SHA1 d47e25f957ecdd7274ff249556a7a6500eeb0bb1
SHA256 6b38b7cbd1e1c387514f1bc464c0eef74537d059e09a20b3883dad5ba5e19d34
SHA512 079f4291ab644ddef1bed66984dc4b9ddec735e8dd0eb5a7915e21510d366a7e649a2ef9f3c49077ccfd5fbdff657ff7cc72c9b61e0a543b52eb6b90f12d2cdc

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswdfa363014545e73f.tmp

MD5 1c52f55e2f2affeccc5a070a54e5a68f
SHA1 e77bf8002dbf8aa1bb70a3336686d7ae6af4d139
SHA256 94c1677139cfcd687dcc11b7b9cd94a82aa7ac2084992aa7d9db6a06010609a2
SHA512 c65395073c23171402d6faf50bd3cc8b789256e5284cc4d0c0416c5bb62ec046c21ff2f40dceea89dd0862b92d56e0cd8ada8c73f5b8fb59fc5931eaaab5da3a

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswf9dda6b35054e7b5.tmp

MD5 4025ae33cf64c88aa4d73ff1b74ea515
SHA1 2ddc1928982fb60c03261e399d9e627a51683938
SHA256 234a768483b288a5065986a6b44e3e1d133c4fe61508601e26f2c1c52a6db3fb
SHA512 17ee91236d068ea35f938aafd15f1f710a0fa00f58be29f4232a7faa79c459638623a8a93eb72086f55c948666dd747e26ce3739c3bd81fd8dd029f9a5c93247

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw5a36396d7ce28168.tmp

MD5 16ef841ae26b27e21957173fc22fff30
SHA1 730d5d6c7b4a16c031a334dd677a76c8342d0f4e
SHA256 30a25b56d4778e94f5fa2ac25facfab779dc0ead6d9c2f19e20244b6604c153b
SHA512 f6b2ec2f8b2028df3ed03953d7c8df9e9e45847948faca1c0acd4177aea9186698f80388bdee4206b160d4b64791686d9577b0402be11a78808b3037d998ccbf

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw10d5391af839d7a8.tmp

MD5 6578096f353a0390bb5012cab7c575e6
SHA1 9d4d9b988b28a79e59edc24ddad1ea33718821c3
SHA256 4fce17577c2eab622835267bb5e355442221de85a0e481b4eef284a2eb0fdb04
SHA512 6b95e1d61f85625ca91d03cbb1fea1eeabeb0e6eca1590352ac3b072b5cd42756765c2cfec73a7ef7555c9239e141eb7c76b2eaacd4314bb8b4dfcf42e514514

C:\Program Files\AVG\Antivirus\setup\ais_cmp_datascan_x64-82e.vpx

MD5 dfb14bc06277ac67224bba3003fc0346
SHA1 816c68c5489945b99dec636d7f7b13d10f732cc4
SHA256 3b50c86e7f04de527544c097fd2dfc9111c351f7fb3507fe8105cb899f69a1f5
SHA512 76957d380dd4c612c634ceb660a28d872182be35979155be0cde4f618677fe0fa31cc5d7bc7f768f5fdb0a2af33163e94950dec836cc09281dad13227c06c68e

C:\Program Files\AVG\Antivirus\aswa5fa40d5e1f10aca.tmp

MD5 e49103b6a236edd1db9e34aece788a32
SHA1 ee7581d86ad0293509e742fe90b02243c6584457
SHA256 85d92ba6cdfe319ab7f91f7b4a2a2887d45630d796c3f6015316dd2dbb6132b8
SHA512 c6f8abcdac3f1417057b30d56255308562bea82b645132bcfcf9a6f0e8852f43f7286933fc91aa9d2377344066608ff8389f3eae9a0fb2f8a0c5a629327ead88

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\asw7187bf1c20e4fd78.tmp

MD5 ef92efa971eeaf443f38a3c677fbab38
SHA1 b23e588c7faa1e292786da55c90fcc4ef52b96f0
SHA256 ce6b41db80cc6e437faac2b17852f26895ece6fa5ca1e31ded5339db4d1ae0a6
SHA512 b0fe8918caf89f2a3031b141c73a6c366629b103423c4bfbfbbb5726ca4a01976247620df6a69500780a07d68e928f3ac9d40d97c68a86ec5ddac449b4cc790f

C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\aswce06149435b438eb.tmp

MD5 fc012c8e58ebab289adaa27fc48d2ab3
SHA1 92cbe81dbc3bb8632a619a4bac4a083ddb36b33f
SHA256 8e096b90b0687a45a56bb85deee36a9bd3624b653901fd5585582e0035a1482a
SHA512 714ef73c1bf4a6f9f588ca7401ba989a973c5212310fadf7f68c0d52386c55cf7b7ddf2a4780abe8b173e5902f73dd9a61865796aa6a94eca6e1a1b4470c9a6b

C:\Program Files\AVG\Antivirus\setup\ais_x64-876.vpx

MD5 d03c0251eb4997e1d1202d6741e5917a
SHA1 f885b687ee6101fc9084cf019cc1e738da0f4267
SHA256 e5b139154f2806ba0089b458e112a2c993d92e8eae443104a258bd33a54c8b82
SHA512 f5801acfeee31ef2b168d3be6c7b9e0514200116f01451f5dd2cbf607b46a7d50e06e9d37955c1a91c2db0024da06c7f6fd50070603db887d24e237228054057

C:\Program Files\AVG\Antivirus\asw013fa7e72d86668e.tmp

MD5 1f77457cf945b1a0d8f01acdcb435fef
SHA1 8425e8f83b4aa8a5b5c859e3b1745a227cf73847
SHA256 bf46bb85a2b7f7692ab536cc8779f6e323facff5229be2983040e37d46a3a227
SHA512 9d87ee1bec639ea533c2030acd919e2be6707f781a479d9e5af6e8fa7b97dc1925df7929a79cdd58b431257110d1b5d61a58bad8293700004fbba11e6631c6b5

C:\Program Files\AVG\Antivirus\aswcf39d91987af39e4.tmp

MD5 64ce12b48bdce2c26272076c36047c50
SHA1 c96306192997c81c2b600a8c25266647d4b89cc6
SHA256 ae35e258c0331ff6467c9acdba6a24f8b79cb2d5988acded1e35486cc32bec1d
SHA512 44f65b8bb7b5e3c54dece2109a5310a9e976b3bbb667ab5cfb83ada7872160ac0027182b465e7970a8c84ea3752da0ef33ba992deee7bdb83eaaa34488f7643a

C:\ProgramData\AVG\Antivirus\gaming_mode\asw7ff6a2e7b5e7d30d.tmp

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65ba6824fbf63a8450ad3dbd22e27e24
SHA1 de18ede373b3a54971ed19457002391921a69b6c
SHA256 2d02c0abaf8204c9e4f7670af52df68d9c79cd7778ff24764fe15c8b020c8f54
SHA512 5e265c82d201d934075c04ba1ab5ce9176a580b83d59558591957021f83075d320c262d4c486aee1157ceb24f8b94470c747313342dd5703d7c9614f883b779b

C:\Program Files\AVG\Antivirus\setup\ais_cmp_idp_x64-869.vpx

MD5 4670b97ef1ba6bb3282ba6ebf6e8f635
SHA1 ab42c6ba40d403f28e7e70586d1f67bfe3860d51
SHA256 ff05de4f97d14ae66e6b0083ef9159187b24e4334f54632f3fe144a92c80bed1
SHA512 6bc53bc07c7b6b8fe732853b3e5df4e37d17fd79a6c74cc5f55994da91da833f721d5ffeabd57e0f49a4f4c7c9599836af2b32fbd7be0f87d5a7628e621efef6

C:\Program Files\AVG\Antivirus\asw6f3f6aa9d43aa237.tmp

MD5 456acc031c76f575265c22056b5cdfff
SHA1 1e442645658d1be5f3066b02558a14176adb6222
SHA256 e2e48e7a0dad4aacebb4bd90f7c5586022637f9108d69be624b2c56f34481a90
SHA512 307aeaede2b6d6320d599898a6ac23108d80f51eb3b1cf41663523c544918947a27a4798fe614797acf91dfd4050de12273eebcd1fbcdc35b6aa028a643f22a0

C:\Program Files\AVG\Antivirus\x86\aswa6173c5fc3fad89b.tmp

MD5 dc1b4025fe3dbe1a210604f905e1e33c
SHA1 0fe4add0bc7f63ccc019ee01aeee7d2cdcb9c7d6
SHA256 693f4528bfde8c4a060636f0bafb0d61dfcd75101452bfa41c02b3f1d11b5282
SHA512 e0f622a93ba1402262c4e1aa8fc1b0cf4f3888c0a65278a0a661e8dd14f6b9e6719189b99bfeb93e798ae0d08428172686bb2b5d7c52377d4379e2c201519ae3

C:\Program Files\AVG\Antivirus\asw441b561ca28b1c94.tmp

MD5 7c4c6ea4a85ce149ef06ef35b56e3eba
SHA1 66bb58ef5811d5b54e6721b3abed7afd4ebd9159
SHA256 0308c3c063f1319bfe9fdf4035cc43897ad2606bed1c2e0ac77fca8e562a0ff9
SHA512 80d94930e58b2b5c9424cda8123ee9fc45a6d295e245818b7dcb8d63423010d8e81c7c45ee790eb0847d998984dc2ab9349e281622fcd175aac31e74dfc57297

C:\Program Files\AVG\Antivirus\setup\ais_res-876.vpx

MD5 bdf7707bb946ea055739745285735943
SHA1 0a69184ba91925cf3e3bda7232f6f19710bc6214
SHA256 93e8c5137e65424ae9570da3f1a4b9d2bc0f3a79d4ebfc418dd6f8da36fab645
SHA512 3b4901ccb31b25a6a9e6bb3a4259b185ae7ec32eeb2d42867c355620488367cedb01b4444c1bbb6fce65d3c25ab7acdb81271346b56ddc7cdccd35a0d9c7e2f9

C:\Program Files\AVG\Antivirus\asw9bd8bce7332883a0.tmp

MD5 3470ef7fd503d04604876276fd8e7fea
SHA1 79faf432d0d8a4744d0300c2004674aa16e02881
SHA256 1cfac88a3ec7f0945496d06709ae889f71d7a7d3aff723adda2f112cfcccf74f
SHA512 29b79b7362a40de8e8aecac227ef076d6e61c1f4d4eb5912af3d55243db263a04b7bbadb743aab99c16fd5134f172680b2ccac082146a3c148157ff5691d4339

C:\ProgramData\AVG\Antivirus\gaming_mode\asw3c4820f83cbb6cb0.tmp

MD5 1527c1fd5da898c3bdb68b8a105937a4
SHA1 d0f9fd4a698f91f54f78dd2043c1349a7e4ae7f3
SHA256 c269c9e66b2acdace62e8ab631f39c24801c4644193bb3934a8dea3c43f669df
SHA512 d574498392a55b47dc81276d63a33e9870232e77f60ac0d78c9bd29e3d419d015a19241e86a7963191643f6c0d0fd2db613ca5290d559c3801358a60fd5cd27b

