Malware Analysis Report

2024-10-10 12:04

Sample ID 240613-r1c8asshqh
Target utweb_installer.exe
SHA256 322b72fde02347eee92faca2b199d63db65cbc61c9c315d367680197f7dd7baf
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

322b72fde02347eee92faca2b199d63db65cbc61c9c315d367680197f7dd7baf

Threat Level: Shows suspicious behavior

The file utweb_installer.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Checks for any installed AV software in registry

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks processor information in registry

Script User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:39

Reported

2024-06-13 14:40

Platform

win11-20240611-en

Max time kernel

33s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"

Signatures

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\SOFTWARE\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A

Downloads MZ/PE file

Checks installed software on the system

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\Torrent File = "0" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent File" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type\ = "application/x-magnet" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\ = "Torrent File" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids\BTWKey File = "0" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\ = "BTWKey File" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type = "application/x-magnet" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\ = "BTWKey File" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\ = "Magnet URI" C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component0.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe

"C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp

"C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp" /SL5="$40204,866470,820736,C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe" /S

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component0.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component0.exe" -ip:"dui=0d0fddb5-3481-4e26-b553-e88a46c18038&dit=20240613143920&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100&b=&se=true" -vp:"dui=0d0fddb5-3481-4e26-b553-e88a46c18038&dit=20240613143920&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100&oip=26&ptl=7&dta=true" -dp:"dui=0d0fddb5-3481-4e26-b553-e88a46c18038&dit=20240613143920&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100" -i -v -d -se=true

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component2_extract\avg_secure_browser_setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component2_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6dEGnu9gAnuOl9YwfcPGg0mCPbClto7enF1QEwo4xmhGhVCF5ENyxwOJESuor4PcoECnZbp6f9e /make-default

C:\Users\Admin\AppData\Local\Temp\jxilq2wh.exe

"C:\Users\Admin\AppData\Local\Temp\jxilq2wh.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe

"C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUP

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\AVGBrowserUpdateSetup.exe

AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\GUME35B.tmp\AVGBrowserUpdate.exe

"C:\Program Files (x86)\GUME35B.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome"

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1136 -ip 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1736

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5822&firstrun=1&localauth=localapicd7191a3be1c601c:

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e49b3cb8,0x7ff8e49b3cc8,0x7ff8e49b3cd8

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5822&localauth=localapicd7191a3be1c601c:

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e49b3cb8,0x7ff8e49b3cc8,0x7ff8e49b3cd8

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1136 -ip 1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3061875199556239580,15457484068813593920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,14294641561310894215,15641773627815902500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezI3RkUzNjA5LTY0RDctNEQ5Mi1BQURFLTcyRjg0OUZFQkIxNH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins3MjJERjg4Ny1ENkIzLTREMDUtQkZCMS1FRkFEOTNBOTA4RkR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MTMiIG1hY2hpbmVpZD0iezAwMDA5QkIwLTk4NjYtMzU5Mi1BM0E2LTA4NkJDQzI5MDlFN30iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYxMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins4OUZBODk2NS03QzNCLTQzRTAtQUQ2RS1FMTA0RTk0MkIzM0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7MUM4OUVGMkYtQTg4RS00REUwLTk3RkUtQ0I0MEM4RTRGRUVBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2OTMuNiIgbGFuZz0iZW4tVVMiIGJyYW5kPSI5MjMwIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIzMjAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9230&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{27FE3609-64D7-4D92-AADE-72F849FEBB14}" /silent

