cobaltstrike | hxxps://wearedevs[.]net/d/JJSploit

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/JJSploit

Score

10^/10

cobaltstrike backdoor bootkit discovery evasion execution persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000023ede-6622.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe	AVGBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe\DisableExceptionChainValidation = "0"	AVGBrowserUpdate.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	CheatEngine75.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	prod0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	avg_secure_browser_setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 25 IoCs

pid	Process
6484	CheatEngine75.exe
6524	CheatEngine75.tmp
6860	prod0.exe
7044	saBSI.exe
3916	avg_secure_browser_setup.exe
6292	pekofz0l.exe
6200	CheatEngine75.exe
4320	UnifiedStub-installer.exe
6456	CheatEngine75.tmp
6980	rsSyncSvc.exe
7004	_setup64.tmp
3148	rsSyncSvc.exe
5592	installer.exe
5836	installer.exe
3664	AVGBrowserUpdateSetup.exe
6676	AVGBrowserUpdate.exe
3108	Kernelmoduleunloader.exe
7532	AVGBrowserUpdate.exe
6444	AVGBrowserUpdate.exe
6632	windowsrepair.exe
7236	ServiceHost.exe
6424	AVGBrowserUpdateComRegisterShell64.exe
7788	AVGBrowserUpdateComRegisterShell64.exe
7576	AVGBrowserUpdateComRegisterShell64.exe
7992	UIHost.exe

Loads dropped DLL 24 IoCs

pid	Process
6524	CheatEngine75.tmp
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
5836	installer.exe
6676	AVGBrowserUpdate.exe
7404	regsvr32.exe
7532	AVGBrowserUpdate.exe
5636	regsvr32.exe
6444	AVGBrowserUpdate.exe
7236	ServiceHost.exe
6424	AVGBrowserUpdateComRegisterShell64.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
6444	AVGBrowserUpdate.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7788	AVGBrowserUpdateComRegisterShell64.exe
6444	AVGBrowserUpdate.exe
7576	AVGBrowserUpdateComRegisterShell64.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
7140	icacls.exe
7796	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks for any installed AV software in registry 1 TTPs 5 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\AVAST Software\Avast	avg_secure_browser_setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_secure_browser_setup.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000023ede-6622.dat	autoit_exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-U1BH5.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-J7G81.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\autorun\images\is-SQ5DE.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js	installer.exe
File created	C:\Program Files\McAfee\Temp2071064123\jslang\wa-res-shared-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\user_welcome.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdatesetting.luc	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\is-5KB39.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2071064123\jslang\wa-res-install-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\postupdatereboottimelookup.luc	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\languages\is-SIBTU.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-H79SR.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\is-Q3LR9.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\clibs64\is-QSD4C.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js	installer.exe
File created	C:\Program Files (x86)\GUM9045.tmp\goopdateres_sw.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\is-NP6UU.tmp	CheatEngine75.tmp
File created	C:\Program Files (x86)\GUM9045.tmp\goopdateres_kn.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files (x86)\GUM9045.tmp\goopdateres_ml.dll	AVGBrowserUpdateSetup.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.css	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VG5UD.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\include\is-84M3T.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ko-KR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2071064123\jquery-1.9.0.min.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchhit.luc	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc	installer.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll	CheatEngine75.tmp
File created	C:\Program Files\McAfee\Temp2071064123\mfw.cab	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc	installer.exe
File created	C:\Program Files\McAfee\Temp2071064123\jslang\eula-cs-CZ.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2071064123\jslang\wa-res-install-da-DK.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.css	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_aws.luc	installer.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js	installer.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-P4UVT.tmp	CheatEngine75.tmp
File created	C:\Program Files\Cheat Engine 7.5\languages\is-05EJH.tmp	CheatEngine75.tmp
File created	C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js	installer.exe
File created	C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchterm.luc	installer.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3152	sc.exe
6832	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
64	6524	WerFault.exe	147
3320	6524	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AVGBrowserUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AVGBrowserUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsrepair.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pekofz0l.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	saBSI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AVGBrowserUpdateSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kernelmoduleunloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AVGBrowserUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.tmp

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
7860	AVGBrowserUpdate.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	avg_secure_browser_setup.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	avg_secure_browser_setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CheatEngine75.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	CheatEngine75.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	ServiceHost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods\ = "10"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{384098DD-AB6D-412E-B819-2F10032D9767}\ = "Google Update Core Class"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\ = "IJobObserver"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.Update3WebSvc\CurVer\ = "AVGUpdate.Update3WebSvc.1.0"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{82C85EAA-7C94-4702-AA75-DF39403AE358}\LocalService = "avg"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FBDC15B-BBCD-402B-A45F-1853B01A9E3C}	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{079CAB07-5001-4E71-9D5A-B412842E5178}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{633D953B-278A-4DAC-8E4B-D15296A1C845}\ = "GoogleUpdate Update3Web"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\NumMethods	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods\ = "24"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45F7CBA5-258D-4852-AD0A-B18F3FB214F4}\NumMethods\ = "4"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}\NumMethods\ = "13"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods\ = "10"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\ProxyStubClsid32	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\AVGBrowserUpdate.exe\AppID = "{30612A81-C10F-498E-9163-C2B2A3F81A14}"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine"	CheatEngine75.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\NumMethods\ = "12"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\NumMethods\ = "8"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ProxyStubClsid32\ = "{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods\ = "10"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\ = "IAppVersionWeb"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67F69D86-C3AA-4CBF-A536-C73B5D785FFC}\ = "IProcessLauncher"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ = "IJobObserver2"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AVGUpdate.CoreClass\ = "Google Update Core Class"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB785069-B832-4423-B813-47F7422BA6E5}\NumMethods\ = "4"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\NumMethods\ = "4"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\""	CheatEngine75.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3700FAF-2DC2-4322-99B1-D6A51203AF77}\ = "IMiscUtils"	AVGBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}\ = "IAppWeb"	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8159E37-5EDF-4E6D-8E6D-E558E8DDC2A0}\ProxyStubClsid32	AVGBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore"	AVGBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E7A212B-A33C-45D6-9EFD-2AB58EFAACF0}\ = "PSFactoryBuffer"	AVGBrowserUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 370869.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 933341.crdownload:SmartScreen	msedge.exe

Runs net.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	187	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
2780	msedge.exe
2780	msedge.exe
3272	msedge.exe
3272	msedge.exe
4776	identity_helper.exe
4776	identity_helper.exe
5920	msedge.exe
5920	msedge.exe
2160	msedge.exe
2160	msedge.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
7044	saBSI.exe
4320	UnifiedStub-installer.exe
4320	UnifiedStub-installer.exe
6456	CheatEngine75.tmp
6456	CheatEngine75.tmp
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
3916	avg_secure_browser_setup.exe
6676	AVGBrowserUpdate.exe
6676	AVGBrowserUpdate.exe
6676	AVGBrowserUpdate.exe
6676	AVGBrowserUpdate.exe
6676	AVGBrowserUpdate.exe
6676	AVGBrowserUpdate.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe
7236	ServiceHost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	6860	prod0.exe
Token: SeDebugPrivilege	4320	UnifiedStub-installer.exe
Token: SeShutdownPrivilege	4320	UnifiedStub-installer.exe
Token: SeCreatePagefilePrivilege	4320	UnifiedStub-installer.exe
Token: SeDebugPrivilege	6676	AVGBrowserUpdate.exe
Token: SeDebugPrivilege	6676	AVGBrowserUpdate.exe
Token: SeDebugPrivilege	6676	AVGBrowserUpdate.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
6524	CheatEngine75.tmp
6456	CheatEngine75.tmp

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 736	2780	msedge.exe	83
PID 2780 wrote to memory of 736	2780	msedge.exe	83
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 2484	2780	msedge.exe	84
PID 2780 wrote to memory of 1928	2780	msedge.exe	85
PID 2780 wrote to memory of 1928	2780	msedge.exe	85
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86
PID 2780 wrote to memory of 4352	2780	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/JJSploit
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:8780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:8220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4186309574736035046,14817457245205501513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:8320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbde7e1ffhfa7fh4bb9h8733h5dd152cd6135
1⤵
PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8351099717068128694,5894151318376108758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8351099717068128694,5894151318376108758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160

C:\Users\Admin\Downloads\CheatEngine75.exe
"C:\Users\Admin\Downloads\CheatEngine75.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6484
- C:\Users\Admin\AppData\Local\Temp\is-203HQ.tmp\CheatEngine75.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-203HQ.tmp\CheatEngine75.tmp" /SL5="$30302,29071676,832512,C:\Users\Admin\Downloads\CheatEngine75.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  PID:6524
- - C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod0.exe
    "C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod0.exe" -ip:"dui=c186ecc3-67e4-4d2b-8682-b6c322da87aa&dit=20240918191541&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&b=&se=true" -vp:"dui=c186ecc3-67e4-4d2b-8682-b6c322da87aa&dit=20240918191541&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100&oip=26&ptl=7&dta=true" -dp:"dui=c186ecc3-67e4-4d2b-8682-b6c322da87aa&dit=20240918191541&oc=ZB_RAV_Cross_Tri_NCB&p=cdc2&a=100" -i -v -d -se=true
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\pekofz0l.exe
      "C:\Users\Admin\AppData\Local\Temp\pekofz0l.exe" /silent
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\7zS4989C418\UnifiedStub-installer.exe
        
        .\UnifiedStub-installer.exe /silent
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4320
      - C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
        
        "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
        6⤵
        Executes dropped EXE
        
        PID:6980
      - C:\Windows\system32\rundll32.exe
        
        "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
        6⤵
        
        PID:9880
        
        C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        7⤵
        
        PID:9896
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        8⤵
        
        PID:9984
      - C:\Windows\system32\wevtutil.exe
        
        "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
        6⤵
        
        PID:10004
      - C:\Windows\SYSTEM32\fltmc.exe
        
        "fltmc.exe" load rsKernelEngine
        6⤵
        
        PID:10048
      - C:\Windows\system32\wevtutil.exe
        
        "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml
        6⤵
        
        PID:10116
      - C:\Program Files\ReasonLabs\EPP\rsWSC.exe
        
        "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
        6⤵
        
        PID:10156
      - C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
        
        "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i
        6⤵
        
        PID:7756
      - C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
        
        "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i
        6⤵
        
        PID:5932
      - C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
        
        "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i
        6⤵
        
        PID:8860
      - C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
        
        "C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i
        6⤵
        
        PID:5384
      - C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
        
        "C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i
        6⤵
        
        PID:9936
- - C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\saBSI.exe
    "C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\installer.exe
      "C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:5592
    - - C:\Program Files\McAfee\Temp2071064123\installer.exe
        
        "C:\Program Files\McAfee\Temp2071064123\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        
        PID:5836
      - C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        6⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7404
      - C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
        6⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:5636
- - C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod2_extract\avg_secure_browser_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod2_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6dENwvWTZc9pqfCDS02WtA6vMvc0wbnHAHB9Ya9KmrMpV3pgE86VdV4QShmM0iuOps0JmuV88rD /make-default
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\AVGBrowserUpdateSetup.exe
      AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:3664
    - - C:\Program Files (x86)\GUM9045.tmp\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\GUM9045.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6676
      - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7532
      - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6444
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6424
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:7788
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:7576
      - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezQ1MkI0RkQ4LUM4NjMtNEU1MC05QzY3LTA3QjFBMEUwMTlCQX0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins5MzJDRjAxMy03NUZDLTRBMDgtOUZEQy0zRDhBNUNBNkZCRTF9IiB1c2VyaWRfZGF0ZT0iMjAyNDA5MTgiIG1hY2hpbmVpZD0iezAwMDBDQkM0LUFBNTMtOTMyRC1GNjQ2LTgzNTZEQzZDRUMyNH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDkxOCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntDQTIxNkZEQy04MEVDLTRBNzQtODdFNC02MjRCOEM0M0E3RER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTI2NCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNDA3MCIvPjwvYXBwPjwvcmVxdWVzdD4
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:7860
      - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{452B4FD8-C863-4E50-9C67-07B1A0E019BA}" /silent
        6⤵
        
        PID:5092
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      AVGBrowser.exe --heartbeat --install --create-profile
      4⤵
      PID:8356
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.26097.121 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7fff675af7a0,0x7fff675af7ac,0x7fff675af7b8
        5⤵
        
        PID:8628
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2428,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:2
        5⤵
        