C:\ProgramData\AVG\Antivirus\gaming_mode\aswadde248ae6c933ac.tmp

MD5 9bf31c7ff062936a96d3c8bd1f8f2ff3
SHA1 f1abd670358e036c31296e66b3b66c382ac00812
SHA256 e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb
SHA512 9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

C:\ProgramData\AVG\Antivirus\gaming_mode\asw64841c6c152532fa.tmp

MD5 0bd42763975dc54ad5efdcd321c750cb
SHA1 24202455a58c7ced31240a90603c6489728bbfce
SHA256 4845a0d7b287399933536c12ad5549fa4f4d49f42500c7311dc2c3c108480a7c
SHA512 9204678ddef894657c0f6bd5451294e104ffdea90dae12fc3f642547debb80435b0cc9d08680f50482bc1236daf5ae1cd79c322eadcde7765e9e251231753e79

C:\Program Files\AVG\Antivirus\x86\aswbba7e4771a412725.tmp

MD5 de4b9553c284268e834fde314184aed9
SHA1 c53931a54174a758a8604fb86a13f176adb7872d
SHA256 989cc6035198f0999362d86e3fe77e1aab02421b83aa4436ff449b8089e3da65
SHA512 51eecfa52583dfb748b752f134ac03fc1cd1e91ab4226ac637681ca8fadb5877c00f5bf0e0246d8131effa487dda5b6977697abe7bb4f70bbd2a20380c8ddce6

C:\Program Files\AVG\Antivirus\x86\asw2e2ee45c3f9ddeb4.tmp

MD5 77ed34c3380e762dd503b5327f3ed183
SHA1 cdb956ae6a0b05bdb0a0c42064e706759e1e6bb6
SHA256 1f75723c5f3e4ecb2b36a0a4c5e3b19365817200dcdc91e8c8aa7dfdeafc46b3
SHA512 d6fe69411887b6fa3d5b3ab3f8e9eeaaeeaeda7b55bcc7deea448368889f8f9d72a33752264bae1a38eef7b3e65c99bf3c4306d3b5961acab1d3113e587b44fd

C:\Program Files\AVG\Antivirus\setup\ais_cmp_gamingmode-875.vpx

MD5 657224b90d223a4d88c70d465c8de234
SHA1 71c5cce475652e2990c40b38b9f1ba7cb3beb678
SHA256 2df990792e4c8be277aeae25978dc21dddf5c27284f76b63508d692624fe0a4c
SHA512 5a76fcd07c45d7a4890cc3ca935d840c821c0cea42c2682fca697b0ce9e07496d51e9ad9619a8d59e134650498b1e9ecd5d319b5c5aaed3b85a1266a792b9f64

C:\Program Files\AVG\Antivirus\asw95ac9f9a370a5a64.tmp

MD5 aedc274353510d08e05e9c7f805184e9
SHA1 48ec30e87bec8bafd7c9a3a642a92623ac95bdcb
SHA256 5d875408fe1a4a314e38c0ed8d9ff7d05a2fc442f1c31ba1055392fba6697713
SHA512 7814a19fa8d64211127402d3b23f295d0454be7d5cb14da06574c4cd16bf614a6910248321314478c64261b1a1eb778aa1ceafcf99bd6ba572675acb11fe2b19

C:\Program Files\AVG\Antivirus\asw6709a9b94f931f66.tmp

MD5 3f386fe0301b539edb0f3c51245cc018
SHA1 7419e35a4ee4e8cb833b2115249e455d92484020
SHA256 6fc0677b21d635848cc9c338332f34bba00bc0a6932576ba93f0e17d82a98887
SHA512 977b964a6ea74c224821f545c91b73a1569fe9c55bdcdf0f3424e3239dee394a0c0d9b312b35508b3dd9f9d6429826d25eaf616dd35e5ec8c6ef1f05e4912501

C:\Program Files\AVG\Antivirus\aswb945f341377eb33e.tmp

MD5 185a51217a8b9501053d56fc05a3e865
SHA1 d3d06faac5a5773eafc3fa8ea4b591044421fc87
SHA256 3104cd5490da5663f465b08b1cffc27b8aa2eb389c51b21bdf1cb6546091624b
SHA512 2c220d06681d6bd76aba7fa7f1a110c928653ab0aa04a5f091a0a442bca88aa0174ad581d22f0f0906daf4b44aad78b5618d0d6f7daff4fd6e6d9505a34266c7

C:\Program Files\AVG\Antivirus\1033\asw55adf99a9c51daa5.tmp

MD5 45898d6ef575a94cf7c8f447f52b1a0d
SHA1 2903789a6e7d6e3b7e7338fab5dcef594aecebbd
SHA256 62d22320241e2373d029930dfcb8788ee14e169f46184806d29e9662f246f541
SHA512 cf8ba5b7df7c82ef7bb11304d6fc8a89fee379672f105451e67d5b175ff2b0af2b35292729b2b0054e37eee89df96b7b5bcd740dd23c3f9274bd135d9989247a

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw59644847a628d2a6.tmp

MD5 5dfa5673219dac88984bc417af99d31c
SHA1 02ecd7944e97530018cd6f28f4d204616104a448
SHA256 9501a0158f196b1ee5370c42607b2d07ef450785a68a00dd760afc29af7051c2
SHA512 1153c1a46056284db7f7897f342b30e6d4fdfc2e3043bdf93514df4c25e0f864b9b91962da4199db50d2ae412883224951ebc3eaf84c6f0fc3692f6e16a47b4a

C:\Program Files\AVG\Antivirus\1033\aswc52ce432ff6893aa.tmp

MD5 d345f5ba37c4842b71891b5a20bbc89f
SHA1 60bed3c9e9774207380204a2f433770c00bf2b2a
SHA256 f721371a5421cbabe60ac0acbf6af87fd3798a4b124a60c3cd672ab3bc9377e7
SHA512 b728d72376b1a3fdbd2dc1742a19c6197b42a5431e3133d4e1473c01eecbe3823162ea82eeaaa85d5b6548ffccb706940e81efd1cf040f0826540c9abbed141e

C:\Program Files\AVG\Antivirus\1033\asw6447b67c5cb3dad7.tmp

MD5 64964e03f0192a8b27391b2fc311d756
SHA1 419b0c6ce4d26bbcd8e3839d85aefa7808e989b9
SHA256 30fff47becec5188cd2ce78b8b3d49c584153c343ffa2a2d8e294c90429a6b4f
SHA512 48859b796101c2fc3a335e51be254d7843bb53cc55b049b3f84fd0b6cc6132b2e1deb5f8e7aef60c46fa2f74ec7671e26d71b8057e6fc45e121923a23d8c0486

C:\Program Files\AVG\Antivirus\1033\aswafdb86b4dd88400c.tmp

MD5 9293ab9e72ea339880ed902bafe3267d
SHA1 52c1685ceb4fb3021c30186c69a9df43f91c4721
SHA256 b7e87ef164f514767a1c16d2016f1a759bc9610bd8ad48d19e1e94f00d659a76
SHA512 bc076909c1c4aff17cbc604c53b138d8a290cbc6e398697c283a9465f5223a1f1fba29ede1040ca7ddd60ce2572ebd56f0e20426b217fc053f32a6fce464938f

C:\Program Files\AVG\Antivirus\1033\aswed3a256b318ff7f3.tmp

MD5 bdcddde17edb97e31c4807f8d7acf493
SHA1 cfedb83267a1846b4540b54671dd7d61424bad6a
SHA256 ea2948d2b0d29c0161ab035308a29f0b02250e1f1d52e816f6c4921bc00041bb
SHA512 51bc2846adb8fc561d62b4207f3bbc298465362e67f66ed2654e5eec69a3ea62e9eedfac2a268b5f92b5fe004d99ba549c2c4d6ac176044267d4c9677365ac6b

C:\Program Files\AVG\Antivirus\Licenses\asw348b50bec3fe644d.tmp

MD5 15f12037d9859d059c3a557798163450
SHA1 b3609a3d6832159913cc9b8fb128df1383087b24
SHA256 e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f
SHA512 a976ecbe99ab8f29c8290f26df5906326e820eb3f212928cd2b74783716bb6b7b6e75104140b2816408af15a1db30f4f5ab05133baa2c2d3a6e48c6d915fa915

C:\Program Files\AVG\Antivirus\Licenses\asw83e2ea38553e7787.tmp

MD5 a2a0baea9713f129f7d433dcfc635167
SHA1 349e31d4f425c71d5c63e2dcf4a19f5e0edcb57b
SHA256 f155f8f66833bdc8e0479656256bfac1d66a9ec9df4aa56292308f522b4e3fa7
SHA512 87dd90b17aed6c5aaca53baaa3d149c07028f730ca34681842aa9c855817413345af27a0bd27dfc64677ed6d9b2e9013b585bda06130315cbdccf0a27103a809

C:\Program Files\AVG\Antivirus\Licenses\asweef7ad0e2aab3e5d.tmp

MD5 a5f132cdee178b77dcac80346cc12b62
SHA1 d44350c4d2332a9a30f154f896e88a3e89016825
SHA256 331b34c5d939627eb370fe4250beaec0d0fb5edbf687b0c3631930385026cf7c
SHA512 d3e45ff903524667e40fd06870c957eff349e44eef22a2d9e9e01db9ff806dcfb3082ad5bf974b864944a6c4b2d7d9910d67e440a5bdb50be23600115537588f

C:\Program Files\AVG\Antivirus\Licenses\asw306dc6caba4eae65.tmp

MD5 4cddb654fe704264c203b4d9c7c832c0
SHA1 9d236e8f305b4bc8c486de24549a706a3957c210
SHA256 634788199f33637e3cc36c61e5272f72ccbdab87be0c07eaaaf487c5f4f1ce82
SHA512 1933696744c8a95bc6c82ef0d19e99f1d4291f6e0aaf8570e45bd74065ec076ea9b3e4b030ebc8df52903f4f98aef6a9727d3370834efb9187e4ce24ab9a0180

C:\Program Files\AVG\Antivirus\Licenses\asw480650bf229c8a2e.tmp

MD5 d273d63619c9aeaf15cdaf76422c4f87
SHA1 47b573e3824cd5e02a1a3ae99e2735b49e0256e4
SHA256 3ddf9be5c28fe27dad143a5dc76eea25222ad1dd68934a047064e56ed2fa40c5
SHA512 4cc5a12bfe984c0a50bf7943e2d70a948d520ef423677c77629707aace3a95aa378d205de929105d644680679e70ef2449479b360ad44896b75bafed66613272

