hxxps://cdn[.]discordapp[.]com/attachments/1281438398942543934/1288494219308175462/utweb_installer[.]exe?ex=66f56340&is=66f411c0&hm=f5cfba05cb34aff8c2e7580d4fc272e50f92b4f20065dd113ad7e9ba98c35a75&

Analysis

max time kernel
82s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1281438398942543934/1288494219308175462/utweb_installer.exe?ex=66f56340&is=66f411c0&hm=f5cfba05cb34aff8c2e7580d4fc272e50f92b4f20065dd113ad7e9ba98c35a75&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	utweb_installer.tmp

Executes dropped EXE 6 IoCs

pid	Process
3484	utweb_installer.exe
3312	utweb_installer.tmp
2804	utweb_installer.exe
2104	component0.exe
4084	saBSI.exe
3336	avg_secure_browser_setup.exe

Loads dropped DLL 10 IoCs

pid	Process
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
2804	utweb_installer.exe

Checks for any installed AV software in registry 1 TTPs 3 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
6052	3312	WerFault.exe	98
5268	3312	WerFault.exe	98

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	utweb_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	saBSI.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5168	AVGBrowserUpdate.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	utweb_installer.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	utweb_installer.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717449921540696"	chrome.exe

Modifies registry class 39 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\Torrent File = "0"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\ = "BTWKey File"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type = "application/x-magnet"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\ = "open"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe,0"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\ = "Magnet URI"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\ = "open"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\open	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\shell\open	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent Web\\utweb.exe \"%1\" /SHELLASSOC"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell\ = "open"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\Content Type\ = "application/x-magnet"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\ = "Torrent File"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\ = "BTWKey File"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids	utweb_installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.btwkey\OpenWithProgids\BTWKey File = "0"	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\URL Protocol	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon	utweb_installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "Torrent File"	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Torrent File\shell\open	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\shell	utweb_installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BTWKey File\DefaultIcon	utweb_installer.exe

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	35	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	40	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	41	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	43	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
2804	utweb_installer.exe
2804	utweb_installer.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe
4084	saBSI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
3312	utweb_installer.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2820	1772	chrome.exe	82
PID 1772 wrote to memory of 2820	1772	chrome.exe	82
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3784	1772	chrome.exe	84
PID 1772 wrote to memory of 3260	1772	chrome.exe	85
PID 1772 wrote to memory of 3260	1772	chrome.exe	85
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86
PID 1772 wrote to memory of 1016	1772	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1281438398942543934/1288494219308175462/utweb_installer.exe?ex=66f56340&is=66f411c0&hm=f5cfba05cb34aff8c2e7580d4fc272e50f92b4f20065dd113ad7e9ba98c35a75&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd99e7cc40,0x7ffd99e7cc4c,0x7ffd99e7cc58
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5004,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5020,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,10184774878347586185,802267121892976612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1512
- C:\Users\Admin\Downloads\utweb_installer.exe
  "C:\Users\Admin\Downloads\utweb_installer.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\is-28J3C.tmp\utweb_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-28J3C.tmp\utweb_installer.tmp" /SL5="$A0092,866470,820736,C:\Users\Admin\Downloads\utweb_installer.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\utweb_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\utweb_installer.exe" /S
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component0.exe
      "C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component0.exe" -ip:"dui=acd03e19-89e2-40d7-b0f4-25b8a05635ee&dit=20240925133639&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100&b=&se=true" -vp:"dui=acd03e19-89e2-40d7-b0f4-25b8a05635ee&dit=20240925133639&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100&oip=26&ptl=7&dta=true" -dp:"dui=acd03e19-89e2-40d7-b0f4-25b8a05635ee&dit=20240925133639&oc=ZB_RAV_Cross_Tri_NCB&p=7501&a=100" -i -v -d -se=true
      4⤵
      Executes dropped EXE
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\oi0fh1ts.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oi0fh1ts.exe" /silent
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\UnifiedStub-installer.exe
        