        PID:8964
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1924,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:3
        5⤵
        
        PID:6360
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2084,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
        5⤵
        
        PID:9116
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3440,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
        5⤵
        
        PID:8384
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3448,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:2
        5⤵
        
        PID:8972
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3492,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:2
        5⤵
        
        PID:5924
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4108,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:8
        5⤵
        
        PID:9300
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4404,i,1562473284456967089,7220786468073218625,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
        5⤵
        
        PID:6060
  - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
      AVGBrowser.exe --silent-launch
      4⤵
      PID:2712
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.26097.121 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff675af7a0,0x7fff675af7ac,0x7fff675af7b8
        5⤵
        
        PID:8284
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2124,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:2
        5⤵
        
        PID:9436
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1944,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3
        5⤵
        
        PID:2420
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2280,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:8
        5⤵
        
        PID:9764
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=1952,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:8
        5⤵
        
        PID:7096
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3496,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8
        5⤵
        
        PID:7080
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3860,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:8
        5⤵
        
        PID:7160
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3724,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
        5⤵
        
        PID:3592
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3852,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:8
        5⤵
        
        PID:3152
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4304,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
        5⤵
        
        PID:5572
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4168,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
        5⤵
        
        PID:6736
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4004,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
        5⤵
        
        PID:9276
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4320,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
        5⤵
        
        PID:9392
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4908,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:8
        5⤵
        
        PID:10144
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4012,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
        5⤵
        
        PID:9612
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5228,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
        5⤵
        
        PID:9480
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5384,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
        5⤵
        
        PID:4260
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4008,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
        5⤵
        
        PID:5856
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5576,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
        5⤵
        
        PID:7428
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5848,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
        5⤵
        
        PID:3888
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5704,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
        5⤵
        
        PID:1820
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5728,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
        5⤵
        
        PID:1120
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6296,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8
        5⤵
        
        PID:5228
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5060,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
        5⤵
        
        PID:9900
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5540,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:8
        5⤵
        
        PID:5936
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6480,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:8
        5⤵
        
        PID:1544
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6920,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
        5⤵
        
        PID:5956
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5756,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
        5⤵
        
        PID:3108
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7200,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:8
        5⤵
        
        PID:7964
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6168,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
        5⤵
        
        PID:9836
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7492,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
        5⤵
        
        PID:8848
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7632,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
        5⤵
        
        PID:9532
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7772,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=7784 /prefetch:8
        5⤵
        
        PID:7988
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6496,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:8
        5⤵
        
        PID:2684
    - - C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
        
        "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=8072,i,1800049788775778638,3994673919887865790,262144 --variations-seed-version --mojo-platform-channel-handle=8084 /prefetch:8
        5⤵
        
        PID:6252
- - C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\CheatEngine75.exe
    "C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\is-M3M3M.tmp\CheatEngine75.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-M3M3M.tmp\CheatEngine75.tmp" /SL5="$20384,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:6456
    - - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAntic
        5⤵
        
        PID:6472
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAntic
        6⤵
        
        PID:6588
    - - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAnticheat
        5⤵
        
        PID:6616
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAnticheat
        6⤵
        
        PID:5936
    - - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAntic
        5⤵
        Launches sc.exe
        
        PID:3152
    - - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAnticheat
        5⤵
        Launches sc.exe
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\is-54K3S.tmp\_isetup\_setup64.tmp
        
        helper 105 0x470
        5⤵
        Executes dropped EXE
        
        PID:7004
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:7140
    - - C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
        
        "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
        
        "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6632
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:7796
- - C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
    "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
    3⤵
    PID:2336
  - - C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
      "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
      4⤵
      PID:6748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 1116
    3⤵
    - Program crash
    PID:64
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 1116
    3⤵
    - Program crash
    PID:3320

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
- Executes dropped EXE
PID:3148

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:7236
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  - Executes dropped EXE
  PID:7992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:6368
- C:\Program Files\McAfee\WebAdvisor\updater.exe
  "C:\Program Files\McAfee\WebAdvisor\updater.exe"
  2⤵
  PID:7452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
    3⤵
    PID:6960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
    3⤵
    PID:3524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7712

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
PID:6244
- C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\AVGBrowserInstaller.exe
  "C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
  2⤵
  PID:6148
- - C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\CR_1F867.tmp\setup.exe
    "C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\CR_1F867.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\CR_1F867.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
    3⤵
    PID:6856
  - - C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\CR_1F867.tmp\setup.exe
      "C:\Program Files (x86)\AVG\Browser\Update\Install\{94407962-51D3-40CD-8D4E-A6CCCA93B58E}\CR_1F867.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=127.0.26097.121 --initial-client-data=0x264,0x268,0x26c,0x240,0x7c,0x7ff67df6bfc0,0x7ff67df6bfcc,0x7ff67df6bfd8
      4⤵
      PID:7916
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
  2⤵
  PID:7240
- C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe
  "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
  2⤵
  PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6524 -ip 6524
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6524 -ip 6524
1⤵
PID:4084

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:756

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
1⤵
PID:6960

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
1⤵
PID:2288
- \??\c:\program files\reasonlabs\epp\rsHelper.exe
  "c:\program files\reasonlabs\epp\rsHelper.exe"
  2⤵
  PID:9792

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
1⤵
PID:1476

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"
1⤵
PID:9204

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"
1⤵
PID:9140

C:\Program Files\AVG\Browser\Application\127.0.26097.121\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\127.0.26097.121\elevation_service.exe"
1⤵
PID:10116

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x424
1⤵
PID:8604

C:\Program Files\AVG\Browser\Application\127.0.26097.121\elevation_service.exe
"C:\Program Files\AVG\Browser\Application\127.0.26097.121\elevation_service.exe"
1⤵
PID:9536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll

Filesize
506KB

MD5
c6a2bff8e96b5622bf6841a671f4e564

SHA1
fb638e9c72604cc1b160385fa803b0ea028e5d5e

SHA256
7a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992

SHA512
22a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

Filesize
204KB

MD5
cbcdf56c8a2788ed761ad3178e2d6e9c

SHA1
bdee21667760bc0df3046d6073a05d779fdc82cb

SHA256
e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3

SHA512
5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

Download Submit
C:\Program Files (x86)\GUM9045.tmp\@PaxHeader

Filesize
27B

MD5
fc8ee03b2a65f381e4245432d5fef60e

SHA1
d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f

SHA256
751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4

SHA512
0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

Download Submit
C:\Program Files\AVG\Browser\Application\127.0.26097.121\Installer\setup.exe

Filesize
3.3MB

MD5
67c73b883072bd993ecf0618bbec3312

SHA1
ae589f1faec5846b4008f307538470e40eb66033

SHA256
9c454e3342fe945231e5cb53ad2d69a5b9277a83d1d9182256637146b6b318f0

SHA512
06d41673b9bddd66565b3f740b1fc9da28bf18a56d216bf4ca4c6ff072dcb5d05a92024431ac0e2e866dfe7b4a7cc18d5bbc4a9439dc241d1edd1823d3e16445

Download Submit
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

Filesize
5KB

MD5
5cff22e5655d267b559261c37a423871

SHA1
b60ae22dfd7843dd1522663a3f46b3e505744b0f

SHA256
a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

SHA512
e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

Download Submit
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe

Filesize
15.9MB

MD5
edeef697cbf212b5ecfcd9c1d9a8803d

SHA1
e90585899ae4b4385a6d0bf43c516c122e7883e2

SHA256
ac9bcc7813c0063bdcd36d8e4e79a59b22f6e95c2d74c65a4249c7d5319ae3f6

SHA512
1aaa8fc2f9fafecbe88abf07fbc97dc03a7c68cc1d870513e921bf3caeaa97128583293bf5078a69aecbb93bf1e531605b36bd756984db8d703784627d1877d1

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
73KB

MD5
bd4e67c9b81a9b805890c6e8537b9118

SHA1
f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27

SHA256
916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8

SHA512
92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5

Download Submit
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

Filesize
798KB

MD5
f2738d0a3df39a5590c243025d9ecbda

SHA1
2c466f5307909fcb3e62106d99824898c33c7089

SHA256
6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21

SHA512
4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

Filesize
388B

MD5
1068bade1997666697dc1bd5b3481755

SHA1
4e530b9b09d01240d6800714640f45f8ec87a343

SHA256
3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51

SHA512
35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

Filesize
633B

MD5
6895e7ce1a11e92604b53b2f6503564e

SHA1
6a69c00679d2afdaf56fe50d50d6036ccb1e570f

SHA256
3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177

SHA512
314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

Filesize
7KB

MD5
362ce475f5d1e84641bad999c16727a0

SHA1
6b613c73acb58d259c6379bd820cca6f785cc812

SHA256
1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

SHA512
7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

Filesize
339KB

MD5
030ec41ba701ad46d99072c77866b287

SHA1
37bc437f07aa507572b738edc1e0c16a51e36747

SHA256
d5a78100ebbcd482b5be987eaa572b448015fb644287d25206a07da28eae58f8

SHA512
075417d0845eb54a559bd2dfd8c454a285f430c78822ebe945b38c8d363bc4ccced2c276c8a5dec47f58bb6065b2eac627131a7c60f5ded6e780a2f53d7d4bde

Download Submit
C:\Program Files\ReasonLabs\EPP\Uninstall.exe

Filesize
319KB

MD5
79638251b5204aa3929b8d379fa296bb

SHA1
9348e842ba18570d919f62fe0ed595ee7df3a975

SHA256
5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d

SHA512
ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll

Filesize
1.1MB

MD5
e0f93d92ed9b38cab0e69bdbd067ea08

SHA1
065522092674a8192d33dac78578299e38fce206

SHA256
73ad69efeddd3f1e888102487a4e2dc1696ca222954a760297d45571f8d10d31

SHA512
eb8e3e8069ff847b9e8108ad1e9f7bd50aca541fc135fdd2ad440520439e5c856e8d413ea3ad8ba45dc6497ba20d8f881ed83a6b02d438f5d3940e5f47c4725c

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

Filesize
348KB

MD5
41dd1b11942d8ba506cb0d684eb1c87b

SHA1
4913ed2f899c8c20964fb72d5b5d677e666f6c32

SHA256
bd72594711749a9e4f62baabfadfda5a434f7f38d199da6cc13ba774965f26f1

SHA512
3bb1a1362da1153184c7018cb17a24a58dab62b85a8453371625ce995a44f40b65c82523ef14c2198320220f36aafdade95c70eecf033dd095c3eada9dee5c34

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.config

Filesize
6KB

MD5
87ac4effc3172b757daf7d189584e50d

SHA1
9c55dd901e1c35d98f70898640436a246a43c5e4

SHA256
21b6f7f9ebb5fae8c5de6610524c28cbd6583ff973c3ca11a420485359177c86

SHA512
8dc5a43145271d0a196d87680007e9cec73054b0c3b8e92837723ce0b666a20019bf1f2029ed96cd45f3a02c688f88b5f97af3edc25e92174c38040ead59eefe

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

Filesize
257B

MD5
2afb72ff4eb694325bc55e2b0b2d5592

SHA1
ba1d4f70eaa44ce0e1856b9b43487279286f76c9

SHA256
41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e

SHA512
5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

Filesize
660B

MD5
705ace5df076489bde34bd8f44c09901

SHA1
b867f35786f09405c324b6bf692e479ffecdfa9c

SHA256
f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950

SHA512
1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

Filesize
606B

MD5
43fbbd79c6a85b1dfb782c199ff1f0e7

SHA1
cad46a3de56cd064e32b79c07ced5abec6bc1543

SHA256
19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0

SHA512
79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

Filesize
2.2MB

MD5
508e66e07e31905a64632a79c3cab783

SHA1
ad74dd749a2812b9057285ded1475a75219246fa

SHA256
3b156754e1717c8af7fe4c803bc65611c63e1793e4ca6c2f4092750cc406f8e9

SHA512
2976096580c714fb2eb7d35c9a331d03d86296aa4eb895d83b1d2f812adff28f476a32fca82c429edc8bf4bea9af3f3a305866f5a1ab3bbb4322edb73f9c8888