C:\Program Files\AVG\Antivirus\Licenses\aswacc42f10d0eaf80c.tmp

MD5 4bf27a810f9a1f9e7c76b029b3b457cc
SHA1 8edff1174e110de6aec218a8d9ac56dbea27a1e9
SHA256 1e5a5eae04b378d12f93a3acf56dfdcac7005bdd67fe22d71c855f4e994e9928
SHA512 d818fe6f1905f46445fdbed9ea63751441fdd69651ac532aae946181fc28da8d2aac98146fb507d3df9720b24dcd2f05a20735f32e113503253fd85defa2870e

memory/1736-3419-0x0000000003810000-0x0000000003850000-memory.dmp

C:\Program Files\AVG\Antivirus\x86\asw1b04304298141d10.tmp

MD5 60776e33261c178c1232083586d59154
SHA1 26bfc8fe6bad8bef8e901c4b88960e87bf1b796c
SHA256 78d9adec99658b1b124d02c9f9443836bdb3bbc90e2b36771e440b9e19eaa009
SHA512 371ba6261534af99faafb64b829a7995187bb9e0c12ec636a16d7946b055f2596639ecb1daae7965066121dd789268995935f7ec1aaf7537401fafe4135b0d8e

memory/1736-3450-0x0000000074430000-0x0000000074B1E000-memory.dmp

C:\Program Files\AVG\Antivirus\x86\asw24f2b2d7eca5fe48.tmp

MD5 4537a747ffe285e377e6d0de394d18ad
SHA1 63ad26d18546800e944bdc1fe9ef3410c7dc5efb
SHA256 4053b872860b84093edca4c3f75cefa0fc3045e8116eecf630b29de80b276cd4
SHA512 ab80971c70982d7f32ce594329f8aa4e08468be6b659941cf0562ce17178a7075c84b5935d4375986a198c56acf4899b36c71fadb3d69905f4621b00092229b5

C:\ProgramData\AVG\Antivirus\Fonts\aswd08dd105d3abb82b.tmp

MD5 1bf71be111189e76987a4bb9b3115cb7
SHA1 40442c189568184b6e6c27a25d69f14d91b65039
SHA256 cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512 cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

C:\ProgramData\AVG\Antivirus\aswb5f1f197d7c7d1a8.tmp

MD5 773276b47f5130b1ec5909f06eb55a79
SHA1 18f5bebe2b2d7f353fe67e66dbca9da018962711
SHA256 6ed4753125bf88ecfeda9780065d3d4d44f089f67ea9d4295c6918be6c47cb38
SHA512 754461683fd52ce3c320e0c152968f613b02f38091d9fcb9443aea5ac981846679ae21a0b224587f193dc63fc5001547e39ca0d8c096cda09285387ab36faf55

C:\Program Files\AVG\Antivirus\setup\aswba62fba203bd1271.tmp

MD5 a3759d1a370be70a4435865225b2270e
SHA1 9eed4fbb8b56499245facaa1c4447cd04f67517a
SHA256 1c91e8953b7c85b339fe120a9979165748d27df7edee252667c0159c09f8919d
SHA512 4f22805c0c3825205d598b0f364ad2eb5ab0062e53cd48cb460166e63e70afc55416958e530a6c902171a19dabcc2efa1499f206ed644b74b6fb8560f47baca5

C:\Program Files\AVG\Antivirus\aswe3574dd856a11796.tmp

MD5 d002213bf78f2b988b57b2e7188853e9
SHA1 c5199ace6ccc53f20c07fb3e5bdd15d1257eb254
SHA256 b7b3eda47a5a45e74f5bada855a0a9f8db025970eb29b90ab6948233d4110df6
SHA512 a894d6fa4c1236604395e3cd3ee6e99b04b391e6dd3cb06e0945a446edcf8c745b678b784391e7f118bda3ce2fd7713ff251370544936d78093e6205ca17e8e5

C:\Program Files\AVG\Antivirus\aswc916e477790cc81f.tmp

MD5 8617be975c7bb0b00b4db4ce89ceeb56
SHA1 0b5444a3742504c063f8b293936d0f307e6ee1aa
SHA256 cc8041022961c7cd43449f6d8d8860c6ef4f041663bad55612e92ddd6f1c34db
SHA512 7f434dc8ba1e829ba0be8d112f48d6e95e30f739354bcc4458e3cd5db9c47837047218dc0182e16c40ac4e587fd2353e39ab2841a59590c8f6764e02c315935d

C:\Program Files\AVG\Antivirus\aswe58308fcbcde82c8.tmp

MD5 13db53e4da5a5fefea53b336bc2e0070
SHA1 8e8951e77c0d9dadd1e6988369a8b01684cf2937
SHA256 49cc8c8d474ef40a4ab85eb4a82bc62817d43777ddcebbaa3b70f6d4132fa55c
SHA512 ebb069f65802ce7197ec132e3afdb172aee62894d6133aefc9e2fb9a8dde43708c3b3422e80c723ff869e73721449fedd668fa6891372222420b3feb37f61948

C:\Program Files\AVG\Antivirus\asw22147fe39093603e.tmp

MD5 a4e000f1c4f0801afe5caa118d789bc1
SHA1 ace55ebdc17ff6be261c8e99c54b1274618a6ebf
SHA256 8e4417a945954809976c5a707cf73b6545650e6d118c7f05f1b88ab591cf2db1
SHA512 4730bbc49e31061569c107021c3cbcf845aeba8a6fb4c68839559db789ee920e7706f61f480f92eaaf0984ff964aa7a81972f9f7e57bc8df5aa0b293fd3150d0

C:\ProgramData\AVG\Antivirus\aswb313e21e0043ee92.tmp

MD5 1f2180e74835eda20f6d01d5eecd79f5
SHA1 996792e4411708db07954fcacc97188fde082f9d
SHA256 339161ef9b17a7ea3793c19a906ffcb1f66d8e0789800236bba33389fe3c643c
SHA512 5025ae637cfb0daa4d847b980dea7fa1c86b4ae47c609fbb633766eeb41ae61893b58685b1bef0697c806ea08007f6d09315a8ef4f9ca7237066b754a0528829

C:\ProgramData\AVG\Antivirus\Fonts\aswa64cad30877027cf.tmp

MD5 9372d1cc640df70d36b24914adf57110
SHA1 374508b24ea24906f25655de27e854e69cda2935
SHA256 31daba103891abf8b4d0537661117a8689c9ee5d91ee264f74e64ef1bb37a61c
SHA512 8100e80e7c7a6283a348fb0c2f9339600dca96f8db21e49c3c875ca6c0129d87452ca0d678904e40f65404f5c78b37a82718def85efc085d5f2c9d0ff94182d4

C:\ProgramData\AVG\Antivirus\Fonts\asw60e3d12c5dc16362.tmp

MD5 b7913e898d3cddf10a49ad0dc3f615b8
SHA1 560917b699fe57632d13cf8ef2778f3833748343
SHA256 1e90e49b182c8b5876ee6805ff3cd2e39a23fda79df33d2e8b57020d6f208334
SHA512 baee3e6114fb8b4f946cd85fac7bae19e1cc681820c6c5824092ad955e70ce7253ae471aaa28ad97412e67d4a9c741137bf3ff27233bd94b6d3a654f72adee16

C:\ProgramData\AVG\Antivirus\Fonts\asw9818d49410b51695.tmp

MD5 0018751ac22541e269f7c8e0df8385f6
SHA1 541e47f0b29737b74c2758b1f040783485de2a6d
SHA256 9f4d35bd7ca167c7659a872bdae6fde11c306b07eb5c758bae762f7258b39071
SHA512 6b6465848cdc0fb24ff2b1953e71b17c19e5e4224857df761222224778b4659443e8ce21bea15c76abfbcd9e371e607a0c1a94addbe761c2f07c1648971406c8

C:\ProgramData\AVG\Antivirus\Fonts\asw75e75d8d9d78ed64.tmp

MD5 0e1821fdf320fddc0e1c2b272c422068
SHA1 c722696501a8663d64208d754e4db8165d3936f6
SHA256 4a7c36df4318fee50a8159c3a0ebde4572abab65447ae4a651c2fe87212302b5
SHA512 948adb943bfae5807e0e88a23364d8e706a8bdfe8c4d00592a95cdd34081a64a8d44c4ba6e33a65874ac8a7117927c3de2b995fdc57c2746aedd7161df727293

C:\ProgramData\AVG\Antivirus\Fonts\aswe68ea4f4959ee75e.tmp

MD5 52f9b35f9f7cfa1be2644bcbac61a983
SHA1 c348d9f1b95e103ac2d14d56682867368f385b1a
SHA256 28a1d37668b4cf94fff5256e9639f175baf4dd654ec84ba910485d38beefa6bd
SHA512 de48b5e6751134c7fcaa8ee4c734e0f458e86fc59249ef19d9c45b7098eb7273c4119d5944332465080154a3d9c8acdb1aa84ccce011bbe5c7f32251acde6cad

C:\Program Files\AVG\Antivirus\asw1ec77ddda7521b27.tmp

MD5 741f6af7c96267fea976507572033135
SHA1 c2d977064f602fc7b426b7d66ab9e99b0bcfc6f9
SHA256 4e1c1f5af032297b002d253b40ba83909fddb62b564e96cd08d9c6b095c72efd
SHA512 2dd9c47ed3baaa406190078daafe52021ea211f7076c5ce0ac82b35113062b35d298548cab63ed07b0ef5f6805ce2ba264edcbf49ead59be9b3b8daed6daa481

C:\ProgramData\AVG\Antivirus\Fonts\asw80dbba962790ab7b.tmp

MD5 629a55a7e793da068dc580d184cc0e31
SHA1 3564ed0b5363df5cf277c16e0c6bedc5a682217f
SHA256 e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
SHA512 6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

C:\Program Files\AVG\Antivirus\aswb9faad2c0b50fceb.tmp

MD5 836ecc9e55a17c0e001b6d5d61bb5656
SHA1 fb7ce65d0ced1846c5bc976f83e84f1959c10b21
SHA256 c9fe1ee8042f5033881dea8f2e671978be94e73c06e3deb6f1256853d10022dd
SHA512 c61b155ec543993d88bc4ef948fe4c7cbf5070e4a3a264cea018be65e548f14cad1acde9756111c2239632a006ceab3e7250cca341c6e8c47dfafe56b616d962

C:\ProgramData\AVG\Antivirus\Fonts\asw4c8b9a7582184457.tmp

MD5 c7dcce084c445260a266f92db56f5517
SHA1 f1692eac564e95023e4da341a1b89baae7a65155
SHA256 a54dc8488f8193bf30c3820cf6f261f911f9d328d699e1a1b8042641554cec70
SHA512 0fe7ec4c8eceafe87fbbdb9780519faffb646a23579ce5a4f5170808284c1ed85b9aafdab18cc4ddcaa9a7e6e2559fa6ed984d986ba93d1bbf4bc0551d5661d0

C:\ProgramData\AVG\Antivirus\Fonts\asw66ce438e6ea0df9e.tmp

MD5 50145685042b4df07a1fd19957275b81
SHA1 c1691e8168b2596af8a00162bac60dbe605e9e36
SHA256 5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
SHA512 9c995725aade5f126c727faf1c4453344e37b590a14152d31d44dca3c9328a54207bbc7c840695cb55bc1b559097b457888655e11199192cd5197c85aab8b1b6