C:\Program Files\McAfee\Temp2779141438\installer.exe

"C:\Program Files\McAfee\Temp2779141438\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dh9ranpnz1mht.cloudfront.net udp
US 3.165.135.157:443 dh9ranpnz1mht.cloudfront.net tcp
US 8.8.8.8:53 157.135.165.3.in-addr.arpa udp
US 3.165.135.157:443 dh9ranpnz1mht.cloudfront.net tcp
FR 3.162.38.60:443 api.playanext.com tcp
FR 3.162.38.60:443 api.playanext.com tcp
US 67.215.238.66:443 download-lb.utorrent.com tcp
US 67.215.238.66:443 download-lb.utorrent.com tcp
FR 52.222.201.5:443 shield.reasonsecurity.com tcp
US 44.219.158.46:80 i-4101.b-5822.utweb.bench.utorrent.com tcp
FR 52.222.201.5:443 shield.reasonsecurity.com tcp
US 34.214.99.94:443 analytics.apis.mcafee.com tcp
NL 2.18.121.35:443 sadownload.mcafee.com tcp
US 104.20.86.8:443 stats.securebrowser.com tcp
N/A 10.127.0.1:5351 udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
KZ 95.57.235.38:14680 udp
IN 49.204.96.85:39257 udp
US 68.235.44.71:57962 udp
RU 193.232.163.4:17912 udp
SA 176.224.69.56:49948 udp
BE 91.86.105.184:44916 udp
IN 106.200.176.124:12007 udp
RU 91.108.29.232:35942 udp
NL 94.75.250.195:28014 udp
RU 5.18.208.205:3250 udp
RU 89.207.221.97:16162 udp
RE 92.130.37.147:6881 udp
GB 2.220.213.202:6889 udp
US 67.215.246.10:6881 router.bittorrent.com udp
IS 82.221.103.244:6881 router.utorrent.com udp
US 3.165.113.51:443 web.utorrent.com tcp
MA 41.250.216.11:46957 udp
MN 43.228.129.166:48257 udp
DE 84.173.103.55:56617 udp
FR 18.164.52.45:443 utweb.rainberrytv.com tcp
DZ 197.203.189.215:54367 udp
TH 122.155.0.70:2114 udp
IN 117.219.63.116:8081 udp
CA 167.114.96.128:6881 udp
US 8.8.8.8:53 38.235.57.95.in-addr.arpa udp
US 8.8.8.8:53 85.96.204.49.in-addr.arpa udp
US 8.8.8.8:53 71.44.235.68.in-addr.arpa udp
US 8.8.8.8:53 4.163.232.193.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 184.105.86.91.in-addr.arpa udp
US 8.8.8.8:53 124.176.200.106.in-addr.arpa udp
US 8.8.8.8:53 232.29.108.91.in-addr.arpa udp
US 8.8.8.8:53 195.250.75.94.in-addr.arpa udp
US 8.8.8.8:53 205.208.18.5.in-addr.arpa udp
US 8.8.8.8:53 97.221.207.89.in-addr.arpa udp
US 8.8.8.8:53 147.37.130.92.in-addr.arpa udp
US 8.8.8.8:53 202.213.220.2.in-addr.arpa udp
US 8.8.8.8:53 10.246.215.67.in-addr.arpa udp
US 8.8.8.8:53 244.103.221.82.in-addr.arpa udp
US 8.8.8.8:53 11.216.250.41.in-addr.arpa udp
US 8.8.8.8:53 166.129.228.43.in-addr.arpa udp
US 8.8.8.8:53 55.103.173.84.in-addr.arpa udp
US 8.8.8.8:53 51.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 70.0.155.122.in-addr.arpa udp
US 8.8.8.8:53 215.189.203.197.in-addr.arpa udp
US 8.8.8.8:53 116.63.219.117.in-addr.arpa udp
US 8.8.8.8:53 128.96.114.167.in-addr.arpa udp
US 8.8.8.8:53 45.52.164.18.in-addr.arpa udp
BR 177.51.242.74:3233 udp
RU 46.29.232.92:49001 udp
MX 187.225.54.254:48934 udp
DE 37.138.12.95:48202 udp
MX 187.213.29.148:50122 udp
CL 181.42.11.167:4066 udp
BR 170.247.144.239:50056 udp
IN 106.222.158.46:32170 udp
GB 87.248.205.1:80 btinstall-artifacts.bittorrent.com tcp
RU 188.0.169.76:43201 udp
US 72.212.62.178:40732 udp
US 66.41.75.81:45397 udp
US 172.58.241.112:52096 udp
MX 187.140.200.86:46374 udp
BR 177.185.39.117:3136 udp
EE 90.190.66.28:46998 udp
MX 187.204.224.23:55914 udp
CN 139.205.130.192:11907 udp
RU 88.201.139.243:34685 udp
IN 59.96.166.197:62338 udp
IN 117.242.232.193:4000 udp
SE 155.4.130.66:50451 udp
RU 176.106.245.56:28427 udp
RU 176.214.205.182:30451 udp
CN 119.167.234.222:6885 udp
JP 202.215.155.75:61819 udp
RU 5.164.168.21:29950 udp
TH 124.120.248.250:63772 udp
DE 87.148.134.182:19096 udp
KR 175.197.62.63:50197 udp
GB 82.31.76.61:34413 udp
HU 87.97.33.135:35828 udp
RU 91.210.24.249:8148 udp
KR 118.33.168.135:40819 udp
TW 114.43.11.72:25861 udp
NO 88.88.47.192:51413 udp
RU 95.84.148.150:49001 udp
RU 84.23.48.170:38498 udp
RU 109.111.64.71:55230 udp
RU 178.214.250.171:5744 udp
RU 80.234.77.152:8197 udp
RU 188.32.87.104:20055 udp
RU 5.140.137.121:33714 udp
RU 84.51.111.143:44378 udp
RU 78.37.0.175:51913 udp
DE 95.111.236.7:45520 udp
RU 188.143.129.66:13012 udp
DE 95.91.199.243:44375 udp
BR 45.189.71.1:55443 udp
FR 83.202.145.206:42460 udp
AE 2.50.126.104:56878 udp
TR 85.102.87.193:45992 udp
RU 92.125.32.208:49426 udp
PH 130.105.162.226:37810 udp
CL 190.5.35.72:64842 udp
US 100.15.119.186:3434 udp
MX 187.188.155.196:38733 udp
BR 187.255.15.244:6265 udp
KR 125.128.112.133:41018 udp
US 208.24.198.4:16881 udp
FR 195.154.171.33:5270 udp
CA 51.222.159.124:51413 udp
NL 178.162.173.134:28008 udp
KR 221.156.179.204:33097 udp
NL 193.32.16.150:57442 udp
CA 207.161.130.250:38273 udp
RU 77.35.10.161:49001 udp
RU 178.234.153.54:49001 udp
NL 185.21.217.60:59533 udp
US 107.2.148.228:7689 udp
US 24.214.239.193:25837 udp
DE 213.136.79.205:49826 udp
RU 95.26.64.182:50779 udp
BG 46.10.251.82:36677 udp
NL 46.232.210.175:18309 udp
TR 151.135.211.231:56711 udp
DE 93.131.153.89:61178 udp
RU 176.210.27.157:51413 udp
BE 109.128.203.129:43062 udp
CN 114.237.76.121:11973 udp
RU 95.24.78.60:2179 udp
RU 31.162.90.77:23377 udp
RU 91.242.184.189:56601 udp
RU 37.78.102.81:54804 udp
KR 121.147.227.249:6881 udp
US 97.69.209.176:6881 udp
RU 62.76.24.212:54373 udp
US 71.63.169.15:42514 udp
MY 113.211.209.213:20760 udp
CA 99.228.18.164:34161 udp
RU 95.170.181.230:17152 udp
ZA 197.95.118.73:6881 udp
CN 101.69.5.195:6881 udp
RU 79.105.52.210:6881 udp
TR 95.2.9.214:62336 udp