Download Submit
C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys

Filesize
19KB

MD5
8129c96d6ebdaebbe771ee034555bf8f

SHA1
9b41fb541a273086d3eef0ba4149f88022efbaff

SHA256
8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51

SHA512
ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

Download Submit
C:\Program Files\ReasonLabs\VPN\Uninstall.exe

Filesize
192KB

MD5
dfbdb770e1978ed8be16217b71d088cd

SHA1
5bfdae715d9c66c4616a6b3d1e45e9661a36f2c0

SHA256
04d18ccd404a7b20e5ae3a17ca9a01be54f82b511e349379677e7e62aa6a68b9

SHA512
7d4801250d8449d3fcbf714351fe86d64201ad22ecbfaa91588046bb1ef88f22912a58689876ac7b1f94e83047920893b488589d14accf4570e5c116c667ef12

Download Submit
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

Filesize
248B

MD5
5f2d345efb0c3d39c0fde00cf8c78b55

SHA1
12acf8cc19178ce63ac8628d07c4ff4046b2264c

SHA256
bf5f767443e238cf7c314eae04b4466fb7e19601780791dd649b960765432e97

SHA512
d44b5f9859f4f34123f376254c7ad3ba8e0716973d340d0826520b6f5d391e0b4d2773cc165ef82c385c3922d8e56d2599a75e5dc2b92c10dad9d970dce2a18b

Download Submit
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

Filesize
633B

MD5
db3e60d6fe6416cd77607c8b156de86d

SHA1
47a2051fda09c6df7c393d1a13ee4804c7cf2477

SHA256
d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd

SHA512
aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
22593d03da216c8042fc8ee420fb6b07

SHA1
c7313e047242830826d5734948ab8b0b1333ac84

SHA256
32b6ade95b7983f5a92a662db787fe5ae83f4234ba1833346fdc35abaa07dfad

SHA512
8d909fb31b07edaf1649ca068e13d634943974e26659037d786b2652939264d50847912e4b446886dc4518ac8ef9832fd4c522b2e3e95e96c555dda1a393ce8d

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
16982c6297109ee6d1572b871c340b09

SHA1
d42b6335baa98489a3ff7d214c9525f8c479815d

SHA256
c81b709f7c226ca12d2a2992b941a51d1afc0d5dd70c553e0496f63bafe3a6de

SHA512
604599d0e21e7f070766db327e9f0b3e01b3397ce513f141e5747b912c27db950ff3e1cbcb70eb4edb0c0ff8d8c499c4ab87edf93eda79fc7c8fe01d9310163b

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
29cda2853f73858a909347e9e1451f2b

SHA1
11987c1ddcb03f39e08b13a97519d63170351dfe

SHA256
e824cf258c487fd5c3e4a1eff7f8037871d2e98bafee6665c52964fba1ecb1f1

SHA512
a78f9919fff9f6d5c1737c8daa15b492d57458ec995818732bd9748bbf0daf09cc5eeb4134be3a10d028583118e30113068ea05be65a5897db27fe424412812b

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
7982978c75f4f11bec5e9f7650205d75

SHA1
f25218e1b0e7487af420894ebe9dd9301b813940

SHA256
2ced9909da2761ab4b776ca040a1cf40a935e7234e94699de4e564f3d7836604

SHA512
d8d9b3a6477828b79235e61c2497420af2a67613dda501a79e8414d5f18604f4e904dc7932b8bb28c55e5ff82d8295812f9d9601ee3385649ff8b0f086c73835

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
b72c64a32a9abcf52b227e6f0d48199b

SHA1
9d6b8d8e742013651b8df138ad7eb622762f86f6

SHA256
56a4c36221489a8454b3e7d54fb4cf8b65b8ec834ca34185d330157671fd7d50

SHA512
52a5b85c606586fcec1acc5c469e865cd07575676a3e49735f0dddd91dc0964d520a2d35605f988889fbfb8e3441c043bae5a9a8e9bb61a426e48e46509c4a17

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
53aa46c1544f385c5090f5c78f055a3e

SHA1
0573cc5e5303dade119f0fd155b3873ac05c8d73

SHA256
c4f295cec9b547ea77959cfe70747462f2eab57b1a85b64dd106732fb2dc8f41

SHA512
b041cccf18b3bbaa55d2d9a573e68cd8f3d90e32ca1e04a3b9edfd028dc0b596d7660b07bde27f7da3e330b7c992095ec7f67118bbb40cd8d34197b60fac1c2a

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

Filesize
5.4MB

MD5
f04f4966c7e48c9b31abe276cf69fb0b

SHA1
fa49ba218dd2e3c1b7f2e82996895d968ee5e7ae

SHA256
53996b97e78c61db51ce4cfd7e07e6a2a618c1418c3c0d58fa5e7a0d441b9aaa

SHA512
7c8bb803cc4d71e659e7e142221be2aea421a6ef6907ff6df75ec18a6e086325478f79e67f1adcc9ce9fd96e913e2a306f5285bc8a7b47f24fb324fe07457547

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

Filesize
2.9MB

MD5
2a69f1e892a6be0114dfdc18aaae4462

SHA1
498899ee7240b21da358d9543f5c4df4c58a2c0d

SHA256
b667f411a38e36cebd06d7ef71fdc5a343c181d310e3af26a039f2106d134464

SHA512
021cc359ba4c59ec6b0ca1ea9394cfe4ce5e5ec0ba963171d07cdc281923fb5b026704eeab8453824854d11b758ac635826eccfa5bb1b4c7b079ad88ab38b346

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\6f1c6e07-1a67-45e2-9f6b-a8dd81bb8fea.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\787a6c6d-9666-4732-9a01-9c05e0b20a09.tmp

Filesize
168KB

MD5
27e0a973f1449e90508c04e5a6a5b86e

SHA1
a73aeda6a24c88cd513edb51fe82057888b33e31

SHA256
1a1d3f226e1b5d6b13a15080b67865bbd624d8bfd9c4f8a2f7e35b029c6b39d0

SHA512
8724eced195065a2bbb38f3fa940ae8b66202690e12fdc598a669574ffaee36d86a32e7fc608b23c83715f7859e6cfb556cc659181f7c90178b7241240449679

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9de824c5a77c07725aa3d56e1ad27b68

SHA1
faa0e14257c355f7efca08e82562859e6c31843c

SHA256
71a89073a2d7277069dc8ada167e7fd78a590a039459c6a59bfebacbf8e2fda7

SHA512
f23cdde97ce74337046a2553339cd0a3cc6469e043815ce34cf192edd80bf7f18bac288afe059db9c0528ddfd2ad58148c58d227e2da9a024e998fa32b2c57d3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\Temp\scoped_dir2712_453462364\CRX_INSTALL\js\options.bundle.js.LICENSE.txt

Filesize
2KB

MD5
4e994bc011dc4913520bd9f4cefd135a

SHA1
de9aa409a953bce76c488dd9b7297a23f63eb909

SHA256
923090b15eca2d9a8c7f02431cbc23961b45e34a33c6ca0df8c162abc6f91688

SHA512
2d64ebcf3b135c6249d4883c54de3f9bc0cef36c9c071b1295816ee416481659ee1f62d06c92c1b4a92e48c88cb29312398d8cf4e54d3dd5112d801ef3b080db

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ar\messages.json

Filesize
9KB

MD5
bb7da78e2baadd645581eac61d1f08a5

SHA1
a7b0fb3e6b61d67a6d8f05859783c90ce128984b

SHA256
5efa3a780f484c8f277389e3e66ddf308ea9c6b7ea3d172922dc24b092f802cf

SHA512
fdb2f2388554329a16ae9df2eeae3e9cca1a9b939835033c48b4b0ab0692f45d228d8b74f6510d525aedc814d2bf97ecc685218d82cfb922b4d3704f3c7c49d2

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\bg\messages.json

Filesize
10KB

MD5
016d8f12ba72a575e6f72190cef95a36

SHA1
41bf0fb4cf2391963d756f09a2fe10c2eba86706

SHA256
9c8fc1275db7686234c012fd52f66ecd82f465066280bf9b104fa685de2ba39e

SHA512
e834e42c8155d8aa9a074cac9ef57c42b7498f209d2a2da2552a8291c4b9c46ea8809402131e326815dae6facb0bbedb62c018d48933f7c24c8ee240262681f1

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\bn\messages.json

Filesize
13KB

MD5
716032e2d00772c2649ffa87f3aa3ea1

SHA1
ad3ad641292bcad54e88d31903b8290bc5bb8b38

SHA256
a6f6a6b5c4766d44bc911010906d9c725f2424db8a44583e7cfdba1c18f7e4f5

SHA512
c0b32a247e1cc72713dc83e6afeddc9521d3a2fc2537755139687efe535b4384c9a3874c2c52972f50e7b52571f873a35781fb0add92036c2cad077b0de5ed8e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ca\messages.json

Filesize
8KB

MD5
40aa326c413101583f94fb70b3fb48ea

SHA1
45710a74e0f8fe50ff3a9613c506000d12128021

SHA256
9d91105b9caa8357e97019b8863baef095450cf9bf09dbe9dc66bf3097d34bd9

SHA512
d1afe54c6adaca1f3f4e5ba8216327657d4e63a55c4ac4512113b91efb78af454cb8e991df2bbdb07f3781d915b56c294af5969d2699acc2d8cc44e369cf0f33

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\cs\messages.json

Filesize
7KB

MD5
728e0805d53c78f377e26af11cdf8c77

SHA1
31f1653fd38b737a300f527a23a69db675154c23

SHA256
e65ffe37b59dbb1f900138daa0d2564769dbb61604cc1b5d439db38b21a00569

SHA512
7ea2b8864f7299f8c38b6adfaa33e93bb15d746d97408f2378fbc9024299a3b95763f44185d27110027b4364e9d0fca593d47d783f5b16c98636cf39e09b4c8f

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\da\messages.json

Filesize
7KB

MD5
a5b1ac58490654469ca10f205d36d6d4

SHA1
17b2eacf01b18270c682c45bcc8f5f4dcf8c8bf8

SHA256
c709fbc0f93bd19690a772ceddfe18b797ba0b8325c2f3443cd9ec9322cef682

SHA512
4c6cbc0aef050962bb600c719fde74d15b3e6cb83d96fa2d92ed98669df7ca278a9a93f591b47aea57628fee691e885c8e9e71429ee8b3e5b000ce436a02f4ee

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\de\messages.json

Filesize
8KB

MD5
9fa83219f81610984db871e107efeb61

SHA1
8d74a55337d18e0a168afd4aa558e6fcd14ca751

SHA256
b0a16d127b6c676a1246a49066c82578da2453aeb7cf64dc17f51a45cf172a7a

SHA512
e0df03e320c3be49c28a55f6695880ab634ef1fc2986265877877beae1daf899ed7f1a5e9d3cff8ca7fb976d8c20d77c9e6c0fe14e470fbf6bcc76e6fdeb5035

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\el\messages.json

Filesize
11KB

MD5
61f5181bb7c1eb1ae27596e72a036223

SHA1
52686268d5b660553c65be04f200547c583059a4

SHA256
ed82be15a0c4998ac449735b401540bf8584a4f3cb1d22a72c212e6bb4809286

SHA512
0c470401dd7fb661ce489c54872703fef3ab1b01738ecc76bae9081d08fc9a8fbc55bda4c4244b85ab84d4a86518137e69a2361c3a94240e3129fe46bcdd58f1

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\es\messages.json

Filesize
7KB

MD5
ff1745fb4069cb8509293c143e0859d3

SHA1
ee7719465094059ac5c6541480f5455095db7940

SHA256
5e10ca0981d3df4362ffc8ee8d1ec994ef2f77837d72921438a465a802741224

SHA512
c3b4c8c21899a240f9f14b89f790b7f29048017114c9be5c0ddda8cae00cd5f5305531598976c3be33b877b7f7e12f90fe0bb73b960fe8437d0c0e6f912a048b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\et\messages.json

Filesize
7KB

MD5
8139cbfd87e33568537e3914b4d2962f

SHA1
ccb90ec9e3a3295f89b26cff3eff00d479d0d133

SHA256
5c83d5d3f58ab3b79278912d16bd83303d21ff3135f455c1461fbbc71ada1854

SHA512
6db29541032efe2552247e0a37357774ae648b6f5072bd2ad9e3804516bcb704232675df385c1c915d0780c5208282a56564c3f0292b3ceda951125e78f0fd82

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\fa\messages.json

Filesize
10KB

MD5
475b6f3881ae62e195aa0698de10dcb1

SHA1
f177e9cbd97fd717c28f5ea6ec19ec4446c947da

SHA256
f8344512c8e412eee939b1af58e8de07a8b1d43c696426339f79f6004c0d70d4

SHA512
d5df319f0a634fd043a06084470346f43e1ff262ebf1586ba75bac1c81e11372ba3b91c8800e1840c95b7141489d3729bad723c2b561a3e461cbb512f0c68d79