        .\UnifiedStub-installer.exe /silent
        6⤵
        
        PID:1584
        
        C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
        
        "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
        7⤵
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\saBSI.exe
      "C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        5⤵
        
        PID:6056
      - C:\Program Files\McAfee\Temp2516462383\installer.exe
        
        "C:\Program Files\McAfee\Temp2516462383\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        6⤵
        
        PID:5196
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        7⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        8⤵
        
        PID:6148
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
        7⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component2_extract\avg_secure_browser_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component2_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6dENx5ijqAXGSHYBtdONjw2JloB0NI7CLakDF8mMFNvGAxNmlYbIZZVmEEgkzmi3BLT9CXKaMmx /make-default
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\AVGBrowserUpdateSetup.exe
        
        AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
        5⤵
        
        PID:5368
      - C:\Program Files (x86)\GUM84EA.tmp\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\GUM84EA.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome"
        6⤵
        
        PID:6020
        
        C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
        7⤵
        
        PID:5744
        
        C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
        7⤵
        
        PID:1160
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        8⤵
        
        PID:5332
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        8⤵
        
        PID:5384
        
        C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
        8⤵
        
        PID:5476
        
        C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0RGNzg5RjYzLTFDMDQtNEU5MS04MjhGLUI1Q0I3RDc0QzY2NH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2RUEyQUJFMS03Q0UzLTQwRDMtQkY5RC0wOTQyNkM4NDk1MzZ9IiB1c2VyaWRfZGF0ZT0iMjAyNDA5MjUiIG1hY2hpbmVpZD0iezAwMDBDQkM0LUFBNTMtOTMyRC1GNjQ2LTgzNTZEQzZDRUMyNH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDkyNSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins3ODU1NTVEMi0wMkQyLTRBMjYtQkIyMi1BMzQ5MEUzNjQzRDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTI2NCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzc2NSIvPjwvYXBwPjwvcmVxdWVzdD4
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5168
        
        C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9264&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{DF789F63-1C04-4E91-828F-B5CB7D74C664}" /silent
        7⤵
        
        PID:1248
  - - C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUP
      4⤵
      PID:3456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5871&firstrun=1&localauth=localapi1c06a14f792f8878:
        5⤵
        
        PID:5844
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd7bb146f8,0x7ffd7bb14708,0x7ffd7bb14718
        6⤵
        
        PID:6044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
        6⤵
        
        PID:5700
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
        6⤵
        
        PID:5760
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
        6⤵
        
        PID:5916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        6⤵
        
        PID:5616
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        6⤵
        
        PID:5628
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        6⤵
        
        PID:7536
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
        6⤵
        
        PID:7544
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
        6⤵
        
        PID:6104
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
        6⤵
        
        PID:7988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
        6⤵
        
        PID:8016
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
        6⤵
        
        PID:8024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
        6⤵
        
        PID:5304
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,4325604612904855850,8704615538149769579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Roaming\uTorrent Web\helper\helper.exe
        
        helper/helper.exe 50988 -- ut_web/1.4.0.5871 hval/930ad44b437bef11bb4fd2eb330f3545
        5⤵
        
        PID:7072
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 1816
      4⤵
      Program crash
      PID:6052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 1816
      4⤵
      Program crash
      PID:5268

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2708

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3312 -ip 3312
1⤵
PID:3184

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
PID:6132
- C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\AVGBrowserInstaller.exe
  "C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
  2⤵
  PID:4372
- - C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\CR_6F432.tmp\setup.exe
    "C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\CR_6F432.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\CR_6F432.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --import-cookies --auto-launch-chrome --system-level
    3⤵
    PID:7508
  - - C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\CR_6F432.tmp\setup.exe
      "C:\Program Files (x86)\AVG\Browser\Update\Install\{00F81564-D3D9-4ECD-BA59-D9089F465530}\CR_6F432.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=128.0.26382.138 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff7b7f654d0,0x7ff7b7f654dc,0x7ff7b7f654e8
      4⤵
      PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3312 -ip 3312
1⤵
PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:64