IN 49.206.55.41:60538 udp
FR 195.154.172.179:51979 udp
US 75.223.33.131:33211 udp
SO 197.231.202.132:39574 udp
SA 5.163.147.54:51301 udp
BR 187.74.187.178:58674 udp
US 199.66.13.16:55146 udp
BR 45.166.9.7:1025 udp
BR 167.249.190.55:49551 udp
IQ 37.236.119.10:1045 udp
DK 77.33.153.122:20607 udp
CN 117.30.125.70:31137 udp
CN 180.114.87.212:6881 udp
KR 1.224.152.26:41251 udp
BY 109.126.189.70:8150 udp
NL 84.80.142.180:42293 udp
RU 188.243.183.68:3133 udp
BR 177.192.158.63:37150 udp
RU 5.164.197.110:2327 udp
US 173.47.56.224:6881 udp
BR 189.40.104.157:18547 udp
RU 95.221.167.133:6881 udp
IN 152.59.204.132:36782 udp
RU 77.108.205.135:31668 udp
DE 79.253.237.220:6889 udp
RU 85.208.222.63:21772 udp
IN 157.32.94.63:47886 udp
TN 197.15.56.224:10659 udp
US 8.8.8.8:53 197.166.96.59.in-addr.arpa udp
US 8.8.8.8:53 193.232.242.117.in-addr.arpa udp
US 8.8.8.8:53 66.130.4.155.in-addr.arpa udp
US 8.8.8.8:53 56.245.106.176.in-addr.arpa udp
US 8.8.8.8:53 182.205.214.176.in-addr.arpa udp
US 8.8.8.8:53 222.234.167.119.in-addr.arpa udp
US 8.8.8.8:53 75.155.215.202.in-addr.arpa udp
US 8.8.8.8:53 21.168.164.5.in-addr.arpa udp
US 8.8.8.8:53 250.248.120.124.in-addr.arpa udp
US 8.8.8.8:53 182.134.148.87.in-addr.arpa udp
US 8.8.8.8:53 1.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 63.62.197.175.in-addr.arpa udp
US 8.8.8.8:53 61.76.31.82.in-addr.arpa udp
US 8.8.8.8:53 135.33.97.87.in-addr.arpa udp
US 8.8.8.8:53 249.24.210.91.in-addr.arpa udp
US 8.8.8.8:53 135.168.33.118.in-addr.arpa udp
US 8.8.8.8:53 72.11.43.114.in-addr.arpa udp
US 8.8.8.8:53 192.47.88.88.in-addr.arpa udp
US 8.8.8.8:53 150.148.84.95.in-addr.arpa udp
US 8.8.8.8:53 170.48.23.84.in-addr.arpa udp
US 8.8.8.8:53 71.64.111.109.in-addr.arpa udp
US 8.8.8.8:53 171.250.214.178.in-addr.arpa udp
US 8.8.8.8:53 152.77.234.80.in-addr.arpa udp
US 8.8.8.8:53 104.87.32.188.in-addr.arpa udp
US 8.8.8.8:53 121.137.140.5.in-addr.arpa udp
US 8.8.8.8:53 143.111.51.84.in-addr.arpa udp
US 8.8.8.8:53 7.236.111.95.in-addr.arpa udp
US 8.8.8.8:53 66.129.143.188.in-addr.arpa udp
US 8.8.8.8:53 243.199.91.95.in-addr.arpa udp
US 8.8.8.8:53 1.71.189.45.in-addr.arpa udp
US 8.8.8.8:53 206.145.202.83.in-addr.arpa udp
US 8.8.8.8:53 104.126.50.2.in-addr.arpa udp
US 8.8.8.8:53 193.87.102.85.in-addr.arpa udp
US 8.8.8.8:53 208.32.125.92.in-addr.arpa udp
US 8.8.8.8:53 226.162.105.130.in-addr.arpa udp
US 8.8.8.8:53 72.35.5.190.in-addr.arpa udp
US 8.8.8.8:53 186.119.15.100.in-addr.arpa udp
US 8.8.8.8:53 196.155.188.187.in-addr.arpa udp
US 8.8.8.8:53 175.0.37.78.in-addr.arpa udp
US 8.8.8.8:53 244.15.255.187.in-addr.arpa udp
AR 201.254.63.165:39615 udp
BR 201.33.89.122:14259 udp
GB 191.101.209.39:6881 udp
CN 49.74.100.244:65255 udp
MK 77.29.118.106:55292 udp
PH 103.200.32.22:58953 udp
KR 175.120.121.114:60053 udp
HK 110.235.119.24:15116 udp
CN 112.20.250.37:4731 udp
KZ 5.251.227.177:53025 udp
MX 189.203.99.177:1656 udp
GE 87.253.37.102:48346 udp
IN 49.43.35.177:6881 udp
GP 193.251.163.177:56378 udp
EG 197.35.215.240:63126 udp
AR 201.235.35.177:39252 udp
RU 95.83.132.252:28054 udp
US 18.221.7.72:6881 udp
US 8.8.8.8:53 132.202.231.197.in-addr.arpa udp
US 8.8.8.8:53 54.147.163.5.in-addr.arpa udp
US 8.8.8.8:53 178.187.74.187.in-addr.arpa udp
US 52.22.236.113:443 track.analytics-data.io tcp
US 52.22.236.113:443 track.analytics-data.io tcp
IN 47.29.165.102:52319 udp
AU 163.53.145.39:58627 udp
US 8.8.8.8:53 133.167.221.95.in-addr.arpa udp
US 8.8.8.8:53 132.204.59.152.in-addr.arpa udp
US 8.8.8.8:53 135.205.108.77.in-addr.arpa udp
US 8.8.8.8:53 63.222.208.85.in-addr.arpa udp
US 8.8.8.8:53 220.237.253.79.in-addr.arpa udp
US 8.8.8.8:53 63.94.32.157.in-addr.arpa udp
US 8.8.8.8:53 224.56.15.197.in-addr.arpa udp
US 8.8.8.8:53 165.63.254.201.in-addr.arpa udp
US 8.8.8.8:53 122.89.33.201.in-addr.arpa udp
US 8.8.8.8:53 39.209.101.191.in-addr.arpa udp
US 8.8.8.8:53 244.100.74.49.in-addr.arpa udp
US 8.8.8.8:53 106.118.29.77.in-addr.arpa udp
US 8.8.8.8:53 114.121.120.175.in-addr.arpa udp
US 8.8.8.8:53 22.32.200.103.in-addr.arpa udp
US 8.8.8.8:53 24.119.235.110.in-addr.arpa udp
US 8.8.8.8:53 37.250.20.112.in-addr.arpa udp
US 8.8.8.8:53 177.227.251.5.in-addr.arpa udp
US 8.8.8.8:53 177.99.203.189.in-addr.arpa udp
US 8.8.8.8:53 102.37.253.87.in-addr.arpa udp
US 8.8.8.8:53 177.35.43.49.in-addr.arpa udp
US 8.8.8.8:53 177.163.251.193.in-addr.arpa udp
US 8.8.8.8:53 240.215.35.197.in-addr.arpa udp
US 8.8.8.8:53 177.35.235.201.in-addr.arpa udp
US 8.8.8.8:53 252.132.83.95.in-addr.arpa udp
US 8.8.8.8:53 72.7.221.18.in-addr.arpa udp
US 8.8.8.8:53 102.165.29.47.in-addr.arpa udp
US 8.8.8.8:53 39.145.53.163.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.236.22.52.in-addr.arpa udp
US 52.22.236.113:443 track.analytics-data.io tcp
FR 18.164.52.119:443 utweb.rainberrytv.com tcp
FR 18.164.52.119:443 utweb.rainberrytv.com tcp
US 52.22.236.113:443 track.analytics-data.io tcp
FR 99.86.91.115:443 client-config-service.btor.co tcp
LT 185.5.52.232:54640 udp
US 104.22.63.125:443 update.avgbrowser.com tcp
FR 18.164.52.66:443 assets.rainberrytv.com tcp
FR 52.222.201.23:443 sdk.privacy-center.org tcp
US 52.200.5.220:80 i-4101.b-10702.utweb.bench.utorrent.com tcp
US 104.22.63.125:443 update.avgbrowser.com tcp
NL 2.18.121.20:80 browser-update.avg.com tcp
NL 2.18.121.35:443 sadownload.mcafee.com tcp
BR 201.21.160.219:46683 udp