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\fi\messages.json

Filesize
7KB

MD5
19a72da82e07a19f52f6186afc084723

SHA1
fed5d943b7df36fe9c92a4b876f9ec03e990573b

SHA256
f18e7993d30c8c57549c607d361748492d5f05f018a248685cc97e5dff9f267f

SHA512
8cf6facb3318133d6a06c2e77051ff6e8657fcbfcdc3f08349b9fcc4c154fa37128f998ec2765e2f59daa91286d786f586fa0b3e65fb4b7155909c7e5c72b0f3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\fr\messages.json

Filesize
8KB

MD5
e58a3488583b6f86e7743718f520d743

SHA1
bd3df6b4ed7a40c5e1b74313998440ad9f4c0033

SHA256
6dda27dce77ca995b7111e23f41a7352cbed3d6374cbf1c1ec05c2192cf2fd3b

SHA512
4a1d62a1670c98c0554b4cacf10ea3fa17a5dbd2e78d748a21c0fd52d2b137df03775e7fee4585974ee3a022c2da0f5d0ff2954c1a0d5ac1e08d2140ff7a1a90

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\he\messages.json

Filesize
8KB

MD5
25e1459e54ff339d78a89e7380726de6

SHA1
e8db6a0ffd2e59652d94fa80e01f0f644dd11895

SHA256
51b4795f15a0aa4d4b3406c11351dbc8554c6e06fe3290d71d68af2c40f2768d

SHA512
d3ac86e599080cd58300cdcbf7fd9e7044b9b90f514e432869350ad47af671858c7ee9b61f8007222ea29f60048519c92fa8681e8af324a695f85891bbea3098

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\hi\messages.json

Filesize
13KB

MD5
f2aca748a99d5a2ef6b6a3cc4a077ee6

SHA1
cb3a46500431796c69a9432a8acc022e06f8938a

SHA256
78e14410a9d03388c5ff486b6cf5d8ddb02d0e76c5115ff28366522ed880d5b2

SHA512
c0dc8780824ce66fd705d299aa6d864f37abcaa50ab9e5dee3cdcee7cdeb1192941e1befd31528aa8823119d3ebb174e2fc5a41c43f145580fc0fd53b4becdcd

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\hr\messages.json

Filesize
7KB

MD5
f0638d1835e23b63c8581d03dfe01117

SHA1
3f9c3b05be78526c5671a75eec3e31d3b6fbedd5

SHA256
3cc3467a403b776c954112a7aad8bef07922ce2ea8f933c44a9214fde5939958

SHA512
09f6884005ea485c1207462f3169b08e4761f34bf1d870e08b82ab6186b874812e210bdd9cd448b5050d6a90a3e288b3782e1fc488d3b5afccdac4db00f64a80

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\hu\messages.json

Filesize
8KB

MD5
36fd009ed08b2e84ea92e595788d195b

SHA1
24b040431a6e054744cd921eeab083a0279bf60c

SHA256
5943cc216e37f2482d9a7bc524012d43df231364f75913ecbabae25710c0fcfd

SHA512
e50da64338808c0fc607cb039ec725c93b7b51b450a932130256af3161fd9b5a985e41f124f76586741b84adb558ac35027dd265528d49d420f55e645d0668cf

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\id\messages.json

Filesize
7KB

MD5
03feaccbd0b71609899ac2f6a9dd95c4

SHA1
67c6ba4031259c611dccfca779e5c0b8fcf6d66b

SHA256
8285c9db88e40419224f8b8f0093a0b98a9251b3a8162b251f6b393065021e5d

SHA512
89945a6df189b7ee82c6aff6eb8d8c627a4ed6c98920bdbd89f326053d7f12d85b0804a6c4c4e09d275837b1bb40b014a788621efc9d5f3738d7371f7c5ec11d

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\it\messages.json

Filesize
7KB

MD5
b446075f5bcb7e584206ad9f27891fff

SHA1
c680f72341547f56afca4430e476b5a85c69a182

SHA256
7857568ca469f49a68beda8d7ef100d3d95091d5fff05e3d2b43e1c4c9fdfc06

SHA512
fac1ac769b7c190f55e6a8563875c236071cbbfda981bd6ef71fcfb64c7cc4e84db8b3ebf8b41a6dc5a38b83679444120b8d559c879f7beb1c6c137300a177f2

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ja\messages.json

Filesize
8KB

MD5
8eb4d9be37b492c63a0b090b5e2fbb62

SHA1
176bd8bb7db544f310679c8db575a5559b135945

SHA256
21e61a02ca0f8e4769343fc8b0fe9bfaa864da087b8a06464ea88463469b9fee

SHA512
5d0daa0f241ba21ef3c99fbf5857b271893aa22adc8bc445362f82c33a394fcd3efbdeb63e84e457039d401ab440c7bcb0a57857eadd4d1a03c69ae9fbc43995

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ko\messages.json

Filesize
8KB

MD5
af36e3adb0f63a6c4fdf6b5f2af1e94e

SHA1
b60c40e8794ea88eb3a84894d1c084ac4becbe47

SHA256
ae4a6aa408b41ef1f5938190d6210b08ac844fab0f6a74b5d6d44f6ec202af06

SHA512
0b0cc1d2f242a1a5e535831dc5e51420ce23e7096d6a36cc15f9592374b58ea4c2ffe2a98428ea0f76b50c177b913c3a2d9bd229a9d328f1f191b90f7752a2a1

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\lt\messages.json

Filesize
7KB

MD5
1bf3e47117852de7becb596a35e52840

SHA1
3f1d5f0da70c5f201c1f635e38358e1433edbf05

SHA256
2e9a6baae1c42603ac2b2be6ac4d700cfe2fcb0d6ab7da69e28b8574ba5aa6c8

SHA512
3fae121200137a1083fa2b939d75a80c5b1fb42e3dd8c2d312ae70d97fc9d17d4b6c7aa589600f3167bbba1215d15235eaab65b12037fc2a49d53787dbe4ee63

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\lv\messages.json

Filesize
8KB

MD5
c560f29de746bc4d180288699afc5261

SHA1
827a6b7f4795cd7d6d97ef06157831d24c787c5c

SHA256
0a8e0b35738b25c8f703535e9a346997c9018be665f2bab3a5188929be0443cd

SHA512
994fd4a885ca66fad54d247d33c2b4c4e6f053c9d1fa8d4adfa60300b768bdfc0b1872492ab25a28a7ce3a76c21b58b0a8f049295a34e6a8363bc4efa5cb7dbf

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ms\messages.json

Filesize
7KB

MD5
604320e154e4e6c571e0b4e2d1620856

SHA1
a7090dd860a4c256a34bec7d16f17a982d65f5db

SHA256
2ed159fd59fb3e847b59f02bf7f564ba198852392e03b718826ef13576fd2d79

SHA512
c61a3c469fa2e36575923cf919341c840149010956f74ba24454584b36514d5f0d2ea35e991bbc363b8c285686d5e6920a3a3041a5c9abd93a6adaf30e652cd3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\nb\messages.json

Filesize
7KB

MD5
dae032b502afffbbcd36ebcae55b7d45

SHA1
5eb9a2113fd3c1b68b68c42d94050ff29fc6fdc3

SHA256
e0cd094bd5f3aaf84855e318f103f67c880d43e88b7d83a9bcb0a8169d48e4ad

SHA512
ac43c3fc8479a5195f0cf785e096f7da933eeef448d31a4d1a572159195e1e5ed428438f38e19fd5b6eb99a9ff377f1f1c9be62a5a3799a30e089bb9ac88a0b8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\nl\messages.json

Filesize
7KB

MD5
d14bf464a408d844a4078c8c94eeb101

SHA1
d070b860bdf4a4fb7a9c40336f01d356bca3bb1a

SHA256
268db7247b53f3646f80ec609f02b371cc9258fe8e262c7665c59fd90f69cd83

SHA512
740f107d123ecee56185eaac63fcc1be84c7c771725b2b499113efde034ad696c0c8ed528a38f256a3c160806b3047de7e60bc4f0f99327d4298da368fafdbe3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\pl\messages.json

Filesize
8KB

MD5
2384beddf9cefeb6b74c8194b85aa64f

SHA1
1dfe0ef3bbed37db403e7dfcd26ce5ebaa3d50b6

SHA256
5db5dc96d4c219ddd62c048f990481c9d2fe7d1e05a5355aae3f59c1f6cc8bd0

SHA512
b9868ba844e080feadd0457c8d2c278a01a244aaa3012b710966acab5bbace7d60975a3f8e552cebe7782df2eeb89dcb4eff4dd3788a3685699df4532d4867f1

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\pt_BR\messages.json

Filesize
7KB

MD5
f2103f500d00f5fde8db4955abb58f3b

SHA1
5854297898c2419ab8494673d38da1e776cc6c11

SHA256
2c41f5777cd7c2655047d9e44f75e87a9ce841d43a3a7b51abf995d263b79682

SHA512
05fcd0621d38f90823d055161dec53b149265fd9d06b6d17619e098dd5465252c9fddb52ddd77295d27f88f87a2e314e444bd8be857fbff7789f9d68192225e8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\pt_PT\messages.json

Filesize
7KB

MD5
99a9a28a0b5665a1a8e3fa8b85076cf0

SHA1
fb644e756930c3216c9effd585236e87f690583c

SHA256
518747e12bec5a7a554b7deabefbf510beda3a96cd04427e123e85c123eedf52

SHA512
cea778cf5b844aa800676c5e47a91367827abef833519512c402d87c52471020558535aca2983844f6ed4d033abf6011755d424ab921b4592cf82ed95ee17ca8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ro\messages.json

Filesize
8KB

MD5
178c7ed90c03f20f19c71e9b5705f3b9

SHA1
470896ee040a674614bb6e4cc0062d4111f42eb3

SHA256
311db1d0381c412c13d92f5337bde5345e4716d0e43bb3e80d7d688c9aebd5f9

SHA512
c98fc7e6bd862a5b69260f8d3d4c825f0ca0828b63d644857e5ca7ed68336c82695ff8b49198e53a609f55d7731bbbfb39b3af28926a719f8af9deddbd755508

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ru\messages.json

Filesize
11KB

MD5
bbcdfa5b9387e8b6b80c4f4d30a89d1a

SHA1
bcd706291baf0bbbbb9055474afe335f6a2c4c5b

SHA256
bac067e2e7ac645444397f7f814ce8fadc5d529e5fc808ef178ea505d3281334

SHA512
eb93d89995380d28cd57ff65f41023255adf2527ee14b30e155337a7bd518f17d4555bf6b3724085d67a3845bff78d08c1d34ca26797e053c9ec98c36f6ec9dd

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\sk\messages.json

Filesize
8KB

MD5
2a430d827ec839a1786efb246693d5e6

SHA1
bf2617519899ab91e31ef331196b4ad2f96c0be8

SHA256
4ca48885d3d1c0e426774e4de941e041c531291253e6f97ec53f9fb3b057c866

SHA512
e5088a0fe2e4924bcc681ce2929862eb30b3b44165eb388128fac3ad790a89063dc433ea095914846d8ed5acb6f523aa80936884a5bc5611efae705cf8607f71

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\sl\messages.json

Filesize
7KB

MD5
a6d4fe43eb63bfe30122108a9576f31b

SHA1
d1adba5b437652da1573d61105d4b3029f15b9cd

SHA256
ace6ce075ef716b0d8c963c55b28b9d033bca05c62e667f0e99620affe7c1304

SHA512
c02203ad3cc82607e204e715f816425101a9999a1cfe93a8cb8a6a2ce6ba0aee6f8528768febb0c954a16610e9484a9e1f1901d7bc667072068358940c8db528

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\sr\messages.json

Filesize
7KB

MD5
20c999b9a9b74b3469222ff08f75c3ea

SHA1
9b335722addbef9c7e2c1ba7cc25d63e776a5cf0

SHA256
07a3af371cd2f03d3e900820dae661a1dafa0622b1ec4275a3a89a4e373cd627

SHA512
80e6990799b432d474cb781145810ad9954092e334c03f1e5aea881fad50f039868106910067d01c84d45254050c47f7d7e8a4508c48151f0960678954d78ae3