C:\Program Files\AVG\Antivirus\x86\aswd80841fcb6bb3654.tmp

MD5 e71043d96f2926acb4f1f61fb89b4c11
SHA1 4e8867f93de33f77b5124bb177c3706b620dbfb2
SHA256 236b43a3f1314bc9a502cbef7dfd9fa9eb191408c05971b936fac8f36b8cfc77
SHA512 0a3c5216132845c1bd4d0d6f553de38d9b0b01ae3e2168dc7a34555e00e5a1b266a3ff5aece46b560abc540b79a7bba3549e14b932608fb7d164a3257c25af48

C:\Program Files\AVG\Antivirus\asw418dce04cead8e05.tmp

MD5 1b1cfef728c84293fd7f4c72a4272c63
SHA1 9fd298719745f19e3f4708490e1bc23a9b0bf37c
SHA256 df81a138e46df3b1360de0b061a639c0219e4cffdd3952e7bb031318b48c0eef
SHA512 22e269c0556387d1e4a0a73c192a65708617f16d6280d6179ff4c5fa0f3bbaf54caf2fe045830d33ce374a88ee0364a5ea3ac5dce1455dec20b460910a916d22

C:\Program Files\AVG\Antivirus\x86\asw44a6f9f8a35bc7dc.tmp

MD5 6026205534f5e1bf8344f081ab8a5076
SHA1 d33217f7a91681102dabe8107d28ad5cd560b43a
SHA256 3c2c398d7f7d4a3143a356eda60f5d20ad8b092c3f7d8c0c852788bfeea40839
SHA512 75a5582a2857a0f38e33bd7178d44ea70e0d619df3b06cc58e006f6e9c3eaefa25cb35c0fc22257b658397a3ec8684ea79e0cf788b90861c352ca8eba425b2ed

C:\Program Files\AVG\Antivirus\x86\aswbc15f802fbfea75d.tmp

MD5 a771884654d233a3a7d7c16c06c634ea
SHA1 9e88cd99a57a53e812072d28c67dbc2ac4b7b98b
SHA256 5b4c8b5e57a76f67afef9fd28c3308a624c916e689fe5e65dfa92bc106dc3c27
SHA512 b1a5652aa8a9fe56330f49ccee8766ca5f844c190e92e8ec73d10630575c30f09ccbd7e86f3825b2e4f8ec1311977525206905fbd0e9099de4575d73a5a520e9

C:\Program Files\AVG\Antivirus\asw09ad2be07bb19f69.tmp

MD5 3993b97df85095e8e8a75c21fdf88032
SHA1 5fb420a0d29520788834714e3215bffd1be43191
SHA256 25e40489565bc09532a88da074511ac7f5865c011cbd0f8a106f60232489ade8
SHA512 d7956dba316571d96e307e32070e0e08b991df936db32951034b30d070f7e82673d3977aae118c4be9236e311d62591eee92f5b2dd6e878101962a9717ac39de

C:\Program Files\AVG\Antivirus\asw757fffadcb62000a.tmp

MD5 3a2a835a04c93b72080acebb3522c8c2
SHA1 18c1d18ce5c939c3b2d6332f88ed96783c853faf
SHA256 1620919ffb0c79693c5290a541b8b3c470f0862e23eba01de345013becae4f73
SHA512 b58eb17d59a91994bd9d432ac7acf5948d1775a3421665d40e3153cd5e68cc4e3cfaf8f58d095e6eba4fe411c13954adbefb5b0690588dc6bbc1db0440928bc1

C:\Program Files\AVG\Antivirus\asw6d8602458970d6a3.tmp

MD5 eb74c3322098ef9dfad0753dc11df3d9
SHA1 79c1e957b1d840c9c435339b3fbde26a6be8267c
SHA256 0e3d2dc9293660a66c1c9af0c4c66c45582ff381c4137feec1464a54935b6fb3
SHA512 50bdb454efa90fc57c020f6f26021d0e33e34f83e16361c20b57be238075bf4f2bb9d6c17e456e8c94c717a5331742dbf21808057042921d30232be06bb0a72d

C:\Program Files\AVG\Antivirus\asw2361c92cddc56247.tmp

MD5 279d41dad82433b239a0e0b3c846317f
SHA1 a0bc3c142bad59d3f4d2fafa33705986fd5d92b2
SHA256 40348291b16de5628f7682c8e175f1fbdcbdc7e6276e9a5e5f67d82ee0c8af2a
SHA512 85372619ba77d735078bb4f42c94c77dc35d5caf01076b5e76366cbebd6e2a01192ad5bcd1bfbd3421317c8904fdee6eee3b0f6159c67d5f390a65a06a062ba4

C:\Program Files\AVG\Antivirus\asw9bb890535349c541.tmp

MD5 5c5a0942d53229fae01d697c02db5774
SHA1 2a1253084891fb27b3664179209a0022cea27aab
SHA256 fb2c4bd19e706998fedb683a7aa40f84a0294aa215976c6166f38c082832e319
SHA512 444bbc517867ebd67f591ac0d0c0544f38405245defd47cae598105814cb6d6d98b8af33f791c146c57fae29ed7f84ba806a36d4081cf08194d0094cb7458538

C:\Program Files\AVG\Antivirus\asw3a21cc19d1ca7320.tmp

MD5 42b849abb4b5818f59014a8c5e9c651e
SHA1 4ec90edd958d65b952e0d4415fc3babeea97f7c2
SHA256 1c542580c438da698fcd5e322d9fc20967052c53a3d7639d6eafce6799e0d5d6
SHA512 73aeca38901af78e97f47c6db348b59f98b7b94f74a1ecfc0562cb46210e97730829ca93175dada34b1b5c96d43a661f3880737d06cf34ba2707b906dbe99e20

C:\Program Files\AVG\Antivirus\aswcb48d222097b3ffd.tmp

MD5 21f7b40c23c1284b099a96f08d2480d9
SHA1 9ce5070ca64a97c47e6b310be70e37d69a97b44e
SHA256 54c4e89acd3a7fb3e4126c8f6a4bd2ba90016b3e3b7d5b87e51b55c222ffb6cb
SHA512 584e05ea3d5b7d2cc2a7a934f839a17829b422e5f612960238b65c79740242c297669e62f780de6fc7859a62c142a8a7fc933ac73c7f0e8f7aec1c7e457d49e0

C:\Program Files\AVG\Antivirus\aswb7248971f98a7e8a.tmp

MD5 78aee8011e6e894f197dafef7dbedd0d
SHA1 e158330eec2c6ff217a3d9be190cb26693b6dd6e
SHA256 71bd215dc5c6b4f7199254e3167f3ccfc918b097975c40623f1bf6b20ce1532e
SHA512 276bb48f8d3d829cb5c665a8a8a75cf56066d00ea105256220de3dd7af19ea9cb21f68313e08995fec06a312af126753374a8e8ca1ae8e9c9a154766073a23e4

C:\Program Files\AVG\Antivirus\aswe39fa6095e18611a.tmp

MD5 bdbfab9d223d4b37d1a1cf2a8f427acf
SHA1 fa6462d29d5bb763493278917a6b4d74e7354361
SHA256 df426da4dd8cb386c4ec82cbe00767dd7b6a313d980d36e75541acd48e37a0da
SHA512 0cdbc9f17ba4ce746ce3db69eca3130abb4e2395448a686deace85cab0c4549f7a9fc78dd5258d08af6d794f4fb15d1ce00535ba774af111b4ff4195a95f3022

C:\Program Files\AVG\Antivirus\aswbf5ee7b16be7fa59.tmp

MD5 58f1f26a34fabf8082081db7628d64b6
SHA1 3a25523c0871c047d0c52b98594b95b69e431472
SHA256 b771f59b968462d8c895c35f7424649687f1efe7bd9772294252499999e1a7cd
SHA512 29897d2c33aaf0c4367be2fc4d794fb58214eb871d33d177f645f899b4e8a6918ee1529a88a6eda7611835d441a7cc32789ce8202b8eed254237e9718468a479

memory/772-3772-0x0000000005390000-0x0000000005392000-memory.dmp

memory/772-3771-0x0000000003720000-0x0000000003722000-memory.dmp

C:\Program Files\AVG\Antivirus\aswf82c55c09f12ec85.tmp

MD5 ec08498e20e681e984171393102c45db
SHA1 a6acd978b6f9b54a2bddddd056d9d8c171ab57e4
SHA256 c7adc117a0845a8772c12cc1525807c3ebb8ad7c90e4916a48416d5128b352c2
SHA512 008e16e804b7010a261a5ffba2b5da8bc099da8bfe781576c7e895e41cd4e78dcf0cff2cfa146a5cabb4868325d84398b8c42a8d2d4024e5f300a203f811d4b8

C:\Program Files\AVG\Antivirus\aswba2a4dfd4f18984e.tmp

MD5 467a13744e83e81b46e48a1a2ade004c
SHA1 b94eb4be1b3335ab202eebe8c8a2fc509ac081d3
SHA256 1f6f59dffecfe74b663ed67e7074893180d0779d0e4dae5d04ac9833767dc1fd
SHA512 c1ceecfd3ab438f52b6f5efd0469f9150f86301782297b21e425563b5062932eabf5da223df27b7f9837b7efdb52252cf1da5d25013b6f80af9aee9c6364742b

C:\Program Files\AVG\Antivirus\asw6f6bd997740ce0c2.tmp

MD5 5609bfaa10b3e413a9cf5d5a7e33e9a7
SHA1 26b9652e8ddeaf3ef862cb8970d9da93ef715631
SHA256 e509cd05fa5b082505aa0f6014f905bbf39e6ac3953dee3f3c7756acff1a24ec
SHA512 4683ed570fcc2b5e2659228c573239d760d5ddbe739d08bf8c0e5138d4a36c52b6d2878f2e4726a4451062f57a135df676797dac33caf099c89ba21fd18bd174

C:\Program Files\AVG\Antivirus\asw55fcbf2d8f111859.tmp

MD5 79d68f7bad792ebde2a0b7cee23d209a
SHA1 21bde27e95be37772e6a87db5d2b2e15c26b3030
SHA256 195fdfeb9305a1b1af9469d431b5c82976672a0ad241d20d2eb0beaab29174db
SHA512 2361d96c42add898f807b06b0aa510ec6f3ac32e08e96d85e21a168899224f8832f02f9163b045dab843a25032f2300a38058ee9f37720252dec54f60655becb

C:\Program Files\AVG\Antivirus\asw0109c581dcb2a968.tmp

MD5 c4b3a9b42f7e2a3c10818564a78bcd97
SHA1 3b063fc133d914887cdd64e9108334f25493826a
SHA256 8a980ddff7a2b3070f631ea70fb0d80ee1ea39662beeeb0f42e54fa8650af689
SHA512 caae316a395168c504b8a2a3aeff2601c87631ebf431b0cfa9d30fb49d11d8a5348fc5cc4392cdb42f7b726005f3c7203d6e1751fdc368ca450e9944e56b71a8