Files

memory/1984-0-0x0000000000400000-0x00000000004D6000-memory.dmp

memory/1984-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-MB23Q.tmp\utweb_installer.tmp

MD5 5257ed123adac2b16dca4697d9a82825
SHA1 ae3525c14573bb44fc0809be44988f028c40879a
SHA256 f7a72f733c49ea5f8e712decb77ddf30135f0c9ed1840544075780dc097ffd0a
SHA512 754af6dcc64a2829cb4de5ca6955f8f83988e3e28615fe0d3fe83919c839d9a8e76e73c61e8d7b74bf606dca05df6c98478b004cde29c8e21d98abdaeac9077c

memory/1136-7-0x0000000000400000-0x0000000000710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\RAV_Cross.png

MD5 cd09f361286d1ad2622ba8a57b7613bd
SHA1 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1
SHA256 b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8
SHA512 f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

memory/1136-20-0x0000000006D70000-0x0000000006EB0000-memory.dmp

memory/1136-21-0x0000000000400000-0x0000000000710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\WebAdvisor.png

MD5 4cfff8dc30d353cd3d215fd3a5dbac24
SHA1 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA256 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA512 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

memory/1136-25-0x0000000006D70000-0x0000000006EB0000-memory.dmp

memory/1136-26-0x0000000000400000-0x0000000000710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\AVG_BRW.png

MD5 0b4fa89d69051df475b75ca654752ef6
SHA1 81bf857a2af9e3c3e4632cbb88cd71e40a831a73
SHA256 60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e
SHA512 8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

memory/1136-30-0x0000000006D70000-0x0000000006EB0000-memory.dmp

memory/1136-31-0x0000000000400000-0x0000000000710000-memory.dmp

memory/1984-32-0x0000000000400000-0x00000000004D6000-memory.dmp

memory/1136-33-0x0000000000400000-0x0000000000710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\utweb_installer.exe

MD5 f623dbe58e3b8c81effde43aa3523e84
SHA1 a817fad115108622a347a6850a786662660534e9
SHA256 b4b011c15434e45cc5a04d6f2b34fa2ae87180f767fdfb477d3aa385354348a9
SHA512 1150a4eb34ffc1775c64fac0014dce13490622f02bb0a43c13260b04ace4d5cd302d9328c3443dce6ef34ffafa05b5f9682e02b04a72c768e5eb4ec31e3ad441

C:\Users\Admin\AppData\Local\Temp\nszC41C.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nszC41C.tmp\FindProcDLL.dll

MD5 b4faf654de4284a89eaf7d073e4e1e63
SHA1 8efcfd1ca648e942cbffd27af429784b7fcf514b
SHA256 c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
SHA512 eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

C:\Users\Admin\AppData\Local\Temp\nszC41C.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe

MD5 e83bee2e3238c08b95dd718311bdfc8b
SHA1 df6a0d3db500a00780c39c90e98be20d0a906456
SHA256 3114ca889206a64af656479ca921b07443a304b6e21459c6ca7fb2aa97ed21d3
SHA512 25a5552440be72e7681a8a3d10b11235be87e452b0d7cdaff29d4e659b06986a202f3ba0aa7eb366eb3b55dd5347dd792460406e1b28323e592801b1e464d119

C:\Users\Admin\AppData\Local\Temp\nszC41C.tmp\nsisFirewall.dll

MD5 f5bf81a102de52a4add21b8a367e54e0
SHA1 cf1e76ffe4a3ecd4dad453112afd33624f16751c
SHA256 53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
SHA512 6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

C:\Users\Admin\AppData\Local\Temp\nszC41C.tmp\INetC.dll

MD5 640bff73a5f8e37b202d911e4749b2e9
SHA1 9588dd7561ab7de3bca392b084bec91f3521c879
SHA256 c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
SHA512 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component0.exe