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\sv\messages.json

Filesize
7KB

MD5
a5b18ab5d81a8b455585f164690044a2

SHA1
e9ad69a6fd8f2c3549192e7334304e0fc7534f71

SHA256
3a5bb1a65cd59348b7f08e51df5ecabc0b90dda55e1fba9a8a7a22289a0f8dd2

SHA512
c8ad7bebef69177b98127608adccaddc2fabf6994fae10f0411fdbc13b0e030d0d04dc988d978d232138ce008699cfdae13f215574b2c7ce61f8b7a4af5e3f32

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\th\messages.json

Filesize
13KB

MD5
4280b9ce51454aec225d05e59912202f

SHA1
f2853f3668d1663e791acbc6e2b64ca0a4fdced7

SHA256
f8cd2509caeb97a2d03aabad0066e765ae1b8f9661d5b637a5b62bcce35d2bcd

SHA512
a4460144525049b71f9de264caafbb05c41dad7c97173d2b19e00aa90335d45d1ca5de1063478025c158fbd7383cf71091deca8f3eabb1c0aa40856fb4df1ef8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\tr\messages.json

Filesize
7KB

MD5
14cb2de66d573768f6ff9cab96c400cd

SHA1
c3eabdc9b778be25210dcdadeca214453957b686

SHA256
4ce902abffa76397a8370bd01eac687d301e2ed4d81e00191e66d04d83b2da8d

SHA512
28edb203eec685e1185d5482bcff76f80f9a0588450cec6b8c5776b8c49a00c905308e55aea6e56e61c4f79f11c71c55c64226d8918ecf69f4085537c6e92cf7

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\uk\messages.json

Filesize
11KB

MD5
6db1c3b4e5938435e45cc8e90d3baaaa

SHA1
5689b628c3adf89a4d19c5cd19ab9b6206560640

SHA256
cba5eefa9faa7347ad98d1afeceae3fc5db42efa4c8408f35496dcf431304533

SHA512
e300060116fe6fb69f6f62708fee41a6e282f4d4b3c09c4ce9f26516e9c2a4768fd1f5f9470293928ea45a2dba22ac99d71865331a80c2f79d247934914d02a8

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\ur\messages.json

Filesize
10KB

MD5
d3e3ede899cd40534ddeae337a43022d

SHA1
ec9fe1b045fe6d7c3c2120cc138c730b1389c02b

SHA256
a5ded924c38bed6d9b09821a7dde4431d04f3f20da4de87277d830f82479fd21

SHA512
237aacaf486c10d39ba123125ee181d906d14b45183698796be8f2808c249085b070e9caa347e8076446b73e1ae56c424dbae2e96db601e4aa19427e0f737f84

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\vi\messages.json

Filesize
9KB

MD5
7e56c43693a8d7657ca3f40f5396f56d

SHA1
3fbc2219df565301b75ef8d3e45fe96e1e4b273c

SHA256
c1946c6f14ff53483644763d00733f7cdcf1ddd5287a287927c26d495c3761fa

SHA512
2bbcbbf51d426b14d99368c51bb83f6add404d403d30acf5d2680f28e07b52fc8e0f08dd3f054d3341fe96ce37e3394e9ef5eaac8dc7e13ebb23aba632ad3133

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\zh_CN\messages.json

Filesize
7KB

MD5
61ab8dbd962b6da3f16f080a65a57e4a

SHA1
c931cf969f1b4b0254b76c6acbe0ca19ff666b11

SHA256
a4d2d3787c2255afeabc2db94abab36417e72e334a903a69215c172e669a6433

SHA512
c3e4132c2cf981abd3431e1eafbe36d8a8bcf3421b433263e68f2e2d43ef90dee57e19f86682af3ffb698331d96c4d4303409c6954c47879d1d2bfc4ad66950d

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\_locales\zh_TW\messages.json

Filesize
7KB

MD5
dff7aac6c2369dc370aaa47c2f99d3b3

SHA1
cdc8e7d712ae2ed0f1cb01be8c3e9182aecad682

SHA256
97a1208d7dc54ab112581557ec348977e932b755e467f0a68e5ab52f0cf302a4

SHA512
fdfaecfe8c79807b1ca3dd7ae758a31668ffa6dc9fff51ff4d49ab8f378719cf8c45584c805d904a03268e375b20f13e76db5a62ffed7374c453741a15d1d287

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Extensions\onochehmbbbmkaffnheflmfpfjgppblm\5.0.555_0\img\normal\allowed.png

Filesize
1KB

MD5
659d696b05fd116ca3316067d7d3db92

SHA1
59ac6d66b9f37aca2d7073308a99809a14fdbb6a

SHA256
3c7721fc41b7c3dd694ebefac4533e6a71e85cd0bb18bc66f57fc3910bcda8fa

SHA512
0eae3e619e9ff32474b8094b0319066795c6dd5d4e4e757dbdae5dc1fec9fcb22b4e9d857b73e0adfbf710abada04a51e957184a107133aec1a3d9a8ae8c818b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Preferences

Filesize
58KB

MD5
54a6891948a0e2566b8f332fe3b5ff44

SHA1
eec6c7464f88b759860ea73dee03fb7488b1aba0

SHA256
fa526138095ef73ef4a5da5a76b2b785af86347a545edf05e885144a691752b4

SHA512
e7ccc34814db536092575949fc1d34692ef74f48b7a2c4881ccfe0e53cce4859d81c4cc20aa2138f5332c887a932ae0b05c7685d396c62249c80c6f18285da47

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
1KB

MD5
a9218330caf21a7dcb5589d6b7de5abc

SHA1
662b991b88929f2574dd97dcea912dc4b5c70365

SHA256
65a3386cd84516ac3cca535af528aa05f2dd5235708286acbdd6c9e900ca47e1

SHA512
cfea24cfd030a0dd55961b653c9c0881d87a1676b7dc381cc5401bf81a1f60297d48b7b05751e3a960e68c40b89b7e9b6aca7ca0dd0a894811e40bbc2cb985a9

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State

Filesize
7KB

MD5
5f16fb38e84ede98e20b5eb232bd0fb7

SHA1
1b6713ffb07b3f47249aa8772f7c5fbdfacc38c7

SHA256
2083e426ac4e6e99dede5b6fa0cec838599b4cd97f1d61224d2f3049690637aa

SHA512
1c77118d2d6d7a9fc583c2e76cca6701ce51649fdc36b397929ae2052cbba8eb2c929539c48c198cebd4d7532271c9cad980a4c8ddd79aab74e851e3e66be891

Download Submit
C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Local State~RFe597517.TMP

Filesize
1008B

MD5
3787deef5cd4de564625d583cc779d13

SHA1
2661aa2e33340ff8c0362409452436cbe438dedd

SHA256
04e8dace89c4db9d795a8f819faa006d64f55072bb4419a6b9148498c524011c

SHA512
034de4a537dd14409b5e585ca5f77ba1fec7e43a431ab974a329f6c2f0b5b3c28ef778b353f165a4b26e88e9cb284ad3241d36912c3b6200301c2803801b6be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
689a60eb756045b24bb556f6fa8e5e6d

SHA1
c243433a8ebb7d1a9c781994c0eccb0a481584f2

SHA256
4a30b7905215e1a2355fd06726210315285f09b3aee5d79a6e69bff3d88b92a5

SHA512
6f3bd66e82f2ca3ce2a49e26ccf75653211b8407282853596d3ba963747bc9b753ab2a1065a4c83190060b332f75c3e5d5494b1e36bcaeddfdb4ac90bf9351a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.2MB

MD5
9ab76c23efa273756bf691e64fd9cca3

SHA1
4e563fa0c8c5039d81c20b0ab91774213037a299

SHA256
ea5a3b2531d69cc132aa7ad089d645b446f32e8ae7b70dce448aea9b0360aa40

SHA512
28d64d4434afbe854e95618a1c90d162ccab30980549a90dde89420d207b6428234c003a7004bee8589612260ab3db92e8708a45f695d5292d4f9d7ba48b04fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1c08f1ca81c12e9cbfe125f2a9386dac

SHA1
98709d3a83e3ff9c2072f834aa153da641bab1de

SHA256
30eac71caff8c6a58c0be667c5f3131542ac2e025de3d13e4b3f2194a8941816

SHA512
36cb099f8e020ed463275b6937b66abb7fbd5dbe071c1edec880749dba427b1a9b07244c6f288f99c93786a3da6e7eafe46e1904e7d546b17cd15e242c016263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
654ba4f4a30c4ccac92fcc5a897e5684

SHA1
579986ece56f01c7b36ff88030a3780789719aea

SHA256
abe51b983829b1f6306759a0e1fb69253cddc575b9d1584fa2cd645ccb52ba96

SHA512
381fa58ada0a4a5be5d7e6a35986b251573271ab33edf795657528cda60038e407e696654e3de74f051eeb9ca6c784b605400d9837cd6ff7a9385c1bd4781c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
868872b09791802d15c93199ae9561c6

SHA1
e98e1bd65547e064e64180f00f19ad9d56ecf9d5

SHA256
e9b920a543096461099bb35dc2565f82ef21d5c29096ca18c4d9c2737179cf79

SHA512
1b5cea993a2f43aa6078706a8d3cad3cec4d3c7393f80c4bcad29f31d05c352331c132b40219c4a3c14aaa107f9a367380db6620d0119fb68d06b251e31b2e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0306f678ed90a9fb9e83f5feeab19bc1

SHA1
29ff552a8829fc8f11f9c97e30c6333fe33c4a7c

SHA256
062dabf8fe1fa737c76545f62fc8eba4932d436f7030af42fe7ac3f70f450162

SHA512
451e8574164ee73fbeda06268a2e69ee603113b76f41bad1eb4c28fbd8472c97b9eb026f0819b2a4e6f5b3050ef6f8528707e3b66a5c90f7f16ba46b86ce2983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f115b93cae615d814a4587ba724309d

SHA1
5ece240570534a1e921a62fac0d1484a1cfcf7fe

SHA256
4f11402df2184fcf5842bc0a80690d0bd2ab2c34615ec818d97ec255f8f83741

SHA512
27ca7b2e74f65d29182f21f931a6f6dc2aa495d6da3567493b6e5fef68f5d3d92f21f996b7338dbf455eb90245be2ef8ed575167e1421e1428fd8b6a71c2ee84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab3b6b3e02f16d43bdcff2fc48879523

SHA1
d5b36393f0f8e5c0394934c9f912ceab0c85a09c

SHA256
bcbb8d839001eb99ba9270b32e4cc1d245cbe7869046ba1a9a94fc84127a03a5

SHA512
fc1b15a560d32172fcca0e52797d19306c8ee9025be5ee97cca22fc5c03285ed4df3f3548110f4ddbc870afb276e32fc3d2b0064c1dbd3b5bc6ea8fb1cb5d75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b3b23c77631c5ab49493fe2791a317f5

SHA1
b6e054867628aa8060a2b3a6963ef5e09c18dc36

SHA256
b9575fe25030999cbea8fe0c964c2bf3af02d09ad0b238ee458a163bd7753445

SHA512
1be97631fdc167c9027d6a82cd6f8d32003443ed95de5a28c76a3172ae0d9b3e5c9db59eca2694ce34b4d89620039219f6a1494a7ee17c1d67038376245b2075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8e9088663e20238ead0f46652f995dde

SHA1
333851e96f1a0a51e458e049fd10320cf10d4bbb

SHA256
bf99f894882889d228fe9f182c303779fbf623a355dc123412f1267ba787e895

SHA512
62d5b5e68eca98f96c97277cc7ce2b7fc9b7a489b2b7f1b9ad1b1de37e39a0395cbd8ffeccd0b2d89b66998bd8cdd74d7491a271a234c45a2cedc4c4329dbcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4286faf0c1944d05ee1871fe80391019

SHA1
9c6e43d6de2fc0dbe539a6deb64f9bd606071ca5

SHA256
c0a7b95eb516e0d11faf27dbb926c599ef9914ac77ae00b2072f1b99c26ebfcf

SHA512
46aa137cbef27841e56e0a674b8efb78204447d41a6d7c9b6a208448a6ec0424c2365dfbb4bcfa69aa9dd062d54470a313fd272ae1495496f2a6d51acfcca551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
253ebff1ad9f007e4b4815f9516d8bb1