C:\Program Files\AVG\Antivirus\asw66acfc7a66c4c077.tmp

MD5 78ffbdae6434f9bae6ffc42506317fef
SHA1 7e9839ef0f27c81d3c160a950c3625ae83b12f73
SHA256 03d4c49a5d8533d954ad43620159dc8ebb49211481bf51b9a4443600e0b79986
SHA512 f5e278f005e229cefd1dfa639cc0c267ff74c09daa0670d3dc1140129c108d376488b469194444cd0a3ccf32f860725655c3ab9a995d74cb638640f1ebbfdba3

C:\Program Files\AVG\Antivirus\asw9391a8f2bccce572.tmp

MD5 662bf2299c5c1c555a2f74a0b6436ff3
SHA1 b43f69747686ebcaddd9d7f6d89d7d76480ffff5
SHA256 928eeac8975b830b7a3d64548e9ef15dfd631c37ce88f9c19de7d1f845180329
SHA512 28c2177388912b8d5399c672339785b736221949712425ba31140527e46dd46ed8102df4ef03041db530ed4545bf74a2f3f9d4e26f05b8206afd0361c1107464

C:\Program Files\AVG\Antivirus\asw7cd7ae8398e9767c.tmp

MD5 d80f464dd65efee6663114d02afd5102
SHA1 cb26ae25e1a667975b128baae6afd369d7359009
SHA256 8819856e25de8b233ec4e4d025d7ccfe0f1e0cfe787f544bf064023fe5d81c1a
SHA512 959fac7fc45fe8d4aa2cce97b5422edac91cb772108b1029153b62168d52382de68f2238994fcbb077d69031213b99cba37cdf05dc9c427ee066e55baf9d3b7a

C:\Program Files\AVG\Antivirus\asw41f65c0231b422e9.tmp

MD5 6aee97cfa7a7f0e972f993684077047b
SHA1 1f85a692dc4ce5615e3435ef339b7a071211a9c0
SHA256 0be2c358103f67a90f4c2bed6f26a6f029faf91842ce0425087167ecae2cedcc
SHA512 377ce17c5d7680f9655cefe3ae327af268648949a840f6bca01c10a3982449348f872a3d1d23fa4ecd025b57d653d6e32ba6b2f51bed200663e7c5a7b7673065

C:\Program Files\AVG\Antivirus\asw8ba444c21f6ff328.tmp

MD5 1d2897cfa3e2e40ba123c66d207591fb
SHA1 9a4214b278b871326cae9744d0cdfd3fd0879fb7
SHA256 341567d0f918c3c31a9dba7c61b56918ebc1b45f695ed3accbbd415dfd552f37
SHA512 a3d0ec7e21f5d543e362239208223575feaee4ebd89c9fb5e1de6cd8160d3805bf9e6b75b9ed408e72c5edde821b0149ad578ce5cf95951ebf82f847b33ee52e

C:\Program Files\AVG\Antivirus\asw11b2b0932a5dc709.tmp

MD5 55091713ccdb8853526fb8cf3ca5235a
SHA1 0385ea08ad02848069d065cc3c193de9cd10d7f0
SHA256 72a28331cf61f347d6bef7ca2ca9d070f439aff47fcabbe111bbe7b95ae2d8aa
SHA512 f4af965f880ffc1208d7f193623bddcbacb9e5f0e401671a94b867ead17e4ce411a05f2bce59efd9cc69b9e965b3c676df6cdca2341a32f70acb553c4738cef6

C:\Program Files\AVG\Antivirus\aswcc0b00797cb022f5.tmp

MD5 04aa78fa91d9061e91fe5d6ef3daf05a
SHA1 2408a4320f82140beec5fa86f9169a70600b017b
SHA256 b689fe12a71701d1d4ac1daaccd6158b26c4fff62a746ad0694538a5da0dd2e1
SHA512 466daac3373738346a14fd73c0eb631f88911b977613be40882e66a76ff71adc3ad38e52a7adf0364e26412eebd2010cdef1e82069b51b4342b99309fcea08c8

C:\Program Files\AVG\Antivirus\asw31c8e10b7f83f522.tmp

MD5 fd11e66d418ef48a719d9aad2f3dfa53
SHA1 efb0c98b7a244d56ef2dd332a2875eadd7b606a7
SHA256 478e257a69f99d0253a5a22a677d0b85cd6979d22dec44183a528b274b28376e
SHA512 c33fcd309d67e64965a9d98ebc5c635c9726c2180f3dce56cd1c7657df066f32ab49b22ddab8a28aa2fc1d2584f0a636b1f18dfa8a4cb1b57e94139c0a33d4f3

C:\Program Files\AVG\Antivirus\aswb6297d05150af4af.tmp

MD5 852ae9e1376837d92d8d90056dc237b5
SHA1 bf17d8c8525f4a30df62284209a5354c5856ab03
SHA256 220cc6edffced4811cedf893774e29e866889bd2330428e27727305339eb90a0
SHA512 b86e7bd425a582e90c7b5267cf2b7272b9ef168675a9a001c0e34554aeec51576f32338e13b3a91a1e4ada82d6d451105d2550072887d4e9440b1a5438fb4b27

C:\Program Files\AVG\Antivirus\asw8a0368eedca82958.tmp

MD5 93d3c272852e04a9ed19f09bd424f408
SHA1 1bb676adc614038569ab2fe967f6cfdae57c7244
SHA256 ab6f01a52d8052a2adb6de387db8ae8124d9ce4b7c3d21aa200b58a6113d0d32
SHA512 2ae3f78030dd1081dd815d15fd113130cfd256e2118f59ed254744904297d768891616ec9ca3ae07ff89e1ea27505c4943b6015d425ef58152084adb651a39d0

C:\Program Files\AVG\Antivirus\aswfe26c2c1b4a8ac93.tmp

MD5 6c86a5bcef482fe3b94c08578ce440b7
SHA1 ce2a28c1210b0594c8702fc8b21172570037ce7c
SHA256 cb3060b19b9804b55d87cb07ecd09bf7fa5bcaaab544c570812e9f8caf91796e
SHA512 3f150f7a515893f9bfd5df6c67f26b90dca76dd8977a9361953a1389e08c9dcc44c96ad8081f21295beec107d9e27189569def14a3f5dca919e2874d74683587

C:\Program Files\AVG\Antivirus\asw742b296a75f20043.tmp

MD5 766add0ca417daec4c7730bdbe5c668a
SHA1 1c2f2669bfce4b59390028ee216634f1c253d8ab
SHA256 aa014586496ace97fd5aff15ddc880684952fc0be745b820510be06f3ffdfa58
SHA512 0e984bc92fc56e3d27fe597443d9b245c98972258adc0879379c1c7bf972402c734150f17d8a7172ec0f12ab87e827dfbe7a807a3465bf4cb35c3223d2892649

C:\Program Files\AVG\Antivirus\asw42dad6c9161a40af.tmp

MD5 eea77de50982bc42aff31e295d89cfbc
SHA1 a971d8f3ddb521de0a8dacda6cac1b26e145659b
SHA256 8652652589999c504f3e31d6901e9d23f3764a39af582de768ba7225a71cc343
SHA512 f4157f10fbe2051984b286e0c2c0fd9e3217bdf4646d155a6fd3f72fb389412cb6d80851dbd2dee11fa36f61ec18ce7da58415829b4a17c79c5f8b9cdf2f0f79

C:\Program Files\AVG\Antivirus\asw499db17a9dc2a312.tmp

MD5 11cf19ccfe669a0e4af27cbf401b7cae
SHA1 0ea5d5f6477d7dfa3e886183abbc27e407ecfa01
SHA256 963a1d5bf37cf883dd1c179b7f58191662c379bf880d6362106d6fb21638bbaa
SHA512 aca59870257e2fe6d1b7ee1daca8898032690bbc610063a971d9559e22b804f46b3ce88826f453647b9ae6b1c051357702fd40fa06d1569e85288bd9b652e3b8

C:\Program Files\AVG\Antivirus\aswcfc32f73d2cf7763.tmp

MD5 3474f917a2fd3efdda32c3a5c9b9b930
SHA1 f8766963ec9743036a3c41eb12d5dc6119d643c7
SHA256 f7a0a2370e0f155cba75f2f844a749bcde31ca9dcceba3e9dae80b2492824ac5
SHA512 44259dc695bd71c3c6628041eb512c04b698fed50d0fd94b086fa7373b2bb4ab6c427566e5c91dd1654e7f4d8df2dd8f80c171dc4ee2efa2cdf4e62d10543790

C:\Program Files\AVG\Antivirus\asw7e646040a029a598.tmp

MD5 7cefa19bb1eaa218e139641afe5f7ebb
SHA1 a7e9779e8638eb304f6ed251c598bd49d050bc2c
SHA256 1e7fef380e3b0a873ec4f19e089af82d40e1999163f4018c316e93efd725a8cd
SHA512 0336c0984f01fc432442a12a5d3084dfb05c9b1e44a253d1073288cfd5ce0da4a0841ca6989047697107d553d7a04f354a6898f1d00f2f7efd6469dd50a49f1c

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw2d26b5d3f6c6b51e.tmp

MD5 58f509d032613d06fc8459a6ac68cadd
SHA1 da5dba4006bd45de727b7837936dad598d67de8b
SHA256 032ff9d6aa8f65b11ebe6026ae56ae3d33d3715bea14f4a5649735574a127603
SHA512 2fe17149c4d08903fc12fdbbb9fb7a5121e97494db986ee413fa54c125b6afb94e8bfa7783d78fab802b06676bbb181f52f05bd7dddfcb4eee461c88f139a8a4

C:\Program Files\AVG\Antivirus\setup\Inf\asw5d35aa015a3648b0.tmp

MD5 1e641278d37fb0b251a6eece3f192197
SHA1 dac6ab58e460d1d21d969696ba66f3b67815aadf
SHA256 f16aee68cefb1f066e42876be0d110a800906b78be99e35d8f4e79d566236a24
SHA512 4b665f2ff8b6bc91b6920c67b4191d6f0677e1dc562bd7a2723a185ce0c664b2a4fe8182fef50b6b9de50075630a7369dad0e474b039de20d523d1af592cced9

C:\Program Files\AVG\Antivirus\setup\ais_gen_openssl_x64-7de.vpx

MD5 33fa2472e16d1e409eb5b1c49ca7793d
SHA1 b2079c777d7f98d378f5a96fbc2c78832bf66ee3
SHA256 53c0074fa601a891a40a46140bcf56609508a74b722269cd7d385ed353926f3e
SHA512 03bb87000d6e0de8cdfb8aa69f227ea78e443ab53c351a3eee37315d162b826a8e15093246ca69b496929b3fdf7bd7e4ad55301e165dd9298d7895b1d5a09e17

C:\Program Files\AVG\Antivirus\setup\Inf\x64\aswe4a57f9f020c0bec.tmp

MD5 abde253551b1f67b5778fdfb8f3e71ab
SHA1 baeb84a294655ca25f7d868056bb39f45729a72c
SHA256 83447af6507eb4d65f82581fe55afc6d8aeb78b8852665734a8c62c6ba9c3ab0
SHA512 a89218cc8a04009fd6e932afb3cd00b96cc4b81ae09d5db2601cb3afdb849bb786a4f44ab73f9741fe726b6256aec92b6a304ca5e06e8e12a1d4ff310d026899