MD5 bf3087ef48017a159a0dfee213dc62c1
SHA1 7b5e36162f642664446876b0fdbf8aa111edceb2
SHA256 39e61c433225bda145e6885ad4bc6d2f1ce834e6bd41e2cf3bc2a90320204355
SHA512 8ffdc1c92ff67c5fc2a385babfac677e7708b1a92488985277ae3a7e6cf1ec93c7bb64315715a43ae436f8385293fc3c5e01328ce3a625a496266ae5efb8a5f1

memory/1136-142-0x0000000000400000-0x0000000000710000-memory.dmp

memory/1136-141-0x0000000000400000-0x0000000000710000-memory.dmp

memory/4216-146-0x0000019D3D6B0000-0x0000019D3D6B8000-memory.dmp

memory/4216-147-0x0000019D58090000-0x0000019D585B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component2.zip

MD5 6406abc4ee622f73e9e6cb618190af02
SHA1 2aa23362907ba1c48eca7f1a372c2933edbb7fa1
SHA256 fd83d239b00a44698959145449ebfcb8c52687327deac04455e77a710a3dfe1b
SHA512 dd8e43f8a8f6c6e491179240bdfefdf30002f3f2900b1a319b4251dfa9ca7b7f87ddf170ba868ab520f94de9cc7d1854e3bcfd439cad1e8b4223c7ee06d649f1

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component2_extract\avg_secure_browser_setup.exe

MD5 591059d6711881a4b12ad5f74d5781bf
SHA1 33362f43eaf8ad42fd6041d9b08091877fd2efba
SHA256 99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65
SHA512 6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c

C:\Users\Admin\AppData\Local\Temp\jxilq2wh.exe

MD5 07c53e2de86de53a15307e64a72d7e17
SHA1 ef33ace56631693c257ee9cbe797f62717857938
SHA256 9f2c2217d184e41b505f632302f567feb335f75a58ee7856b414759139af19a3
SHA512 4dec53cca97d59077f4dad723306e175cdd586999beb37f76234bd97f4ce954a79df256ebd69559bbc7c83b6a209ed4b01b8566ec294c39b47d931ab4c956f4b

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\nsJSON.dll

MD5 ddb56a646aea54615b29ce7df8cd31b8
SHA1 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2
SHA256 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069
SHA512 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\jsis.dll

MD5 4b27df9758c01833e92c51c24ce9e1d5
SHA1 c3e227564de6808e542d2a91bbc70653cf88d040
SHA256 d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb
SHA512 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\UnifiedStub-installer.exe

MD5 c7fe1eb6a82b9ffaaf8dca0d86def7ca
SHA1 3cd3d6592bbe9c06d51589e483cce814bab095ee
SHA256 61d225eefb7d7af3519a7e251217a7f803a07a6ddf42c278417c140b15d04b0b
SHA512 348a48b41c2978e48ddbeb8b46ad63ef7dde805a5998f1730594899792462762a9eee6e4fe474389923d6b995eca6518c58563f9d1765087b7ac05ce2d91c096

memory/1432-341-0x0000014C5C700000-0x0000014C5C810000-memory.dmp

memory/1432-345-0x0000014C5CE90000-0x0000014C5CEC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\rsLogger.dll

MD5 f55948a2538a1ab3f6edfeefba1a68ad
SHA1 a0f4827983f1bf05da9825007b922c9f4d0b2920
SHA256 de487eda80e7f3bce9cd553bc2a766985e169c3a2cae9e31730644b8a2a4ad26
SHA512 e9b52a9f90baecb922c23df9c6925b231827b8a953479e13f098d5e2c0dabd67263eeeced9a304a80b597010b863055f16196e0923922fef2a63eb000cff04c9

memory/1432-343-0x0000014C5CC90000-0x0000014C5CCD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

memory/1432-347-0x0000014C76D10000-0x0000014C76D4A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\rsJSON.dll

MD5 927934736c03a05209cb3dcc575daf6a
SHA1 a95562897311122bb451791d6e4749bf49d8275f
SHA256 589c228e22dab9b848a9bd91292394e3bef327d16b4c8fdd1cc37133eb7d2da7
SHA512 12d4a116aee39eb53a6be1078d4f56f0ebd9d88b8777c7bd5c0a549ab5cff1db7f963914552ef0a68ff1096b1e1dc0f378f2d7e03ff97d2850ca6b766c4d6683

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\JsisPlugins.dll

MD5 bd94620c8a3496f0922d7a443c750047
SHA1 23c4cb2b4d5f5256e76e54969e7e352263abf057
SHA256 c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644
SHA512 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\thirdparty.dll

MD5 070335e8e52a288bdb45db1c840d446b
SHA1 9db1be3d0ab572c5e969fea8d38a217b4d23cab2
SHA256 c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc
SHA512 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\StdUtils.dll

MD5 7602b88d488e54b717a7086605cd6d8d
SHA1 c01200d911e744bdffa7f31b3c23068971494485
SHA256 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11
SHA512 a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\Midex.dll

MD5 581c4a0b8de60868b89074fe94eb27b9
SHA1 70b8bdfddb08164f9d52033305d535b7db2599f6
SHA256 b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd
SHA512 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\CR.History.tmp

MD5 73bd1e15afb04648c24593e8ba13e983
SHA1 4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91
SHA256 aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b
SHA512 6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7

memory/1432-389-0x0000014C76D50000-0x0000014C76D7A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\rsAtom.dll

MD5 f5cf4f3e8deddc2bf3967b6bff3e4499
SHA1 0b236042602a645c5068f44f8fcbcc000c673bfe
SHA256 9d31024a76dcad5e2b39810dff530450ee5a1b3ecbc08c72523e6e7ea7365a0b
SHA512 48905a9ff4a2ec31a605030485925a8048e7b79ad3319391bc248f8f022813801d82eb2ff9900ebcb82812f16d89fdff767efa3d087303df07c6c66d2dcb2473