SHA1
64a173152a99e0549536abe1996e923936bfaa13

SHA256
4707c9d4e0c91e9a3df05b379127b777751f2acb020f07d489cf29d7bfd60af1

SHA512
54af1954f232a2c792acf9b99b62d3bbf3640718a1956d579316574524ad132e29ceebc4e33201eabbc06749b7bdbfdbb7c9704728851f38245bf1539fb1e133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf39.TMP

Filesize
1KB

MD5
cec510a8eebd6aac10aeeea0feb8a089

SHA1
9a75cf65dfab1af1eae073b6c741733f24f19ac0

SHA256
efbca33c77ff7bb9dec36a46b9a1bbcfb8078515296c4c0516ef14feef4785a2

SHA512
0e63370727856e2f5e408cf0b934d5c94e9fd56a7c28d9ece28572157c71fa9520d30bbee52f1663219dbae0ed6fb8a4a2d68ac46b23d6ebd781fff3a7713e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
411f8174d98aa7c78025d7901dcc4917

SHA1
c15ddc849066abd62638496c7475079f030b3c8d

SHA256
a5309e0539a7354a4aaa0e1e088db03e78d13554d7bc5a8160c7a4be1ff43d01

SHA512
39b9672fc12217c6db7784b00b88cf72cc3f259c8802214f6f3195fe2c2a18e4adcbee76d3fa3f62b1738e9e38929c2e7a64f6cbe48cd6b3c1b6564b4d6c9a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5d80b158cd9e5687f69d616995d5ce9

SHA1
07e2f6ad0a91dc70293c15853962b9f4c1c074cd

SHA256
79b7bc909175d12d2833e8852cb04e9fe57402056ec21adb2be519b9267e918d

SHA512
eeffdd7a03d3df88be3e550c1a730476eb5a0a29272ac4b8ceeccd9a406fa6dbbcdc7b264b8acd14bb0b014a8234be22268feb8816e4ae09665d232da605d820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a14cb7bbd987bddb94b2326332337160

SHA1
14541914247e03767ee191e921555e0c81ca5912

SHA256
b3be43fac342325d08013058620c87e2131bc0c7d668319891e241a824768104

SHA512
b22354d1c54131ea0dc9afbcc4f4d1973c3e0e37cbeb87db4fffab305776c8cd4d8dfaaa666c1f72ef98d96660c3059d10f2444d05b87f1b9553121082f74c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
707646463a3bcaf2879e02c00b10a4a4

SHA1
0aae2e39848d620f74a5099e3023284a1f503de8

SHA256
19175c7c82d100f906e7e0e53db52113a83e323b37be5586d550b7b82aec3519

SHA512
53df61ad6851a950dbcb5494c1ebd264f0ddbde1be63d99541767b44347d670c1519a127a13d9e806e514f6bb48307b92c3a9652ef98dbced92f67ea53514e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\05531cd9-9866-4f6d-b22b-eac1672b1b4d.tmp

Filesize
1.9MB

MD5
21b06e448a0bee23eb6b80dfb39f1e82

SHA1
d60b3a9021a704247af4ba58bd539d42f780661f

SHA256
3cad9f24f2ec2bee7bef2410ef713924640bda964e865096db6dde37103481ba

SHA512
9678b1302eb289f04c0fad0a60455da7d24da4bb72177561f8668f0995d695485eba915bb222d7231a8188ac6ff3b4b0ffbbfe3b725b9c0112ca6af9465f5709

Download Submit
C:\Users\Admin\AppData\Local\Temp\09b3e005-ace6-43ce-9981-e175e84e4967.tmp

Filesize
88KB

MD5
74638a4d191dee2a0f0314eda3d0b51c

SHA1
84cb3a270cab5a24eb298082f436f36256b0042a

SHA256
685533a3ba2457337e069f1d933bf33950730486c0d61976be01e82cd70765fa

SHA512
1795743f43a4dabeacd75603b80040591f6de364fa37255b9e30a2db17004275a3883216ac54555629af3d5afd93109a4b4afa25a6e658a8e13744f80e0f2403

Download Submit
C:\Users\Admin\AppData\Local\Temp\188d2780-53c6-486e-a770-9387e187f69d.tmp

Filesize
1.2MB

MD5
4309d5e871697249cfca67e67a8708ee

SHA1
5dbd4b5b22332b2a70ea425df0a812714f4f3ef0

SHA256
b5eba951ae25d50168359f7f456afab7c69ee8c86127bb72eeb4402c1ca9bd14

SHA512
285147c13b996a5b66514475bb106aa2fe499b52a78ddfa3bd540a1ee1693a892f095f31c83c7c4ac06c487b482ae22142453e992d79054d18efe336a94cb70e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1c269faa-c080-4191-81b4-732bd0d62a5e.tmp

Filesize
626KB

MD5
e2044eaa2fa3e05c09aa2d6f49650b50

SHA1
6cde6eaef9358dfb2de74fe729ae8c519fd574f9

SHA256
253914b6a6d3def7501d200a0e938305b47eba84a7c0b6a5a7f2cdada0488d14

SHA512
5f6e9ed38736abdcdba9fd1627673f1efefc35f952392e9806402d28b45bdc2c93d7d8cc35efba2076c8d5a8736eddb4e24363af046d4b16ad4e4409ce020ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\45ff8f7d-c9d4-44d2-ba49-ec64ff983ea4.tmp

Filesize
1.3MB

MD5
bec51734ad42fc569c75f786ed80a2eb

SHA1
7356caa4412cbfc6efd801e2ca03fdde1c36efeb

SHA256
2702b4c3d30e74bf7a89ba502b3da529982c53881b6bf5acd1d5b9b024e806b3

SHA512
738756a29ed70d098dd0496b2dbce6dbb1ab94977ec0d5d464d04cbe469434c174c492e77a25761e1ba24bcea9382887236f2f57a565bc9ddbe0782a3db5f1ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\7a256041-430f-4eb6-bfad-a9a8cca3fc37\UnifiedStub-installer.exe\assembly\dl3\3f8c2b13\a6f27b4e_ff09db01\rsJSON.DLL

Filesize
216KB

MD5
7dd406fa2b496d691f866eddc790d6cc

SHA1
692422b46102af2ab31f7902a970c912a2ba000d

SHA256
bd7b33b101f222846b09f057bc54bc586ed5da63fe189e9ab19bcc43ecf85956

SHA512
c8ac9e9491f6695de1d9c3fee1ddbdd0261b8e32928bc228858021851fed501cb6b12adc5dc282e703a1e8efdf372073c1794f202943149e7320831846708979

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\Newtonsoft.Json.dll

Filesize
701KB

MD5
4f0f111120d0d8d4431974f70a1fdfe1

SHA1
b81833ac06afc6b76fb73c0857882f5f6d2a4326

SHA256
d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a

SHA512
e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\UnifiedStub-installer.exe

Filesize
1.0MB

MD5
493d5868e37861c6492f3ac509bed205

SHA1
1050a57cf1d2a375e78cc8da517439b57a408f09

SHA256
dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f

SHA512
e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\cb62575b-b6d7-4db9-9e00-5c0ee6c30289\UnifiedStub-installer.exe\assembly\dl3\5b289eab\ab87b93e_ff09db01\rsLogger.DLL

Filesize
183KB

MD5
54ff6dfafb1ee7d42f013834312eae41

SHA1
7f30c2ffb6c84725d90ce49ca07eb4e246f2b27b

SHA256
ef5ce90acf6eb5196b6ba4a24db00d17c83b4fbd4adfa1498b4df8ed3bf0bd0c

SHA512
271f1203ee1bacac805ab1ffa837cad3582c120cc2a1538610364d14ffb4704c7653f88a9f1cccf8d89a981caa90a866f9b95fb12ed9984a56310894e7aae2da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\cb62575b-b6d7-4db9-9e00-5c0ee6c30289\UnifiedStub-installer.exe\assembly\dl3\a087a50d\adc3b43e_ff09db01\rsAtom.DLL

Filesize
171KB

MD5
de22fe744074c51cf3cf1128fcd349cb

SHA1
f74ecb333920e8f2785e9686e1a7cce0110ab206

SHA256
469f983f68db369448aa6f81fd998e3bf19af8bec023564c2012b1fcc5c40e4b

SHA512
5d3671dab9d6d1f40a9f8d27aeea0a45563898055532f6e1b558100bed182c69e09f1dfd76574cb4ed36d7d3bb6786eff891d54245d3fab4f2ade3fe8f540e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\cb62575b-b6d7-4db9-9e00-5c0ee6c30289\UnifiedStub-installer.exe\assembly\dl3\b07fac43\ab87b93e_ff09db01\rsServiceController.DLL

Filesize
183KB

MD5
4f7ae47df297d7516157cb5ad40db383

SHA1
c95ad80d0ee6d162b6ab8926e3ac73ac5bd859a3

SHA256
e916df4415ae33f57455e3ea4166fbb8fbe99eeb93a3b9dcab9fe1def45e56ed

SHA512
4398652b53b8d8c8bac584f83d5869985d32fa123f0e976ef92f789b1f7116572a15d0bb02be3fbc80ed326cfb18eea80fec03ee20ed261e95daa4e91e61c65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\cb62575b-b6d7-4db9-9e00-5c0ee6c30289\UnifiedStub-installer.exe\assembly\dl3\dd3fb3be\ab87b93e_ff09db01\rsJSON.DLL

Filesize
221KB

MD5
e3a81be145cb1dc99bb1c1d6231359e8

SHA1
e58f83a32fe4b524694d54c5e9ace358da9c0301

SHA256
ee938d09bf75fc3c77529ccd73f750f513a75431f5c764eca39fdbbc52312437

SHA512
349802735355aac566a1b0c6c779d6e29dfd1dc0123c375a87e44153ff353c3bfc272e37277c990d0b7e24502d999804e5929ddc596b86e209e6965ffb52f33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\rsAtom.dll

Filesize
169KB

MD5
dc15f01282dc0c87b1525f8792eaf34e

SHA1
ad4fdf68a8cffedde6e81954473dcd4293553a94

SHA256
cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998

SHA512
54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\rsLogger.dll

Filesize
182KB

MD5
1cfc3fc56fe40842094c7506b165573a

SHA1
023b3b389fdfa7a9557623b2742f0f40e4784a5c

SHA256
187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2

SHA512
6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4989C418\rsStubLib.dll

Filesize
271KB

MD5
3bcbeaab001f5d111d1db20039238753

SHA1
4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8

SHA256
897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a

SHA512
de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\c5783b0b-be59-49e6-b769-15bfd38f3d85.tmp

Filesize
1.4MB

MD5
1e3b68d37ef20f1903180e95ee658a64

SHA1
6c229102eebf3c4ef7a6db076b2b92e0901754f8

SHA256
4ad1bf7de32e5f14f5413ce78e6c95313d4567c07c15f8289d9e3ad374853afd

SHA512
f44f47cc9d2c5cd70cbcfd361b77437f3bec31531189148d0652674d216eec03f11ce6b0ff6f537f7c709b3b7e42ae426969e740367540592646a412a65c09cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\d0905991-3b3f-4340-879c-e7fc0742c67f.tmp

Filesize
839KB

MD5
f50e00df362d5a597b9e7f549df2587c

SHA1
cf6aafdc3f25bcffdcabd3a5db2e40d1cf42dbc9

SHA256
1518106d36a5770684ce0cd86279e19ee601225d9222f7f555421990a130eebf

SHA512
4691ef983c58d2f027bb0a283ed0a3b11da972588c4c4ab3462fd2e4546f0df85ed1c1f56a481cd86470e3ed02ee8859f22bd04c75a47ce1fe5cb5c983e64577

Download Submit
C:\Users\Admin\AppData\Local\Temp\d485406d-2515-46e6-8080-28e3191eb6bc.tmp

Filesize
1024KB

MD5
3e671563c4d330f0e34e400c5c8e3afc

SHA1
801be61893ca319b749e2b9dc83a226eefdfbfc4

SHA256
660ba5ac85f29ad426c15d5bbba9a89d4f3d5a644b6910cdc5e00a81b8bf9d5a

SHA512
598daa7e47896a1fe283f4de1f7a33229f4ae3d3488c9e96f33d5c23ffe50619e50aa75d783aebb0beafe5cef8d495e471308b77c5c73f1d61eb49c13eece31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-203HQ.tmp\CheatEngine75.tmp