C:\Program Files\AVG\Antivirus\setup\Inf\x64\aswc666fadd06ae36e4.tmp

MD5 fd3d51aa22b69f4be3b3e5aca83a21eb
SHA1 1a8c81edb10d625f054f29ee04c7ee5b566da03d
SHA256 4bb6d92bc483e86db5bee618329ee10df9a54feb00b40ac0ccb9473ae45f3d97
SHA512 adcba1f2ffec3c5a4fa942498c85421aa08a3e7205bd9382729b3ec6b37de9c52de22422e70902d0341ab7046aec4bb69f75913981f58c54fbd6770167b687d2

C:\Program Files\AVG\Antivirus\asw9a29211edaaff8cd.tmp

MD5 568ffa6a25b1ee0a96c97516f9810ff1
SHA1 2dc338bf9ea538f908cca64658bda7e8b98088c3
SHA256 8093bfb04afb7b7814d8dea1d2e0369afc804518db9659cfe15fdce2673d2366
SHA512 5b4d0f589526ccd47319521e5d1d0ce9018e0fb49782c023eff65d52e8cc120a49125a7de7d2447ac5864e0282dcefaf721fd1a9f39ea7f2fb91fdeb60215d1e

C:\Program Files\AVG\Antivirus\setup\ais_gen_protobuf_x64-7d0.vpx

MD5 8c16a9e8d3892f570d50e9aefbbf9f36
SHA1 e3923a10ef054c21f82a5e3f68ea8878013c70d4
SHA256 b66bc48a9ab871eb481905ce6ff6b1e5742899e272e36c936a412227282de0d8
SHA512 51356b56f2419bbc1fe8ceb9266b27350ce814886348a1bac44ed1175df5f8c644e195cbca1fc110ce63dd8ac3a79f3c07164018386cf4f1658fca7625cf851c

C:\Program Files\AVG\Antivirus\aswebaf42dd89c4d08d.tmp

MD5 aed16f30b0a9b48795d4c1d9b1aa5d23
SHA1 95a6b0a0d26c1b888b9a8d1e1f35ee0e356e20b3
SHA256 835f5883e0232c451865c920dd95d1b2c468ffbe78e1b4ab49d4c79e93156a3e
SHA512 845034b371159c1c84bae8f0944cd18c73607f0c3f7dcb3618bd129f0afe8f1edbb09eace88cbeb1bb96799222d83daf8b39ea58565736df497fabf274f38a01

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw0ea93212f6986cc9.tmp

MD5 8420f25c8ac51c8afce6c031710613a4
SHA1 cff9420870fe4ea580c27ee18bf4e907f2c9f309
SHA256 858e4765922d45bd35e54a4d9a51b1badeb63f17f45d61d4ae1e023d7cb5b8d2
SHA512 7af6f944325fa4cd87e81b31aec2687157588400242fbd290bce6da9a4041311c7494b7c221bccf67e5e98a4cf463df03d0bf26befbc0353015e0fd8b5859c07

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw033181caaff753af.tmp

MD5 84115eb15dff3146e91f8074c1daa52f
SHA1 949e9f7a16150ce7c8c8037ad5c28dda7af54655
SHA256 ffb2aff4ee36f1aece1d27b89aed1ccacc3a639af32e9a11a17b8c8af0498a1f
SHA512 228b092d1155a6b187b8a831775929bd2489b0cb4f8a15158df17a3812882288f80ba1d3772d5d2d75c347cf25e4bfc1732100c6d3b943c50f9fee3c74280161

C:\Program Files\AVG\Antivirus\asw70ead1bc7892fd84.tmp

MD5 e880002ae597113407b4d6fbcfd968ef
SHA1 204b606153b9d56793906841dcfa0f6297461974
SHA256 9bce8f3619ccd9f0dc85b9da7f33b90663a11610a90f0e424124d602f201a1ee
SHA512 fde883522767709f29e7eeefbbdecf304666800f09b3c91a55270e17cc84885047c8cf38113a7a4f4a6a7cc24fcdd89ad3743016a4cf80b25af4b8e4ac00570c

C:\Program Files\AVG\Antivirus\aswc99d7a5983bc4959.tmp

MD5 bfeb1d95bf17956373cc5542ba9d4365
SHA1 640d7b2a40aa3351a2d74c629220f11690eb2485
SHA256 e6e95b7a0a382042b726e981ac93881d93ac6c57683f9d175495cdf7892cc9ea
SHA512 2bb794a9a6dbb90f97c70b1a23cc9da864cb965e07ee980c6498dde42d898c41a2ee7cd31717beaa5880d96fdd951a164d29b23437c376990331c06306f74375

C:\Program Files\AVG\Antivirus\aswf00eacb87776c299.tmp

MD5 8ef29d203d93f49871db745b20042f07
SHA1 694d20a2356766613ed9cf6436411646a82089f4
SHA256 0559ecd8d39272b751fb20bf2ac8f9619b3a14b091e7b300df3e605db75f3f4a
SHA512 9905f8141e7ec57d8eaac84afb6630a3f940f4426b6a885ac6ec7a3cfdaace306c1ccfeb8bd35f7be111a29c0a97c6f6db0ec2af969cd790044ba5ffd02405b8

C:\Program Files\AVG\Antivirus\aswe25c6f0b4309c11b.tmp

MD5 4696d62502f5a98d625d8b5a64f6600e
SHA1 7044843d86f0eda79541e8cf6ec9a21701fdf69d
SHA256 73301416c315a66df56d028aab90831c0dc0842f690bdce0fda868f78583a890
SHA512 26cf2c35eb577173b505f967d79a1da4064fd113dfb6d0e0ac931597660fde30bb65e48153c25f3aa1fc79ef7e2d25e150e112a02f330f079e9e403132c3d720

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw462fc55b5d8cd607.tmp

MD5 5a484c6b6897256a02f9bb3a7a8fa4c4
SHA1 8fa9e8c1415613a60472bdd2916682375d391a59
SHA256 7a00c484acf45792d9ad046dc0685217de4062dc767c9409351cda075d69ae40
SHA512 64e4e05b92223b33d9af56e66b193764665e08681a2dc4ed11149baa93de01378d9810e13eeab74d88418b80f3caac16cecc4e33207ce8e025aa855d535849d1

C:\Program Files\AVG\Antivirus\setup\ais_gen_tools-876.vpx

MD5 316eeebc617fb7e24d3d50394e365cb8
SHA1 71d27ba559c29bef1680f9b294d11a4ee969741d
SHA256 d24f28ca191dccbb6f536d4710edd8d51e8bef27931baf596e66ebf7b70856a7
SHA512 5913da7ece8662adf89182f1fb1c24cd8acd18fb56796f4a475ba81f3e23be77b1cf0e6df53eb03579f219f73090a55553ffe73410a1ef3864eb07ec4d65904b

C:\Program Files\AVG\Antivirus\x86\asweb159d511508e1e4.tmp

MD5 10956219dec1c7b83d4fc346a07aa11a
SHA1 85101445670a6437f2c5e6b50fb6c729ec857db0
SHA256 55e2b08729fe21937f2a41c314a7b15758314d1593174529656f9e0d223a3f0f
SHA512 6604518c0b238a1c34b33a14da48f722b7452924788cf02b21ff999a7d1bc43e0625d43172605dfbfbb6b5fb99069572719fbbbd94b9f8208e771007584d8deb

C:\Program Files\AVG\Antivirus\x86\asw228ffce96117f968.tmp

MD5 ca512ad0a086ca4c73a725f667ffdc5c
SHA1 75799b026ddd8f1884e8587fff5a2ad4ab81adca
SHA256 5741dbd0887a03ea7bcdbd2fb50d10988ae16c318071c80fb2a5889e3a0b5aaa
SHA512 97f1faac4df0a4ac36d48d1d5e2828dc7b4bb0aa5237b202a806d03b4dd8fce40b5b5dfde56cab0fb2e9c0c28cb6c8c09b8d8f7770c838d36b12749336cd8f27

C:\Program Files\AVG\Antivirus\x86\aswc2ea87c1c0ef7b1b.tmp

MD5 9a4a5382045909511d23b6c45ef2a8c5
SHA1 c737a2fd578fa4dccfb723ae941307db9f76459a
SHA256 a80c31eb2e8abbbc120f1ccd65d3a785d0ebaaba4b8bc462e8aba72535703440
SHA512 9a1204a3a2253ca162d82618fa5e80eb77cb86c8e57856b43de6d2a927a04444456d0063ba51fded1f20a2e6cbfa661b8f589d4e2e9107813fa94f496b553c36

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLQP3K22\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Program Files\AVG\Antivirus\aswa4ae9ec99d92c886.tmp

MD5 59a594525377dc39bfc4abc01979a43c
SHA1 2688e40de5078add6dd7f30e686f6ed1e83a79ab
SHA256 72237d6d18157f5d262edd43ce925f86ba28de69d36972fe63d1d21338bc915f
SHA512 8b551df2550838c333df889f8f38025a615375e6022d8d2623a0d348a544a7e3651ead6af8f124348c4a99e9bb19c37afc18f61966675cfd058a067b29a44ba9

C:\Program Files\AVG\Antivirus\setup\ais_gen_tools_x64-876.vpx

MD5 7c2b10d643e681f8602a850c86fe808d
SHA1 b2220a6c5f5f7135c3fa1f65a4e61a8cf10bac15
SHA256 54ef2302af33d9706aa86902e029e4e7dc89eedd04622511bbc5cfd085f0a206
SHA512 4bb78424206cc236381eaf1b8c4a1bb6e48776cbb80b1660827a8c814beeab1e29d3fcfeedf8ba436e6a75e4efc85985b424bd1ec8b184b74895bc090fbdf621

C:\Program Files\AVG\Antivirus\asw2e8b0786526ae5e7.tmp

MD5 92fc27c757342076a073c9a6f83d52a3
SHA1 c8a9db55b5525de7bddad0e8347594d21607c345
SHA256 a94c724399e50bcfc5ad28f11a62d07742b89743f78e57f6ead9b1c5198cfe9e
SHA512 88256c513a09e0a4a2c5ac88db58e14845e7de1e0606346a044253f82e090ada0ccba19dc728ee745e33cb551cee8c724aec69adb2fa233091f8dc88604123c7

C:\Program Files\AVG\Antivirus\asw9d12c018aca0830f.tmp

MD5 f3aa90f5d2f5d1d555235846685abf63
SHA1 5374e5c676dd20fb32c58d04677323c271e8c369
SHA256 ce57dcb4f94d664a360f965f87d6eb146294700c52d5d32c988830d1c858decc
SHA512 c9e1d2066b5cca28d5584c33be07ab9bc5c2a22ec0a5693d68311b32b91b8be8a6509cfb5c5d72922dd3cb028460830d3e4eb7e48d8cc1bf4c2aa166053ff21b