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\FF.places.tmp

MD5 3bb804b5dc3eac34681f7905befebec5
SHA1 26d652c2c1d5b814eca5bc0071cf3f851691d6a8
SHA256 c7553371a5e69692baa73fff281f971c6d16e75019246a49d5dec852b18c489c
SHA512 ab0513df1844678ff734737d2dad6d2c9ec0146af512722884ecf46d86178fe38010d4856162c5696616ef5ee776c65560d3b0ab75b2fb3377fc7cc5923a67e9

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\CR.History.tmp

MD5 4e2922249bf476fb3067795f2fa5e794
SHA1 d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256 c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA512 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\Microsoft.Win32.TaskScheduler.dll

MD5 87d7fb0770406bc9b4dc292fa9e1e116
SHA1 6c2d9d5e290df29cf4d95a4564da541489a92511
SHA256 aaeb1eacbdaeb5425fd4b5c28ce2fd3714f065756664fa9f812afdc367fbbb46
SHA512 25f7c875899c1f0b67f1ecee82fe436b54c9a615f3e26a6bec6233eb37f27ca09ae5ce7cf3df9c3902207e1d5ddd394be21a7b20608adb0f730128be978bec9b

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\uninstall-epp.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

memory/1432-414-0x0000014C77180000-0x0000014C771D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4109D2C7\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\Users\Admin\AppData\Roaming\uTorrent Web\libcrypto-1_1.dll

MD5 cc316f02b1166ba92e53788ab269a639
SHA1 f1ffc069ffd1abacd9b3378a2c40599b8a3d0f85
SHA256 b8453da0de5aefb1b775486cec41011c4877ebd1ffa8089d89bce2ee8e3d5eb5
SHA512 0a86400a472c4ae91a051dde9b260b630f81028aef144f6b6c37754801049958cef3545f903427b0ad1af8c380c8267d95dfd8144601c7c6fedc239ad4a397db

C:\Users\Admin\AppData\Roaming\uTorrent Web\avutil-56.dll

MD5 e0cdb9bbfa7a22ef965d55161945176e
SHA1 1d0929e86b838f02025552cd4e0f6eb91f769d75
SHA256 47a1c21d501b81a93088ae081da08e74d098ac82e0dbae7a909f39af5bd24815
SHA512 813c9b18aa7e8d8794010cc40eda839db324079a87a784b9ab8a98c3f318e9c12d2d86eaa8bd4ec1e4ec6175a9e12efce243c0d0daa193b802ed0cc4739173f5

C:\Users\Admin\AppData\Roaming\uTorrent Web\libssl-1_1.dll

MD5 88228668dfd302da82a2ce585db55f38
SHA1 30092d8680c184726e45879f6c7340ecdf98b388
SHA256 2129c263ad08f415ac40abce658e13327ab5911f59a21767dab56d3167083020
SHA512 8b88a1cf14ef47c39c00568df9b421a45936c74989b428e668ec737438fe993f0c08f65a1f164d54594ea66b49e976c3991cc9a9bc2d56c0bce90e589e142bda

C:\Users\Admin\AppData\Roaming\uTorrent Web\swresample-3.dll

MD5 69ae94597b9412a9936aa43340ad1826
SHA1 67cdf694af7543186f1492897d69f5ab41cfe4d4
SHA256 11771c928aff73893e72de8e01912dbbb8c5d8643f23601545457c96d5b8361f
SHA512 34c7e20d67eb0c8076fb83fdc01628d7d532611a5e56c882085acf648eeb6199a5f4b54c6d848846c502f6c1089cf5eacddc0b7bce6667bd84369b2d338f6e93

C:\Users\Admin\AppData\Roaming\uTorrent Web\avcodec-58.dll

MD5 9d7585d920144436fd23b5397ad20abf
SHA1 396b69f02b672b2df8b630e0690c440f17e7cd8e
SHA256 8b527770e0580ee328f8c91aae05016b174d15e13f28befff5a6b6a6f4837084
SHA512 c6fce0b220e319c8c91739159e9870302240e734b15c1721bb1357b6e62772b743d62f0a8b280aa285d8adde10e1fe24056ccfd1b05b9bf220e7f4f9434dd356

C:\Users\Admin\AppData\Roaming\uTorrent Web\avformat-58.dll

MD5 c123211331c1f98b8a679ecbd5048997
SHA1 4b6807dcbbb0160b191cba08413c79ce557921ed
SHA256 4e8d418e6b1345c05e08a4b88e78a84a97c9a8179ca851bd87c93836c2409f31
SHA512 4232c5f759109cb71a5c5833cb3de2b641c71504f62132cced98f56f792c11d9d5a84ac96c91c8dec6b4d19021b9ba555976779957faa3a6c6438f0abc51a6e8

C:\Users\Admin\AppData\Local\Temp\nsaD42A.tmp\AVGBrowserUpdateSetup.exe

MD5 9750ea6c750629d2ca971ab1c074dc9d
SHA1 7df3d1615bec8f5da86a548f45f139739bde286b
SHA256 cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c
SHA512 2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

C:\Program Files (x86)\GUME35B.tmp\@PaxHeader

MD5 939ee98d23d3ce9a0c8a0fe9aac02cf2
SHA1 b48224bddd5ad890d749f1dd16de6f9c5d9b2af5
SHA256 cea3426ac194b93a31f869d26e69045effc10a0d89962220724557136625ba39
SHA512 caddc19a06aa9bba35641c5b8b2055c18e7f8c89f0603869be5ef7b283c83ab4efc1213ba18c536007babc492ced62e406ba34af96c3a949d3378b5cae0ad881