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:6724
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7380
- C:\Program Files\McAfee\WebAdvisor\updater.exe
  "C:\Program Files\McAfee\WebAdvisor\updater.exe"
  2⤵
  PID:5264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
    3⤵
    PID:7048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
    3⤵
    PID:5012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:6916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll

Filesize
506KB

MD5
c6a2bff8e96b5622bf6841a671f4e564

SHA1
fb638e9c72604cc1b160385fa803b0ea028e5d5e

SHA256
7a7a12e9c0dee713700081b9354647972a0f3505596df34e4c68aaba99046992

SHA512
22a99f860055388e34a056af5d5e35f2e33a9294784795aca52fd42685d75aebb523add836c5e4b9b2f68fe00348d11ee56cc10208fcc662b86a6169664f934f

Download Submit
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe

Filesize
204KB

MD5
cbcdf56c8a2788ed761ad3178e2d6e9c

SHA1
bdee21667760bc0df3046d6073a05d779fdc82cb

SHA256
e9265a40e5ee5302e8e225ea39a67d452eaac20370f8b2828340ba079abbbfd3

SHA512
5f68e7dffdd3424e0eb2e5cd3d05f8b6ba497aab9408702505341b2c89f265ebb4f9177611d51b9a56629a564431421f3ecb8b25eb08fb2c54dfeddecb9e9f2e

Download Submit
C:\Program Files (x86)\GUM84EA.tmp\@PaxHeader

Filesize
28B

MD5
a46796cd36cbb860b56a4d5908a39d8e

SHA1
5fe35cc3ddc0b1926181985059c1bd98236abced

SHA256
4327f54c33ec21c71710fcd7636e9f1a847abbd22bd672d17e886c7822c60590

SHA512
4273715bfac87eab99cb8982d9964053cf99082944b194b72e9578e7cb0ea7b3bae87dc7da6ef15067a8761a9bd8e1ba9d7706491a5ed154596df53baeba6ad7

Download Submit
C:\Program Files (x86)\GUM84EA.tmp\@PaxHeader

Filesize
27B

MD5
fc8ee03b2a65f381e4245432d5fef60e

SHA1
d2b7d9be66c75ccf24fcb45a6d0dacedd8b6dd6f

SHA256
751a04263c2ebb889fdcd11045d6f3602690318ebaaa54f66e1332d76dde9ef4

SHA512
0837f2b22c9629990165c5e070e710a69ad4951b7fcfe28bd52354c4b8a7246672497b8aaf521a8773c7ec2a4249fc4318330948ab0d8db8c6c74da57b32f1c4

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
73KB

MD5
bd4e67c9b81a9b805890c6e8537b9118

SHA1
f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27

SHA256
916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8

SHA512
92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

Filesize
339KB

MD5
030ec41ba701ad46d99072c77866b287

SHA1
37bc437f07aa507572b738edc1e0c16a51e36747

SHA256
d5a78100ebbcd482b5be987eaa572b448015fb644287d25206a07da28eae58f8

SHA512
075417d0845eb54a559bd2dfd8c454a285f430c78822ebe945b38c8d363bc4ccced2c276c8a5dec47f58bb6065b2eac627131a7c60f5ded6e780a2f53d7d4bde

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll

Filesize
1.1MB

MD5
e0f93d92ed9b38cab0e69bdbd067ea08

SHA1
065522092674a8192d33dac78578299e38fce206

SHA256
73ad69efeddd3f1e888102487a4e2dc1696ca222954a760297d45571f8d10d31

SHA512
eb8e3e8069ff847b9e8108ad1e9f7bd50aca541fc135fdd2ad440520439e5c856e8d413ea3ad8ba45dc6497ba20d8f881ed83a6b02d438f5d3940e5f47c4725c

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

Filesize
348KB

MD5
41dd1b11942d8ba506cb0d684eb1c87b

SHA1
4913ed2f899c8c20964fb72d5b5d677e666f6c32

SHA256
bd72594711749a9e4f62baabfadfda5a434f7f38d199da6cc13ba774965f26f1

SHA512
3bb1a1362da1153184c7018cb17a24a58dab62b85a8453371625ce995a44f40b65c82523ef14c2198320220f36aafdade95c70eecf033dd095c3eada9dee5c34