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw8c6d22b6c5f123da.tmp

MD5 0e82a16e8021f0e40d3afbb701fab295
SHA1 e17e3084f1d4c33e370fd42edec176f1e490972b
SHA256 5e2e74f5273d8da656c97623aaa494ec5f8cc99323b817e31c07dd0ed871555e
SHA512 a886fb3dcb9347536469f07b7e0d2e058a5c60da2f81e76ba334718beb49f8df3eecc7fb1e630976a05230680257ed1fea00746ea115fa44a3b2cd5892492c9c

C:\Program Files\AVG\Antivirus\setup\Inf\x64\aswfff1f13ed6b5c080.tmp

MD5 f134239c290aa1fe4f52ea76603b5435
SHA1 c746dbda3466536b458190544cdf27e3def5dcac
SHA256 b8d7bcfec3fded05c2ccafddf23f3bfaed1d83ba4c7116caaa7aa9c819bb318c
SHA512 81563f7ecc9691735df79507783fc18098a158b8c7b8965a1c6daab18f01ee2ef11f4752867f56f925b12f6d6c91ff3fb2c36f67a040dbfb47523fa9edb31a4a

C:\Program Files\AVG\Antivirus\aswfce80b1a6b65d978.tmp

MD5 49fa9fee4747d21fe5996aaba3b402f2
SHA1 190ead145e895954d92206875ad40afd5382cc3e
SHA256 66fb32fe0b8c2ddafaf490da38a01be15998beb5a103666cedda33b9ddd6dbb9
SHA512 b08767487d301d170d46190a442fd17d656c193d55440da2b9a0a0b9dd40c32b5cf3c609be74845f845cefde9830941e0a9a49715ecc95fac77501f0beed42df

C:\Program Files\AVG\Antivirus\setup\ais_shl_mai_x64-82e.vpx

MD5 b65e694aca861379956ddbc061264f1f
SHA1 ec1fce212e76e888dbc0d5035ddf3d8af9f505ff
SHA256 2e2fbaa9609595521189d37a84c77eb71c5c5fd958358ea8e10848853384d966
SHA512 3dc20955337e6ef50de726d3113973666ce884735e840007123e3fc742e3c6926a0a9d059955edb0d0fc1a690b864a5b00255852cc0decc852d7826ca0e6cac8

C:\ProgramData\AVG\Antivirus\HtmlData\aswa9ad628528459a4c.tmp

MD5 c69e876c8bc4f3bca56ba333eaae7a71
SHA1 d00ac516dadf10b6a9fbaa8b6fd7f7800511d36e
SHA256 d1e88cc6880e3667b06b2d006f5fb8516f28467dd1153453c1bf954571fc4f00
SHA512 3453ec35e83ed63f2e88326c1a3f4ee23a6b979d272243131c37bb06ce8d2467585e311a3c01198f3384d852ee9fe525434f8a6eb58b7698c0c8c56b7a8f3b40

C:\ProgramData\AVG\Antivirus\HtmlData\aswf25c08d82d4282f6.tmp

MD5 29e95cb6945ad71bd25f8db0cc85866e
SHA1 86e708213876841367fd8c70e4aa763aa5c77b1a
SHA256 0b5f8ae17fffb64b55430b942d9e40179ee4f132d82b48ef7e74d700f489a37f
SHA512 bbf64bbd61d1a23250a431c407f12841097fb8fc08369f69672f7171192db547967e511a08e7ed95a9cc954d4d973a8064237d8f627040dde89065a9d1eff4e7

C:\Program Files\AVG\Antivirus\asw55329162bdc1902f.tmp

MD5 ff9b44660e462bbc5e3c95fcb998851d
SHA1 5eaa877d6ea16ddbbf067a08e37438d2ebd3a03b
SHA256 2d7b41f3d2af571ab3fcbc3bb9f0208622a05a986878e53dd42e92d6f410c415
SHA512 23e4d59c202c0c6137c19533bcec5b72532f0f02b28655f08732eff1bd1f3422dabe008c6c980af50c572f16e12bd2a24f630df99c56a77593d612748f6c3b9f

C:\Program Files\AVG\Antivirus\x86\asw47a59b7c0f2b2255.tmp

MD5 e49a6bf8a3a12ef1ee6f29824eb3ba05
SHA1 5ece96cebf729c62ad30de2bebcb471f690a6a5a
SHA256 7648be7ff8b9141ad0a7a075b1e7b28493fbfdd245fe3827a835910450183bef
SHA512 f34f5000bb793655ef33c99f17a755477a9aaa5937c34e96dde494bf5a2bd824a6af14713ef01ef09cf72c93c1a2ac60c18737f75a3000342e6837e128ef8242

C:\Program Files\AVG\Antivirus\setup\Inf\x64\aswf58aa76f3a6d75e1.tmp

MD5 650c36f4235f39aa39c4aa1bf57ce482
SHA1 778cb889f57763a219096efb0d84ab7930e98e8a
SHA256 1f311f1d5af47523e42e5f491195160828dcf6ce4d94251d8c6ba975711236ea
SHA512 492f1758a6a25d44819186f91720c320422aeb3f3dce8e84c4f794154cee2bd537209f7b81bc9e25e6fc5c7a1d869dc48687b2e53e110781a917447de74fd5d6

C:\Program Files\AVG\Antivirus\asw75b7a40d3d4a2edc.tmp

MD5 56945f765a13e6a298698ac972615126
SHA1 45b91f536fa5fdbcfd9091b394e7354b97e0965f
SHA256 9766ace1c64d3e51a14bb58ae2b521fbe6fab4b228a575472e6769450c4d633d
SHA512 b7bea5c673851ae29c6b3d2eddb4f491090fdd35d3f03b9b3c94644279a4cd9d0fad77c74dd1d3cd9bda801f4fd88cd10e5d6bbe2f7adbaf4703ceca443b4ab4

C:\Program Files\AVG\Antivirus\setup\asw903a3099fcd238d2.tmp

MD5 f76e3b0bdbd727b8fb921553b619937e
SHA1 68777479c14d22e4445549c3929ce341064f88b0
SHA256 ed6dc27f3f4284db8813bad6cbb1bceba6034e0b0a6b9e3fdb145276368fe5df
SHA512 92ddab1ae5234d500e792fa563abc8ffd6bee8a65b182d86ce317cc7e91e980e487dc0fdd8d880f9cc2a270d0b76e7c7aba7bff89a208fe33f1f4083d274d7f5

C:\Program Files\AVG\Antivirus\aswcfb47dad6ca1dd79.tmp

MD5 fbf4c80aab39f6dea848171ae4b9a42a
SHA1 99cc76a7e17b5f878da20a0c7a357bcff6e1dfb4
SHA256 beecd8a17ac375319e403fa4d46b2734a3aaa9886a5578fa064d0694416267c4
SHA512 51cd017449cb93665e6534a60b94c1f59c20e07efcc4e6f9f89adbcfb25eed57f64e89badfef5fbe0d2ace62a1544fa6a714b45d7f253f4d2e2857f950e08334

C:\Program Files\AVG\Antivirus\aswe914539ea2e954ab.tmp

MD5 6ee9e77afa15a6848b5f40e8b86253a5
SHA1 c7ebf441d542208252bb47ad94bf53dcf1797d4e
SHA256 8efe3a2e733402ec2e4eca0733fd96bd587916fb2b6069c58cd3fb2db03236c0
SHA512 7a259a4c4a2da700aab2a4b68cb8b8ddc339cbeafcca86f72a32bee8f36aba4fd650ad3ec19312dfccbdd30621bfe16fbeb677cede8e35af794044624ba7028e

C:\Program Files\AVG\Antivirus\aswcef89fd85d15720e.tmp

MD5 63cc1539680a6530b3383710ee7fd9d3
SHA1 478447a82082e2424007d92d21ae429ca0613c1e
SHA256 c9ad6998df980248b938b6c6193e8524150eb12607f9f2de2012ef66aff90910
SHA512 07e2d73786140dcac71f1de5026280ea268ef5e4bfa2301fd202fab69ddf1f5d5b2379623d2d26f001200476e4a6db7ffa8287d2d36d426d14d54260318defcd

C:\Program Files\AVG\Antivirus\asw9f5efe82c5f2a3d8.tmp

MD5 daa42d4c86d59775c00ee975ac368fd9
SHA1 4116debc8121fa0861d0edf4018955a7d382c0ac
SHA256 3dcc73fdfa6d33b5d6c23cf744ad3464f35b2ea784e4fad7e54e8517d396515f
SHA512 d63b1e0ff13f5bcc45117c5e14d1bff7376eeba691da895f32593fab13543a57ea956ae93e7e6bc5f5c73340e6e973c4c37efac4de1b84f7651035b323e1c8d6

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw490c3a6a84bf01cc.tmp

MD5 231a395e8ab059a786df17f5e6ed69e0
SHA1 09a33c49b95e8ae1a567711ac13c4f14c5cae481
SHA256 84f53cb7c6dbf2969221ced0de8e5ec3e26e2a829840ac0a8e02c413db098e41
SHA512 1d942ec66e9578a4ca26656f7f72f158ad87c267d6fbb33f4d69402e42c91c4fc96f21cdbd245950bebc0949dbba8c35941735f33b84b782709f55e8568391ff

C:\Program Files\AVG\Antivirus\setup\Inf\x64\asw5b9e4c7bedf305e7.tmp

MD5 24957565ece3d14546d46de03cb3a803
SHA1 01b88a045a6829ec92050df388648e946de1a9d7
SHA256 bc2a710a5a3e9791bdfa014b1b31844c8d29518c8e39a7835c13ec76f80fc884
SHA512 c1c4d0a7dae1120c3d5c524dc6155be8c419eae9bbd86625b8ee6107f9151c95d3467a8a7bb66392079894cb0813aece252ea1de229b6198a26300154f71d544

C:\Program Files\AVG\Antivirus\asw03c0364c423f0d36.tmp

MD5 c4064ed4b3e15e37875d3d0b88c18dd0
SHA1 d6957a442ecb3e94a259c1cf533707b2f7c6dff7
SHA256 4f5299656d89b8ce4c8c8cc9b71bf6507ac365fd3420294d70ef79fd942236b4
SHA512 8e97bb02d5f3f54b6cd158cd54a2a188762ac4ae91f5f5d03ce6525a65faab8c35a1b645d765e9ca6978338b28f548f4bf71005437d616ca32480281886bf77b

C:\Program Files\AVG\Antivirus\setup\Inf\asw8cb16e79e91f5794.tmp

MD5 7aa3c7f30ea090856c931b4ada2816e6
SHA1 9baa2d8b33bc92e6640f58395b86dfecd0cb58e8
SHA256 e06b50399e7dedfc6144c8f30ce5d4d96d68cf8231a7b4649f55b3874a64d075
SHA512 d5a61165a09dfa4f9fb494598d5409b2d37f3026dc7c0855094dd233fff85451c0d143ccb22a6b548479d024f4db2fa729434f76032d76b4301dc2c228bc2a34