Filesize
3.1MB

MD5
349c57b17c961abbe59730d3cc5614b2

SHA1
32278b8621491e587a08f0764501b8b8314fd94c

SHA256
de28f1f10d5136dc5b30ccb73750559cca91720533717e9398ee45a44c75481b

SHA512
54d54d8b682c8cf9b06452a493e96307bfd9b8193f21e8eb5e89ad4420e1f6e066cf8bdeb70444ebcf2297520a4716ae1910124f21cab98e012f0fd19783c1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M3M3M.tmp\CheatEngine75.tmp

Filesize
3.1MB

MD5
9aa2acd4c96f8ba03bb6c3ea806d806f

SHA1
9752f38cc51314bfd6d9acb9fb773e90f8ea0e15

SHA256
1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb

SHA512
b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\AVG_BRW.png

Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\CheatEngine75.exe

Filesize
26.1MB

MD5
e0f666fe4ff537fb8587ccd215e41e5f

SHA1
d283f9b56c1e36b70a74772f7ca927708d1be76f

SHA256
f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af

SHA512
7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\RAV_Cross.png

Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\logo.png

Filesize
246KB

MD5
f3d1b8cd125a67bafe54b8f31dda1ccd

SHA1
1c6b6bf1e785ad80fc7e9131a1d7acbba88e8303

SHA256
21dfa1ff331794fcb921695134a3ba1174d03ee7f1e3d69f4b1a3581fccd2cdf

SHA512
c57d36daa20b1827b2f8f9f98c9fd4696579de0de43f9bbeef63a544561a5f50648cc69220d9e8049164df97cb4b2176963089e14d58a6369d490d8c04354401

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod0.exe

Filesize
32KB

MD5
2c5e0c1b03145e012961bab5e5706cf4

SHA1
af8b5a6f701c259531d81fa2df534cebeda85529

SHA256
35c0ee8c7b8c8b3338e2da4cd55a12ca79c12037e5b40325500e38050b139604

SHA512
112c6fd05f0981cc41a309e2255681d00c10f00f48b58094c368133dcfd90774dc43b6bdc14f88d47f3fb6e72bd96add7516a2dc56f0510304016cea49524d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1.zip

Filesize
515KB

MD5
f68008b70822bd28c82d13a289deb418

SHA1
06abbe109ba6dfd4153d76cd65bfffae129c41d8

SHA256
cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589

SHA512
fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\installer.exe

Filesize
24.4MB

MD5
4a547fd0a6622b640dad0d83ca63bd37

SHA1
6dd7b59010cc73581952bd5f1924dca3d6e7bea5

SHA256
a5be5403eb217883643adba57c83b7c4b0db34faf503cc1167b2c73ce54919d5

SHA512
dd1c6d7410d9fca5ce3d0be0eb90b87a811c7f07cba93e2c5d6855c692caec63feec6b8385e79baa4f503cac955e5331fac99936aa1668c127f3fc1ffccb3b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod1_extract\saBSI.exe

Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod2.zip

Filesize
5.7MB

MD5
6406abc4ee622f73e9e6cb618190af02

SHA1
2aa23362907ba1c48eca7f1a372c2933edbb7fa1

SHA256
fd83d239b00a44698959145449ebfcb8c52687327deac04455e77a710a3dfe1b

SHA512
dd8e43f8a8f6c6e491179240bdfefdf30002f3f2900b1a319b4251dfa9ca7b7f87ddf170ba868ab520f94de9cc7d1854e3bcfd439cad1e8b4223c7ee06d649f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\prod2_extract\avg_secure_browser_setup.exe

Filesize
5.8MB

MD5
591059d6711881a4b12ad5f74d5781bf

SHA1
33362f43eaf8ad42fd6041d9b08091877fd2efba

SHA256
99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65

SHA512
6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UC2KN.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
b83f5833e96c2eb13f14dcca805d51a1

SHA1
9976b0a6ef3dabeab064b188d77d870dcdaf086d

SHA256
00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401

SHA512
8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
9750ea6c750629d2ca971ab1c074dc9d

SHA1
7df3d1615bec8f5da86a548f45f139739bde286b

SHA256
cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c

SHA512
2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\CR.History.tmp

Filesize
124KB

MD5
41acc156e0236e04726bc5bec8a18817

SHA1
879fb3dd5fb8b87a91dc315bc7f84e2a45871c62

SHA256
3cb749399e87ccfef0869cbb2a7043dea94923d9edc3dba8fd8ab2e6c2ae2628

SHA512
a45a67a6d8dc5121c8173453616faa9065ae45263b9ee207a21bbd013a500ad8147e054d217b9defe202db6608b3d1a7ad053e24e2f902f81403a3f1876a45d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\CR.History.tmp

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\FF.places.tmp

Filesize
5.0MB

MD5
c822ad3a46e58afab84d23614a08e0bc

SHA1
196f257903ccefa439dc673690c6910356bd1d81

SHA256
a8dc0fe0bcf7f1553cf0f530f88b38f033b914170d71df05f84093498d82d438

SHA512
bc5da3bac510289c47d7c835ae6dd50fe96f64e1f522ac930be451cd9e47c5d395b5ff463f9b4aee33b98785f1bd4eec6a0d321962ecbc60e2eb5a0d66c735d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
bd94620c8a3496f0922d7a443c750047

SHA1
23c4cb2b4d5f5256e76e54969e7e352263abf057

SHA256
c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644

SHA512
954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\Midex.dll

Filesize
126KB

MD5
581c4a0b8de60868b89074fe94eb27b9

SHA1
70b8bdfddb08164f9d52033305d535b7db2599f6

SHA256
b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd

SHA512
94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\StdUtils.dll

Filesize
195KB

MD5
7602b88d488e54b717a7086605cd6d8d

SHA1
c01200d911e744bdffa7f31b3c23068971494485

SHA256
2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11

SHA512
a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\jsis.dll

Filesize
127KB

MD5
4b27df9758c01833e92c51c24ce9e1d5

SHA1
c3e227564de6808e542d2a91bbc70653cf88d040

SHA256
d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb

SHA512
666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\nsJSON.dll

Filesize
36KB

MD5
ddb56a646aea54615b29ce7df8cd31b8

SHA1
0ea1a1528faafd930ddceb226d9deaf4fa53c8b2

SHA256
07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069

SHA512
5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7646.tmp\thirdparty.dll

Filesize
93KB

MD5
070335e8e52a288bdb45db1c840d446b

SHA1
9db1be3d0ab572c5e969fea8d38a217b4d23cab2

SHA256
c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc

SHA512
6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pekofz0l.exe

Filesize
2.4MB

MD5
5d39f5c664d93057ef90aec50019c0b4

SHA1
1807443de70f4c0589fe412f6760efb0626384fe

SHA256
0f22b49a65357927651780d9efb63394bcd2d84e7c2f89d90917ae3fdbd40465

SHA512
1c598afe1ea275851dcf3a080bdef4c99ebd41264a052bedd397958f118f54ff32f6c845843dd55447dcca8dfd701c67e11ec92916cd21ec8df7b815d0d283ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2712_1712220208\4d3c89a5-dc86-4b40-b20a-da0c6ef02910.tmp

Filesize
1.3MB

MD5
06d466a1cde4306356506b35153c5ebd

SHA1
c43850528e8150e1f0e253653d2f0155d00585fd

SHA256
6b1205e9b435c6241ab9c244b1dc3c309c1d82211268501e71e43c4425fbf590

SHA512
5d79ae61fea7097ddf4b5f2c639ddd1ebdffb7d0e69b74aac47e166afbe94e88e3a4dbd1cf34d55c6c8b0fcba3c30b676c8460b120470c17278caf22896b0b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2712_1712220208\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
7KB

MD5
b8645df606dd756306208ec441e9c0dd

SHA1
8ebd4f5103dc792b6a563768d1c3d6e3b4729c54

SHA256
6dde990f4e64d1ecbde90db9d3939f33b3b5c3d1b89704dbb8ec84df8f046de2

SHA512
25b256e3ae975c4928d1ab696e821a4be3d5534090902573136f9cb9e3c8005e77e159918d418eb6d6a2c6c7156564d7e7846fb4ab923494ff0d2b0df1304011

Download Submit
C:\Users\Admin\Downloads\c34529cb-5d05-4c74-88a0-a1fd95fb8170.tmp

Filesize
28.6MB

MD5
e703b8ac5b3601deebbf05843c9a4e97

SHA1
ab154e32099776e432b4d2c31366985f27950cf1

SHA256
fe6c0d8f90c9c74f2986fe169342e0a5319a3b1ffcf711b513f33db7e28e863a

SHA512
8280af1c2455b37c13de60f1d4a4ab26fe7d03bed7f874b074afb4ae365f2380aa71525e7e649e924347c38efd601dd3a6b7924f56aa6c09932f24b5c2f03c65

Download Submit
C:\Windows\Temp\Tmp6EA0.tmp

Filesize
6.4MB

MD5
f40c5626532c77b9b4a6bb384db48bbe

SHA1
d3124b356f6495288fc7ff1785b1932636ba92d3

SHA256
e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f

SHA512
8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

Download Submit
C:\Windows\Temp\Tmp7E87.tmp

Filesize
25KB

MD5
7100b585987b70e4f85686e78c52f283

SHA1
dbc2358993f73a97897815a8524804fb692c6165

SHA256
937dcaf57370af649133e5f48aafed6e25345c93d599a981aca520ce6da8c1c0

SHA512
739a2190659fe679721d5d4f8d6c0913b1bb54d44c67b6620b52d49b3d42c692d80a0c5358bfa480eb348f6d2b36125cd2d9563eff3ec49f17008ede671c688f

Download Submit
C:\Windows\Temp\Tmp804E.tmp

Filesize
26KB

MD5
c36eb8336b91d277dfa8575eb00d6364

SHA1
9ec81b49e7675548449e010950bc50bff7cbc960

SHA256
4336e05960fee8c775b343209911f14acbfdde1e8d5aa9d1f0ea680fb4407307

SHA512
0abe6e367d1c934fec8a89617b5fbfea5ab7f8e557ada7a667aedb495f637c8782a2f4723c2d68b9edae4f426deb5bbc0536f643fc65ecc2cd33295078474394

Download Submit
C:\Windows\Temp\Tmp8234.tmp

Filesize
26KB

MD5
0f3432346a273777b5f4d2e6a3bca343

SHA1
f1042c066712444f12300f03892d4437c1cca00a

SHA256
4853d61601a860c628771993f3a57b5ab842c88d696235febfaa3cd890ebcd1e

SHA512
50f769a888cd9c732d334818549a66a2894d18756e1a142b1c7593224a1bb310e59c611b6a9e12f5f4e76444f0db0c54cf61d0d660740107300a2f245c680a49