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

Filesize
2.2MB

MD5
508e66e07e31905a64632a79c3cab783

SHA1
ad74dd749a2812b9057285ded1475a75219246fa

SHA256
3b156754e1717c8af7fe4c803bc65611c63e1793e4ca6c2f4092750cc406f8e9

SHA512
2976096580c714fb2eb7d35c9a331d03d86296aa4eb895d83b1d2f812adff28f476a32fca82c429edc8bf4bea9af3f3a305866f5a1ab3bbb4322edb73f9c8888

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
cd7d7576bd70daa68a5249eeb9992d28

SHA1
be2e78d405f50d4872ea60a73ad8bbf1c300a6f0

SHA256
45d65bb4e5d30848898d5e4fd4f1be0512bd4a7708f20d738570c77b10f5c25d

SHA512
ef88b63f5b1c3b928d2569423109c71657036cafe35fa1f02ed1d09f2b4a584621853dc50abcb7aaff2b6fe2c4716297ed9d381b8a9cac216c74b1d98c518658

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
46ab00a26cd47342d3935c3e138f27d0

SHA1
81f5f2bd1610915ce0d0860e14343f5852f5f439

SHA256
19f64c8570bd594b98496fd3d1dfdf9c5320c2b8c35f560079664d0d5ae4fcc6

SHA512
3baf322e116f37b90e0089e5f2c8d03a40c8c39ceddbbfd276474d06e13cff42378e7675bb4c4cb97825e566ff6d5daf5c144dc7f5cd1a145b49988e75675dcc

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
5e3df22b3ade478cbb5451b76fd1772f

SHA1
39626c83a31beb6230f856a76dbdfc37344c28c4

SHA256
557174e964f8edb7e818fa8ba2191dfe23aa6d6de748ada62098d63953110065

SHA512
8423e02a343da2baa9a14a419a1e0a3e310b677a900dd4963646889dba7f6c6ce8c8aee6e9e958ceb0a7aa4572193dc845b9501d3f4758b6d1dce41c33ce664b

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
960cc19362ab1f550d6a0f0c73d1b692

SHA1
52b1efff853516ee32123323484e959ea0d964f6

SHA256
6c4907c5ea49fd96ef259d3175ee6d24fd16f1ffcc23e5ff71fb3b6c8a0be663

SHA512
ebb7dc4554836f2ffc43d5f635b3f2b8f603b2f3ba2c5e7948ab464134b1a89c3f669cee2e342eff906872278581c57aabf41b1182362827a98bf1740569c8fe

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
2KB

MD5
fb870b96e44fe1fb79617a8e02ba1535

SHA1
a2018ea2b9f98c1b88b74a2dbb78fa9d0cb5f9d5

SHA256
72c1872917f30279a274adc9faff512c1e07eef22cac7c69b8a3852db2a28a07

SHA512
f5415940f290e351a74664f0c468f86dc887846f02775c265103fb9e5ca2b6744a652a950adce6393687f267e6f3c4185f17eb601ebba2f30e473424c562f671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c343be321a47ad5bd085c92186c99f95

SHA1
1ecbd455ba2567aa19d07d1a9b87437cf0979493

SHA256
fd88549edac22b92d8e5c1fa645577a912b20eb4e7a66d4062ee47a5daa2a753

SHA512
ffd1fc3eb1da9cb5f56221f1ad3b11b5680be0ebe5c41ef258169a804f94a9f6ac303263a2b61a7294f0a06b313b5fc240869098d45915c3a0afa1bdc32cec59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
1d69d7d364777dceef55b2e377869b9d