C:\Program Files\AVG\Antivirus\setup\Inf\x64\aswd9fc75b6d14fdc8a.tmp

MD5 a64ef0b14b7c8d225ac0498f868c2ea1
SHA1 bad0d4c11eb438639a943849119d0a68b3315ebb
SHA256 cb7d4c1fc31d348373c613ffeb779194c59681abc8ea113e6031a077177a4ac8
SHA512 8e46a9c6231cbd14038200850c7202cbf6c20980156bd0b093776ffe9230b57d235c8563e02fbdeff2ea783b55635a0a554b82f8e7a46017da40445298462c60

C:\Program Files\AVG\Antivirus\asw0f3b2ea2ea80e177.tmp

MD5 5c78f94a6fd60c870668ee3043375f3f
SHA1 96d87dc6f0b1e54ddf7f06c71379207598b58484
SHA256 8d1f43096e4fbc20e0c62e3829cf749718adc89882d7472345b2ba094f9f70f0
SHA512 31a48ab0e04b45e5ef036820533b9161d4b0a5e8555644500ce20bd23fc9d49c27fccdc0596aa04f83900d41ede76842de351c03bdab6455b6fcfc4eaefb57cb

C:\Program Files\AVG\Antivirus\asw976c5faccc2412cc.tmp

MD5 3f28461e3352f1b3e0ec7a41a48df9d7
SHA1 b4b4e845b51d35c72294143b5c1e6bc2d7f1aea2
SHA256 7cbb02ba7b0a3adb2435835c3f4e5349af588b90e96cf38646de5985293a80c8
SHA512 1659ef7281173d4d4d440a93999c33802dd09402506b85e9f48d363ad4e315cd87f2f9beb282e55cbbe47f5e8e78cde40dae42380c5b8e59a7f1ee8e29f8f095

C:\Program Files\AVG\Antivirus\asw690937e5ecee1bab.tmp

MD5 cd442ae99468730cdb7ecbea95c1a969
SHA1 ad461de1370375b3477cfb74a4fab4b765fa3cf7
SHA256 22fb61cb220b86b5f18b4769bc59e2543e90c84a471d05ff5d0562be4053c58c
SHA512 530e6b1372c820885bda2e8924dcf2b47bd06fe120c9c1fe462f5ba18aa6b6cbd20af78bbbcd4b16e40dbb946f5491c3026119f23c842a4b547a8602535629eb

C:\Program Files\AVG\Antivirus\aswc868864a25b527bd.tmp

MD5 41ed30ec535e7e639dd15d29033205d2
SHA1 072ca780e1e052d920bf29184c2c5c70be5f54d4
SHA256 84267634cc0bba0484b296277932b5bfd7ee79de4190d6eaac73a92986106910
SHA512 9b6957bb0dde260029e81809b12cc9c4b7bec7cd8c2e3621b2a13b138ffedd2fa4fcabbcb2b8cbdd98de1808d9f422f1652e4c1dd3b5cb3a95a36f96b556adc0

C:\Program Files\AVG\Antivirus\aswe1f18266329e3aae.tmp

MD5 4e845d821a17855bdab62770c614e081
SHA1 bcb31d798a804bb287f511cd2a9b0ab7a7552940
SHA256 17924563e6a80b83bdc491584fe28213bab9244b446a5a76655893fa92dfa211
SHA512 8878f9e9c5f8198727c22b54a71e123a8f56297fd63442deda3e67953791c59910c73436f72c7236686515016156613cdcdd64a9f42f37ed53e03bb7fa5478c6

C:\Program Files\AVG\Antivirus\aswf452bbf2602e975d.tmp

MD5 2756625bb8aa887be582df5674c87033
SHA1 55d4ecedb5c15417d8d318777826a49efc49a66f
SHA256 be4a793c7f8cee327e0bf7ac7cd9933ee4170c1653dcc045eee3f8e319adc1bb
SHA512 d83e3a3f86d6f53b6a03feb045fa0f53f6f1097f3fabfda9fd0fafa0b6b6f57eb8af01509c916d4226e772c10b01c41259f2819270a01ef0e6406d37a98c9462

C:\Program Files\AVG\Antivirus\asw344d400f01b3f0e9.tmp

MD5 73ce8c36a9917b5aadc749a433a16176
SHA1 ada8947840f2183b6189db979eacd7d7cf743cd3
SHA256 d96956f81507c549f1a056d2fa7bfc587864fe7817bf295c1c555ddab7e8846b
SHA512 1d809a31b0e39b86f8563640a0e19e1eaede57537a82292962143485192e45a62119eca371d7fe3ebcbdb8d37f614ddccea75d8260529cbeae8eaedc0325207c

C:\Program Files\AVG\Antivirus\asw4ac2e2d30aa87016.tmp

MD5 2936ecb2ff7c74f42a9f487de33ca12b
SHA1 96bc5b0a2e3386efef207d03d827e1ba1f6e4215
SHA256 d5d6f39f8339270dc40546b2f160cc3ca6daab039c2464d05adb608b12e093e3
SHA512 9e2650a6a0639a756a3d641237a3e2a3492fb27744fc8fde930938dfa6db628c6781b76252e93297c787a170311c20f86ed27a025ff73f952a4a677e8e6ee260

C:\Program Files\AVG\Antivirus\asw42ccb3305dcf8116.tmp

MD5 e48790d58abd582be5c0f4e68b746111
SHA1 89ba723eb03cd9c23d6154350718aa8f0605b688
SHA256 429826bf3e903e99697b47c8c9c3961f06c14fec76bdd663acc336fef5f5a2c7
SHA512 bf2439a7d6d47c3c16607d8a8dd7076a73e1ba1a533c430279cdb4822156f3059d85a88a0a28ebb5b1ab05ac88c31b6a4e26b130317201c5a0a645626cc3f130

C:\Program Files\AVG\Antivirus\asw151360fcd801c72c.tmp

MD5 d1174f18c3d52053e34259b734ad56fb
SHA1 39209413fc3ac1c68e6fae8376d0834467c391e4
SHA256 e5e7309f12fde39f215177986469c0d65fcb7255f76c8761c9c24e4ebb571e70
SHA512 626080f9d2faa89b72dae07536664c64234273b5d4de731cf30fddda6831d666287161a84aa48fe87b0f4ef16ecb565f2af6d4dcd3135e91addb7cf74be4a126

C:\Program Files\AVG\Antivirus\asw3ac8e0a8b2d41aad.tmp

MD5 560468f2e8ed5090cba754248f8324e0
SHA1 6aa2b2adfe00eb79f76d06dea78488c4d099e1e9
SHA256 8e7dc9afbf51d10ebc2ad79f9a010a00402ad1e55ac354452453c3f242c87232
SHA512 4f8fc301593e2e2701569146f866975c8d23e3f4b681e5f681f769e178f49e263faf81fe9d5d72c57f5956637b53a507e1278237168bb848466de3783303a787

C:\Program Files\AVG\Antivirus\asw2603ca4c543d9d2a.tmp

MD5 cd2a83ebe8a42b1c94caa6165511757a
SHA1 75fc1dffd115b9e7cbb9d93608c7fd4b5a1a2202
SHA256 2586b00107cb0a605dcd1bc1aca03d4c200d5911dad6e9387aa5f75bc6cf513f
SHA512 65b8238ca182d9f87295ba6393624fa286bd64cf09c9ffe88e7b5476224b92be3dc68a4e822c7e2d3866d8dc172617216e033e9fb1a43375fa8556a5c19ba6b0

C:\Program Files\AVG\Antivirus\setup\setup.ini

MD5 b10b4ff3820800ac66ec3d0e79bc1a70
SHA1 cc0a4f92d236594c7c669a33556714ab99b19033
SHA256 c5394dd8d4a08914e1e0c4210a1e01c2675618780e9a0b2882b64d6504933622
SHA512 445ef194822580aff844032bc58f716618eb689812e4691d6529b56c93043ec7cbc2a05d7fc8248c99610402abaa07af1eb828cbd1bbb20f904e1fd53568b228

C:\Program Files\AVG\Antivirus\asw1b83fd2e134775b6.tmp

MD5 920067ec8229b2cb303c9105be52d4b3
SHA1 758b0eae3078f133af7a088d0d783e37d1e7f672
SHA256 eb07e8b1124e6b5b6f092e7934ca6875490b8a663ed321da0f2551aab39527b8
SHA512 c19871ca4b3fe6836e970bb7a7d7f799556afa98c500b53bdd9bf4fbe8e86ee3c7167a3d008f6cbdc84600d0ea66b39cadca496089b9f3d026d431de29445af0

C:\Program Files\AVG\Antivirus\setup\Stats.ini

MD5 8e5a6cf22e0bed60c975adf5e18893a5
SHA1 6ca98da63f08936d40fc280b02f4f2aad13ce99a
SHA256 d625a99e03cb3b7fe96028b516cfdb740e807969ec615acad287ca8d65454754
SHA512 72c6ed5674f9efe5f7b06fb6e069e301972c8855ca08b205018c4c32b563c5a891783e8655eee2dcfa42b325e8b35a7e28e19c316e2c08f7a64a5b2c191efb6f

C:\Program Files\AVG\Antivirus\setup\jrog2-72.vpx

MD5 83b5260455b43c01bfde93fe7520172f
SHA1 fa4a6a33fa63e914e556bed3bce1700dd65e19c3
SHA256 6d848d0ea626ad29f6b78e7f4a1e78dfadae72605b2a47bc3f26dd408120ec08
SHA512 e2c9a3ba512a8bba35e07bfee78280edc2a64638e8f29c1d60bd80df2fbce586e0e2350845188540a31afe59aaa0bf31d2fc978cd4be423356a9a7492d3f1459

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 12:37

Reported

2024-06-05 12:40

Platform

win10v2004-20240426-en

Max time kernel

101s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe"

Signatures

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_fr_2541_CjwKCAjwmYCzBhA6EiwAxFwfgORfH84ntBkk2Yw9gMxao1bIiq-g3HqCyTnUBBMB99Zg-izGrywfFBoCJz4QAvD_BwE_ld.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
FR 3.162.40.152:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 152.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
FR 18.155.128.26:443 d1arl2thrafelv.cloudfront.net tcp
FR 18.155.128.26:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.128.155.18.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/1116-12-0x0000000005C50000-0x0000000005C60000-memory.dmp

memory/1116-13-0x00000000731FE000-0x00000000731FF000-memory.dmp

memory/1116-17-0x0000000006230000-0x0000000006246000-memory.dmp

memory/1116-18-0x0000000073AA0000-0x0000000073AB6000-memory.dmp

memory/1116-20-0x0000000008A70000-0x0000000009014000-memory.dmp

memory/1116-21-0x0000000008560000-0x00000000085F2000-memory.dmp

memory/1116-22-0x00000000040A0000-0x00000000040E4000-memory.dmp

memory/1116-23-0x00000000041A0000-0x000000000423C000-memory.dmp

memory/1116-24-0x0000000004240000-0x00000000042A6000-memory.dmp

memory/1116-25-0x0000000009E90000-0x000000000A3BC000-memory.dmp

memory/1116-26-0x0000000005C50000-0x0000000005C60000-memory.dmp

memory/1116-27-0x00000000731FE000-0x00000000731FF000-memory.dmp