Download Submit
memory/756-5953-0x00000227D49A0000-0x00000227D4B1C000-memory.dmp

Filesize
1.5MB

Download
memory/756-5954-0x00000227D42E0000-0x00000227D42FA000-memory.dmp

Filesize
104KB

Download
memory/756-5955-0x00000227D4330000-0x00000227D4352000-memory.dmp

Filesize
136KB

Download
memory/756-5952-0x00000227D4630000-0x00000227D4996000-memory.dmp

Filesize
3.4MB

Download
memory/1476-6205-0x000002775BD20000-0x000002775BD2A000-memory.dmp

Filesize
40KB

Download
memory/1476-6204-0x000002775BCF0000-0x000002775BD06000-memory.dmp

Filesize
88KB

Download
memory/1476-6201-0x000002775BC10000-0x000002775BC6E000-memory.dmp

Filesize
376KB

Download
memory/1476-6198-0x000002775BEA0000-0x000002775C190000-memory.dmp

Filesize
2.9MB

Download
memory/1476-6150-0x000002775B7F0000-0x000002775B8A2000-memory.dmp

Filesize
712KB

Download
memory/1476-6208-0x000002775C280000-0x000002775C28A000-memory.dmp

Filesize
40KB

Download
memory/1476-6149-0x0000027742DB0000-0x0000027742DDE000-memory.dmp

Filesize
184KB

Download
memory/1476-6207-0x000002775C270000-0x000002775C278000-memory.dmp

Filesize
32KB

Download
memory/2288-6202-0x00000160C1820000-0x00000160C184A000-memory.dmp

Filesize
168KB

Download
memory/2288-5989-0x00000160C0F80000-0x00000160C1008000-memory.dmp

Filesize
544KB

Download
memory/2288-6146-0x00000160C16E0000-0x00000160C173E000-memory.dmp

Filesize
376KB

Download
memory/2288-6147-0x00000160C1B70000-0x00000160C1ED9000-memory.dmp

Filesize
3.4MB

Download
memory/2288-6148-0x00000160C1680000-0x00000160C16CF000-memory.dmp

Filesize
316KB

Download
memory/2288-6118-0x00000160C18C0000-0x00000160C1B68000-memory.dmp

Filesize
2.7MB

Download
memory/2288-6584-0x00000160C4560000-0x00000160C4584000-memory.dmp

Filesize
144KB

Download
memory/2288-6151-0x00000160C2170000-0x00000160C23F6000-memory.dmp

Filesize
2.5MB

Download
memory/2288-6582-0x00000160C1F80000-0x00000160C1F88000-memory.dmp

Filesize
32KB

Download
memory/2288-6186-0x00000160C17B0000-0x00000160C1816000-memory.dmp

Filesize
408KB

Download
memory/2288-6192-0x00000160C1860000-0x00000160C189A000-memory.dmp

Filesize
232KB

Download
memory/2288-6193-0x00000160C0DB0000-0x00000160C0DD6000-memory.dmp

Filesize
152KB

Download
memory/2288-6117-0x00000160C15B0000-0x00000160C15D6000-memory.dmp

Filesize
152KB

Download
memory/2288-6199-0x00000160C1FE0000-0x00000160C2092000-memory.dmp

Filesize
712KB

Download
memory/2288-6200-0x00000160C1F20000-0x00000160C1F54000-memory.dmp

Filesize
208KB

Download
memory/2288-6115-0x00000160C1090000-0x00000160C10B4000-memory.dmp

Filesize
144KB

Download
memory/2288-6497-0x00000160C4460000-0x00000160C4488000-memory.dmp

Filesize
160KB

Download
memory/2288-6203-0x00000160C20A0000-0x00000160C2106000-memory.dmp

Filesize
408KB

Download
memory/2288-6114-0x00000160C0F40000-0x00000160C0F68000-memory.dmp

Filesize
160KB

Download
memory/2288-6068-0x00000160C0EC0000-0x00000160C0EEE000-memory.dmp

Filesize
184KB

Download
memory/2288-6206-0x00000160C3BA0000-0x00000160C4144000-memory.dmp

Filesize
5.6MB

Download
memory/2288-5992-0x00000160C0F00000-0x00000160C0F32000-memory.dmp

Filesize
200KB

Download
memory/2288-5991-0x00000160C1010000-0x00000160C1088000-memory.dmp

Filesize
480KB

Download
memory/2288-6211-0x00000160C2110000-0x00000160C2152000-memory.dmp

Filesize
264KB

Download
memory/2288-6212-0x00000160C4150000-0x00000160C43D0000-memory.dmp

Filesize
2.5MB

Download
memory/2288-6235-0x00000160C1FA0000-0x00000160C1FD2000-memory.dmp

Filesize
200KB

Download
memory/2288-6236-0x00000160C1850000-0x00000160C1858000-memory.dmp

Filesize
32KB

Download
memory/2288-6237-0x00000160C2540000-0x00000160C2566000-memory.dmp

Filesize
152KB

Download
memory/2288-6238-0x00000160C2570000-0x00000160C2598000-memory.dmp

Filesize
160KB

Download
memory/2288-6239-0x00000160C3860000-0x00000160C3892000-memory.dmp

Filesize
200KB

Download
memory/2288-5990-0x00000160C0E40000-0x00000160C0E6A000-memory.dmp

Filesize
168KB

Download
memory/2288-6145-0x00000160C1650000-0x00000160C1680000-memory.dmp

Filesize
192KB

Download
memory/2288-5988-0x00000160C0E80000-0x00000160C0EB8000-memory.dmp

Filesize
224KB

Download
memory/2288-6493-0x00000160C4430000-0x00000160C4458000-memory.dmp

Filesize
160KB

Download
memory/2288-6488-0x00000160C4CA0000-0x00000160C4CF4000-memory.dmp

Filesize
336KB

Download
memory/2288-6483-0x00000160C4730000-0x00000160C4830000-memory.dmp

Filesize
1024KB

Download
memory/2288-6269-0x00000160C38D0000-0x00000160C38FC000-memory.dmp

Filesize
176KB

Download
memory/2288-6419-0x00000160C3B60000-0x00000160C3B8A000-memory.dmp

Filesize
168KB

Download
memory/2288-6319-0x00000160C3970000-0x00000160C39D8000-memory.dmp

Filesize
416KB

Download
memory/2288-6322-0x00000160C3A60000-0x00000160C3AE0000-memory.dmp

Filesize
512KB

Download
memory/2288-6330-0x00000160C3AE0000-0x00000160C3B56000-memory.dmp

Filesize
472KB

Download
memory/2288-6350-0x00000160C43D0000-0x00000160C4424000-memory.dmp

Filesize
336KB

Download
memory/2288-6352-0x00000160C3900000-0x00000160C392A000-memory.dmp

Filesize
168KB

Download
memory/2288-6357-0x00000160C3930000-0x00000160C3964000-memory.dmp

Filesize
208KB

Download
memory/2288-6363-0x00000160C3A30000-0x00000160C3A5C000-memory.dmp

Filesize
176KB

Download
memory/2288-6379-0x00000160C45B0000-0x00000160C4726000-memory.dmp

Filesize
1.5MB

Download
memory/4320-8273-0x00000225D9D90000-0x00000225D9DBE000-memory.dmp

Filesize
184KB

Download
memory/4320-769-0x00000225DA500000-0x00000225DA5B2000-memory.dmp

Filesize
712KB

Download
memory/4320-795-0x00000225DA4B0000-0x00000225DA4DE000-memory.dmp

Filesize
184KB

Download
memory/4320-8255-0x00000225D9CB0000-0x00000225D9CDA000-memory.dmp

Filesize
168KB

Download
memory/4320-839-0x00000225DA820000-0x00000225DA878000-memory.dmp

Filesize
352KB

Download
memory/4320-4130-0x00000225DAA30000-0x00000225DAA80000-memory.dmp

Filesize
320KB

Download
memory/4320-766-0x00000225C0290000-0x00000225C02C0000-memory.dmp

Filesize
192KB

Download
memory/4320-4161-0x00000225DAC20000-0x00000225DAC78000-memory.dmp

Filesize
352KB

Download
memory/4320-8251-0x00000225D9C00000-0x00000225D9C30000-memory.dmp

Filesize
192KB

Download
memory/4320-759-0x00000225BFD80000-0x00000225BFE8C000-memory.dmp

Filesize
1.0MB

Download
memory/4320-770-0x00000225C0310000-0x00000225C0332000-memory.dmp

Filesize
136KB

Download
memory/4320-5839-0x00000225DAC80000-0x00000225DACBA000-memory.dmp

Filesize
232KB

Download
memory/4320-5850-0x00000225DAB80000-0x00000225DABB0000-memory.dmp

Filesize
192KB

Download
memory/4320-5862-0x00000225DAD00000-0x00000225DAD2E000-memory.dmp

Filesize
184KB

Download
memory/4320-6905-0x00000225D9B20000-0x00000225D9B6E000-memory.dmp

Filesize
312KB

Download
memory/4320-8244-0x00000225D9C00000-0x00000225D9C38000-memory.dmp

Filesize
224KB

Download
memory/4320-5891-0x00000225DADE0000-0x00000225DAE10000-memory.dmp

Filesize
192KB

Download
memory/4320-761-0x00000225DA2E0000-0x00000225DA326000-memory.dmp

Filesize
280KB

Download
memory/5836-1116-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1629-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1040-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1041-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1039-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1038-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1037-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1050-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1055-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1061-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1064-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1085-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1088-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1084-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1119-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1126-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1450-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1456-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1520-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1451-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1452-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1453-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1454-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1455-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1517-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1518-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1519-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1521-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1522-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1598-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1605-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1529-0x00007FF6ACBD0000-0x00007FF6ACBE0000-memory.dmp

Filesize
64KB

Download
memory/5836-1543-0x00007FF6E31F0000-0x00007FF6E3200000-memory.dmp

Filesize
64KB

Download
memory/5836-1546-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1548-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1550-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1557-0x00007FF67EDE0000-0x00007FF67EDF0000-memory.dmp

Filesize
64KB

Download
memory/5836-1593-0x00007FF6E31F0000-0x00007FF6E3200000-memory.dmp

Filesize
64KB

Download
memory/5836-1602-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1614-0x00007FF6B7700000-0x00007FF6B7710000-memory.dmp

Filesize
64KB

Download
memory/5836-1532-0x00007FF68CE30000-0x00007FF68CE40000-memory.dmp

Filesize
64KB

Download
memory/5836-1523-0x00007FF6E3100000-0x00007FF6E3110000-memory.dmp

Filesize
64KB

Download
memory/5836-1640-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1643-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1646-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1647-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1649-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1659-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1663-0x00007FF691E60000-0x00007FF691E70000-memory.dmp

Filesize
64KB

Download
memory/5836-1671-0x00007FF6673D0000-0x00007FF6673E0000-memory.dmp

Filesize
64KB

Download
memory/5836-1693-0x00007FF6673D0000-0x00007FF6673E0000-memory.dmp

Filesize
64KB

Download
memory/5836-1661-0x00007FF6BBE10000-0x00007FF6BBE20000-memory.dmp

Filesize
64KB

Download
memory/5836-1533-0x00007FF69DAA0000-0x00007FF69DAB0000-memory.dmp

Filesize
64KB

Download
memory/5932-5984-0x000002795F260000-0x000002795F4B8000-memory.dmp

Filesize
2.3MB

Download
memory/5932-5970-0x00000279466E0000-0x0000027946724000-memory.dmp

Filesize
272KB

Download
memory/5932-5959-0x0000027944D10000-0x0000027944D38000-memory.dmp

Filesize
160KB

Download
memory/5932-5958-0x0000027944D40000-0x0000027944D9A000-memory.dmp

Filesize
360KB

Download
memory/5932-5957-0x00000279448B0000-0x00000279448FA000-memory.dmp

Filesize
296KB

Download
memory/5932-5960-0x00000279448B0000-0x00000279448FA000-memory.dmp

Filesize
296KB

Download
memory/6200-633-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/6484-514-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/6484-467-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/6524-618-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/6524-508-0x0000000004C90000-0x0000000004DD0000-memory.dmp

Filesize
1.2MB

Download
memory/6524-504-0x0000000004C90000-0x0000000004DD0000-memory.dmp

Filesize
1.2MB

Download
memory/6524-500-0x0000000004C90000-0x0000000004DD0000-memory.dmp

Filesize
1.2MB

Download
memory/6524-496-0x0000000004C90000-0x0000000004DD0000-memory.dmp

Filesize
1.2MB

Download
memory/6860-529-0x0000026F887D0000-0x0000026F887D8000-memory.dmp

Filesize
32KB

Download
memory/6860-530-0x0000026FA3210000-0x0000026FA3738000-memory.dmp

Filesize
5.2MB

Download
memory/8860-6116-0x00000237E3640000-0x00000237E3800000-memory.dmp

Filesize
1.8MB

Download
memory/8860-6119-0x00000237C8FD0000-0x00000237C8FFA000-memory.dmp

Filesize
168KB

Download
memory/8860-6113-0x00000237C8FD0000-0x00000237C8FFA000-memory.dmp

Filesize
168KB

Download
memory/9792-6572-0x0000024966430000-0x000002496645C000-memory.dmp

Filesize
176KB

Download
memory/9792-6576-0x000002497EDD0000-0x000002497EDF8000-memory.dmp

Filesize
160KB

Download
memory/9792-6579-0x000002497EF40000-0x000002497EFC4000-memory.dmp

Filesize
528KB

Download
memory/9792-6501-0x0000024964820000-0x0000024964846000-memory.dmp

Filesize
152KB

Download
memory/9936-8282-0x000001DD70C00000-0x000001DD70C3A000-memory.dmp

Filesize
232KB

Download
memory/10156-5931-0x000001F4E9100000-0x000001F4E9112000-memory.dmp

Filesize
72KB

Download
memory/10156-5932-0x000001F4EAA40000-0x000001F4EAA7C000-memory.dmp

Filesize
240KB

Download
memory/10156-5918-0x000001F4E8CE0000-0x000001F4E8D0E000-memory.dmp

Filesize
184KB

Download
memory/10156-5917-0x000001F4E8CE0000-0x000001F4E8D0E000-memory.dmp

Filesize
184KB

Download