C:\Program Files (x86)\GUME35B.tmp\@PaxHeader

MD5 cafe7ff20803c00af318a4a0c50a3d01
SHA1 66261bd83e6cec449f167dc2612ac588d9114c39
SHA256 1143efe58b7b1ac71438b460f0c52e18112a3958f7ca719aa9a7082800c8d377
SHA512 c445b043c31400276ab578983c5c5675e0b0fe1097934959034a44553cd1ba4770e227757b33157a2c19952f007ec76af1f9df82c8b16069b6bfe9359da03651

C:\Program Files (x86)\GUME35B.tmp\@PaxHeader

MD5 fffc9559118cf0ba8cf569cd6379f285
SHA1 f23f8ce1562497a6dd1cc83672bc3a4386cb67f3
SHA256 2ca50b02cd440b4e743f5fb11a8d85dfc787de497ea426522818e415dda47dde
SHA512 4d2b7b6dce7b55b08498c080d04b54b43323beafb3a0564baf40e4f81bc0bb88aa1324255b43c87deac9da5ba071e949dc3a6b3ec5d617b641ad3b8bd34912af

C:\Program Files (x86)\GUME35B.tmp\@PaxHeader

MD5 fc8ee03b2a65f381e4245432d5fef60e
SHA1 d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f
SHA256 751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4
SHA512 0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

C:\Program Files (x86)\GUME35B.tmp\goopdate.dll

MD5 04a6438c50564146e880c5eb9d57905e
SHA1 edf5d454de99159d832cc9bd0d8dbe132d749804
SHA256 26109d47bf9960e531888e6c545ca8cfc24fee2202b549df29fb8bf9c58e0812
SHA512 8705d0ab2f8a6c1ef567ad00b33ff2cca01391b105eb0ade201d981f091e4ba87e709860ab9849bf9781698fb42ab8efe53ea731af310781766bace1eb1dc19d

C:\Program Files (x86)\GUME35B.tmp\AVGBrowserUpdate.exe

MD5 cbcdf56c8a2788ed761ad3178e2d6e9c
SHA1 bdee21667760bc0df3046d6073a05d779fdc82cb
SHA256 e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3
SHA512 5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

C:\Program Files (x86)\GUME35B.tmp\AVGBrowserCrashHandler64.exe

MD5 deef1e7382d212cd403431727be417a5
SHA1 fac0e754a5734dd5e9602a0327a66e313f7473bb
SHA256 7d410e9eabd086827b16c89ee953a643c3e2f7929616c0af579253fd8ca60088
SHA512 6b472a57fb89b128aad9ab6313a9ce8b171f7d73264c67f669adc5cf1f0421d81f654dad1419b620476abb59dd54e1aa03a74a26c5c93813f6fb8575fbd97d4d

C:\Program Files (x86)\GUME35B.tmp\AVGBrowserCrashHandler.exe

MD5 f73e60370efe16a6d985e564275612da
SHA1 2f829a0a611ac7add51a6bc50569e75181cdfd58
SHA256 9cf076866935a0c64366efaeff2ec76d45ac816030ebd616fd5defb1870bc30e
SHA512 2e44e87c285bb7b72d45c8119d08ea6f2d13cea77cf0005a3cf530790bb86c7f2df7c5edac9d86c9d7214abb224738c3bf6b31f6bf104051512bb1de133042dc

C:\Program Files (x86)\GUME35B.tmp\AVGBrowserUpdateCore.exe

MD5 dd5dc945cd848bf503862d0a68c3ea5d
SHA1 9b277a0c733ed5698b0656da8c3b99d2f90c7ef8
SHA256 8cc98345e367b083f545ace66d93bf69e03a4fa08b84805a9925fa4c94ef3f8f
SHA512 f6eab8422bde24d89a7723c6175b4197a50e18aa0bb5b8f419e5a23b265d85dcaacaf136b8f6ef6bbf2bd6c0eaecd8f86093f594fb98e596f4b39e9c6ff227e1

C:\Program Files (x86)\GUME35B.tmp\goopdateres_en.dll

MD5 418853fe486d8c021d0cca2e85a63d63
SHA1 9504500a7b5076579d74c23294df4bdb1b7c517d
SHA256 4cbb2591c1eeda32bcf295685c993ce4d16acc968697fa12e2a00a1b7c4b37a3
SHA512 dc2ab4e2056e6d73a274d700bc16f75c7c687b35874029c1908b183428dec010373045d4a52eb3f5745f8b91d624cf5d40cd7f37e353f3a41348e2a054a266a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 196eaa9f7a574c29bd419f9d8c2d9349
SHA1 19982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256 df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512 e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

C:\Users\Admin\AppData\Local\Temp\is-VQ33M.tmp\component1_extract\installer.exe

MD5 16de87fe923114fbff5b3c45bbc53de6
SHA1 605dadc5bac1b6dbb023fea2747370962fa632fb
SHA256 47de7c96e0335d505c12b571cd8ae595972d34d7f50e5d32b5bd0eb7000d3731
SHA512 56897c3aaa2111f344f8a8d2103aefb0062e33edd7d66cda9ce9c24dadc258ffbd4c2af0a1164232957fda7add4f8a60a8265dc285dbad83397446b8c33aa7e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f717f56b5d8e2e057c440a5a81043662
SHA1 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA256 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA512 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e1e300b2-d480-40d1-a2bf-7c917b7b8229.tmp

MD5 c57532af0c8b8edcec393b8b31118af8
SHA1 f3665d48fac50194e97171585a80f744dbe14dc3
SHA256 3ebf39b5a6f140846384a3ad2015fd903d701b3a1ea67183497b8e4d8e949804
SHA512 758af45b5bdc463f02dedcb58983a551d540c1ae5bd2810c3516a1243486514ff3f9eed041fbfcda2485b0201b9b020d190a7ce5296781eaabee21c8f57fc917