SHA1
882fdfaaa6734467e1f4ddd507a7c7a38bf56724

SHA256
4b68d4a145011157c9d6739d1498b1f3b70c57c352d04d92f4b4afafeb514b29

SHA512
90d6d0038211d5f4405daf2adf15a7d365e909b60a643cf8d83e4b1186439a41e6a9710e7c397b426349d23c3fc86ff09a412d88cb566c1f5c449ee53fc63bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aff2b323baba704d45835a2cb7d9c279

SHA1
c1b5dc321606e6ff5330aa3801113ab7de4ecc70

SHA256
9487ecc24ebf570702b73bad0508914821423493dbeb38192e6c135492fbbac7

SHA512
e7fbd8ac20e4ca2e01a75b2952268aac267493731f972da4b807607ce880e4de6e22890d8541ea58555f00d35224b43585d0e15cf1829c4259ad5180f241d9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef45a5136d19ccf868a79d9c676feff9

SHA1
c7e95294141241f4e3b60add855cb4253c91657e

SHA256
d6defdd427151ed1c1f21dad0404bd19f12c5f6f481f6a0892b2ad2169b46b66

SHA512
5449dccc858178aa100c4d33061f3f3041958ccb1d6abfa9add0708b247f74568a1b35793a55ee3b080d42a23c2a921c4104b24ad963b5a9d510d20891ea7709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e232d95201c11ef7622addd9cfd65d91

SHA1
fb263c6e57a0486921c378136ac04c212622b253

SHA256
608317502985763885d158117dda94fe6241ef5ca9ec74e7c87cc10011cbb500

SHA512
13e1499026a890cfcb647ef1d408e27a96bcaac57a0bdc0ef10b32771dde9ee6b656809d447808f0892deda801d782f9997c936e946c397f4c1e1e19015c776b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0c08c526df100ffd78c24da94d22219

SHA1
5e2b91ee272cb082235c3040f1f524f8af7acaf1

SHA256
3f7ec6878d6246b5183f4646322d88aa4c301f966513351ed20ceac4b891a903

SHA512
b0efa8f78bf867bbcf1b2e742cbedbf91e635fc8856fb71509f9eb857e5994ca001184b0db9a0dddc26da92fd18632734b3c00e3f82fe8ced897e347668d3cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7f891a2e65ab7f3434aa058fb3be67e

SHA1
4ecd6d9064965b47fa34403d6716385f1b96f72d

SHA256
2f8e64c497402c4702824c128a104f653d53ecfb13d65fab52d6b8f970a35c4f

SHA512
e8fbf282b6d97b997e3c271c81cb5a0103e9c1a60c5935cbbe26d7375c0dcdc653ffc580844eca0a3232ca6eb20ca0e872a0f43ffc1cdc660ef3886033233ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3473d342618b659694302d781e532046

SHA1
31dfea2c2e1c550220bf7c8289071ccb4ded24bc

SHA256
2b4d8e0c2ad0449e0a99093ad25559dee74c2726ba56ffcdcaf26f72d60c749e

SHA512
48985cd5fc74ce34efc661b96e567fe9c32052b010d8e7f119e78f4294dfed15ebc714978c9f04ffe3641e1008a3af3fab86db44c4b9418ee429e5fd79e7ca76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
523753e2e40c39ffb8263503f5d06c3f

SHA1
161e842a37213274ea4d5cb4f93e8abcb8f35c3c

SHA256
40fc2fd30bbe4c1cf44d169bf4fd9f359f56c13727db64e1644d6a1622120de5

SHA512
0c5c401313f9a926383fcb73345e85014317df6d6a19c108ba3266506fc9a4d2e7b26e52ba9f274043d2f891622a1ef5d59678825eee2f516faf2c3a2ac8c043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cc1d12fb9847b9a08b0a0d7238a07a98

SHA1
7504317d2690e9cc6e9796426561a2467d5e1235

SHA256
ac1bcaf1f34029257023385cc5c00a48834679ba93aca86ffe869afca7624849

SHA512
003f62897f5894426fe2836fdf6b95f0db34cfcaf8806fdde301366eeaf7c75dd569abf3428e84d6a79c3a6924a87fcea433fa40334aeddd64f7146cd7cbcb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e287198a2218eef65c2ce70c70c1818a

SHA1
498ca8d5035dcbfc14bdff7a0d733fafd24424f1

SHA256
5f54459b965ac8365815bec43fb807ebe1e80fc5a670dc266a577a0bcf9e4179

SHA512
ad918821d17e42e82f64c9e178781309f0c031e8417071e37a81855e2eb3656d84440a7bef1b33e574269cb142336b976011544ee6717a3830606c5dcf1b55ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e489207527da97cd3485c7f2d552d959

SHA1
a4a335eb77574ad720aecb659e0c0b47e625851e

SHA256
ac9d08047ec50b1f50c3ae261b4a59e6e03e9f277333098b9bd5d928dff53454

SHA512
9186dbf84f953abfe3978c12cd772f27e852deb3d0caf6c7beb5aee96baf568bfe53b3c9ae999a215a001584cac4be74293221d48e6628068702c165676a77f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a88ef39b5f9d1af319d327c42f2c1f5

SHA1
c58bb9f54bd68d4c9ce47b45bbb08be821459c0a

SHA256
52c577b49ecd5076b0a6755484d3193a94d4fdf7be16b460ad74a54be0f7f285

SHA512
22e661c0ccf34cfb3e13448a56185a7c96752d6b94feb10b341ccd3eef62e83af2b78663e8dd6fc22c6d5833327f8eae9960121a716998dc6d762699f08c1d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92d8ae8b154f18744090406f9077ba8e

SHA1
df1a7b6a8e2748644512c6194a26ff26ce1b6115

SHA256
d659404291d66e2c4681391ec49dd9be5e64c4df98a95a9efc0c29f68e399941

SHA512
45858d6ea647b8b8f12eb84b7c931f62e9ed78514650ebe61c322f44aadf448be42e11e7543d77e515a8db642142141ef7f9eae363091b6db7e99ce2748e6341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b20d890bca06321da3e74e4c657a67a5

SHA1
365a364aa2147fc6ed65e31ef8fba0b298fae261

SHA256
25c89b5ec22f9ce790f0ebeac393648212452f57d053c6814e7f6c3940e3b0a6

SHA512
8ce5fd41f3f79502514726aa2af0997036a1318b4dc8151b103dafe9acae3c85755a91ead4b55f99fe8c766ca011a39c3c47b784da2e005886c525d13814a7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\Microsoft.Win32.TaskScheduler.dll

Filesize
340KB

MD5
e6a31390a180646d510dbba52c5023e6

SHA1
2ac7bac9afda5de2194ca71ee4850c81d1dabeca

SHA256
cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec

SHA512
9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\Newtonsoft.Json.dll

Filesize
701KB

MD5
4f0f111120d0d8d4431974f70a1fdfe1

SHA1
b81833ac06afc6b76fb73c0857882f5f6d2a4326

SHA256
d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a

SHA512
e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\UnifiedStub-installer.exe

Filesize
1.0MB

MD5
493d5868e37861c6492f3ac509bed205

SHA1
1050a57cf1d2a375e78cc8da517439b57a408f09

SHA256
dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f

SHA512
e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\f2582e43-f621-439c-a51e-742ef2f0e7d8\UnifiedStub-installer.exe\assembly\dl3\1d0fa48b\f22e8fd7_7ce2da01\rsStubLib.dll

Filesize
64KB

MD5
65e48569de00d4bb0454ff0a4480f0df

SHA1
0cf95c9396ad69260a0266e04c2fae05e1cbf0d7

SHA256
a7cd6e99c4e84fab82d3b02a854e8263512191300aa253fbed8e514501e94ff8

SHA512
e026f5fb50772ca1e7c32944f8d654917afa64c8ffc7b667e1121a01fd83c4855f9f2068bf9a69145c9770305ddcf8d0463ffb83b12a2262473e296b5646d8e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\rsAtom.dll