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c31d2433a55609010c38772d49533f8f
SHA1 789154997704783da275d70c69d595dc13ac1f87
SHA256 3a9e2c443f2a03719e14f031031ebda42edca24de1ce3286e47682099792830c
SHA512 b15cdef93ca71edd22ed7efe6814c81258f3c0123b83ee727d1ebeb219814f79c028b5a1cd0ebbfb6305e5cd8fa05ba06920fc1c945db8d18da3cc90c2c711f9

memory/1136-866-0x0000000000400000-0x0000000000710000-memory.dmp

C:\Users\Admin\AppData\Roaming\uTorrent Web\helper.partial

MD5 a1286c51f385036be11f566c04d34940
SHA1 d0a1a16026a00a6040ca42c7d475028acfd1018b
SHA256 3a6a9ace416abc4bdb3ddebf0c6260f6937f4d6c7a12efe1e43311ad8f8b4941
SHA512 8773503452e88ea4c0f85c318b4a7386d37716fb34d3b94fc9bcc57b20820e9cf41d6822cc6f655624ff3e24551d5c6c456ebdae7e5e14cdb54d0d00ac904b11

memory/1984-998-0x0000000000400000-0x00000000004D6000-memory.dmp

memory/5768-1044-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1043-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1042-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1041-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1060-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1059-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1068-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1069-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1067-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1064-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1070-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1089-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1088-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1096-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1109-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1124-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1125-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1132-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1138-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1131-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1130-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1129-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1128-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1127-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1126-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1176-0x00007FF734390000-0x00007FF7343A0000-memory.dmp

memory/5768-1251-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 973f9417b88e510d165eeed9f72d061a
SHA1 a91643eaddbbc279e45330850bdd6f1431240f8f
SHA256 63cfcd79ead17b88788e7d27f37ae9c7bbc8a56e0e89bc88e6c39d58a7c40b2c
SHA512 daf1b3788d2b641f1859346d7750d05743501e42abff4d2692b71f7c134e9f67c7d3856b303f54337f40bdf09edb4a58625b85b05979448eaa2d169539455ae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21bb90651a39b68ad6adee09f25e59e7
SHA1 b9784dee0345d92ec7bf09329a7ffc8db0fd77ce
SHA256 ca941bd03869bdd8c8ab841b3956047044fc5dd57ae0af49e1a25e691125815f
SHA512 2294fcf9505885883fab3253b2dd45dfa87f08250dfbdf0bc47e824af4b0ac9c6ad071eb6eab0958fd67262ab04cb5c5b27d5466fe9fe12ab84ca194a547f3f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 daf77c665779915c91678f2a04820df9
SHA1 b97373f1784970bd583fdad71512c6b49ee264c8
SHA256 f6e17f8b8658ff65a2dd9e045bcb268afbb7f09121736cdada021fdd2bd60456
SHA512 449b0bceb95ca4522a7cbd50c5507563e9e5033c67d0b56c94d227f9ab08b54574881f1af66c513a0bb008a803440015bcf379488bab03bfc75a1089a2f57a4e

memory/5768-1309-0x00007FF73D820000-0x00007FF73D830000-memory.dmp

memory/5768-1285-0x00007FF711220000-0x00007FF711230000-memory.dmp

memory/5768-1283-0x00007FF711220000-0x00007FF711230000-memory.dmp

memory/5768-1271-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1267-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1242-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1240-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1237-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1236-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1205-0x00007FF766980000-0x00007FF766990000-memory.dmp

memory/5768-1197-0x00007FF766230000-0x00007FF766240000-memory.dmp

memory/5768-1193-0x00007FF742D20000-0x00007FF742D30000-memory.dmp

memory/5768-1185-0x00007FF781890000-0x00007FF7818A0000-memory.dmp

memory/5768-1314-0x00007FF711220000-0x00007FF711230000-memory.dmp

memory/5768-1165-0x00007FF711220000-0x00007FF711230000-memory.dmp

memory/5768-1140-0x00007FF735F90000-0x00007FF735FA0000-memory.dmp

memory/5768-1139-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1137-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1136-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1135-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1134-0x00007FF765670000-0x00007FF765680000-memory.dmp

memory/5768-1133-0x00007FF765670000-0x00007FF765680000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c51925c28d60a7ff95a81b1c365b999d
SHA1 be8b95e65f42dd8dd7ed0fd27d892be697b45d47
SHA256 b9462d58fa16f3dd65b00fff1a6f465b5b3182d7a1fd220023d2cdd6aed52b11
SHA512 c036fd2b52b89996f1aa16a8dcd828b3843fe984af568ee07edc6eca558203059ca11f164e43f350a7d2136ac5c54944efa0cbf764ab13dd4d69019144c6f6da

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 7649d1aa558fe99ad377ef91782fe615
SHA1 a0c358e224167159ca1910c6c9af58496bfca5cd
SHA256 f7b7333b049f403198d75fcfbcde9c35114d22b77513f97976e3adee135c9fc9
SHA512 5fd2d1bdac275439b4143bae9309b3a0426286837097f841dabfa1faf2cb4c858e80f1b9c33fa7f2a699692198322173ec109cb931c29508ab11c4904683a647

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 fb3f907a4c3f783cf1855d9e10c78090
SHA1 b62f7e8f854f36ba3374bb2a0c7b32517ebda5b6
SHA256 7579db9dc4dd87074808405e2c8d66df4c4182760fe80c4e9b93a5576eb42ab0
SHA512 8546490d70eb8ccd4dea679e13992141dff702443ac1da46a410792a945e4eee6f834f63282fc66312ba01294f4b6db7f7aa987dbf2ffa4e9f4c53995077c914

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 6d2f785e0c284d46cd1c93622be227fe
SHA1 1856697906cc0a0b597aa309273bdf68c8cd95a7
SHA256 6b27ba06fb647acd49d6c6c898ac4c74a289ab5965fdbdadde12bfb7c5595918
SHA512 060cff06ec88e6276553bf28449e3c198cde0e269e8fdf90e930971c82b0d5d326534249e961caf9ccf8c9332d28de38059b7c3ebeed66e1f5b8d47447d92519