Filesize
169KB

MD5
dc15f01282dc0c87b1525f8792eaf34e

SHA1
ad4fdf68a8cffedde6e81954473dcd4293553a94

SHA256
cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998

SHA512
54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\rsLogger.dll

Filesize
182KB

MD5
1cfc3fc56fe40842094c7506b165573a

SHA1
023b3b389fdfa7a9557623b2742f0f40e4784a5c

SHA256
187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2

SHA512
6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\rsStubLib.dll

Filesize
271KB

MD5
3bcbeaab001f5d111d1db20039238753

SHA1
4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8

SHA256
897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a

SHA512
de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\rsSyncSvc.exe

Filesize
798KB

MD5
f2738d0a3df39a5590c243025d9ecbda

SHA1
2c466f5307909fcb3e62106d99824898c33c7089

SHA256
6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21

SHA512
4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB133E78\uninstall-epp.exe

Filesize
319KB

MD5
79638251b5204aa3929b8d379fa296bb

SHA1
9348e842ba18570d919f62fe0ed595ee7df3a975

SHA256
5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d

SHA512
ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-28J3C.tmp\utweb_installer.tmp

Filesize
3.0MB

MD5
5257ed123adac2b16dca4697d9a82825

SHA1
ae3525c14573bb44fc0809be44988f028c40879a

SHA256
f7a72f733c49ea5f8e712decb77ddf30135f0c9ed1840544075780dc097ffd0a

SHA512
754af6dcc64a2829cb4de5ca6955f8f83988e3e28615fe0d3fe83919c839d9a8e76e73c61e8d7b74bf606dca05df6c98478b004cde29c8e21d98abdaeac9077c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\AVG_BRW.png

Filesize
29KB

MD5
0b4fa89d69051df475b75ca654752ef6

SHA1
81bf857a2af9e3c3e4632cbb88cd71e40a831a73

SHA256
60a9085cea2e072d4b65748cc71f616d3137c1f0b7eed4f77e1b6c9e3aa78b7e

SHA512
8106a4974f3453a1e894fec8939038a9692fd87096f716e5aa5895aa14ee1c187a9a9760c0d4aec7c1e0cc7614b4a2dbf9b6c297cc0f7a38ba47837bede3b296

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\RAV_Cross.png

Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component0.exe

Filesize
32KB

MD5
3112251ebd8d19b2e7f92b49e00c0f5a

SHA1
8a3687bb80987818e7d51199f5bdd15baaacc33f

SHA256
bb94ddca9147606617efacdf959a3a7a403f1c5d98b5a276bdc33b2f9d40fbba

SHA512
9ef5f990510540ac3bbcb6f2b78fa3e14ca740ce3b726e48b8e3add7a5033bc1cfa8826c06307930418e48e50142805de14bba185e93088342d7c33e7dc68201

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1.zip

Filesize
515KB

MD5
f68008b70822bd28c82d13a289deb418

SHA1
06abbe109ba6dfd4153d76cd65bfffae129c41d8

SHA256
cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589

SHA512
fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\installer.exe

Filesize
24.4MB

MD5
4a547fd0a6622b640dad0d83ca63bd37

SHA1
6dd7b59010cc73581952bd5f1924dca3d6e7bea5

SHA256
a5be5403eb217883643adba57c83b7c4b0db34faf503cc1167b2c73ce54919d5

SHA512
dd1c6d7410d9fca5ce3d0be0eb90b87a811c7f07cba93e2c5d6855c692caec63feec6b8385e79baa4f503cac955e5331fac99936aa1668c127f3fc1ffccb3b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component1_extract\saBSI.exe

Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component2.zip

Filesize
5.7MB

MD5
6406abc4ee622f73e9e6cb618190af02

SHA1
2aa23362907ba1c48eca7f1a372c2933edbb7fa1

SHA256
fd83d239b00a44698959145449ebfcb8c52687327deac04455e77a710a3dfe1b

SHA512
dd8e43f8a8f6c6e491179240bdfefdf30002f3f2900b1a319b4251dfa9ca7b7f87ddf170ba868ab520f94de9cc7d1854e3bcfd439cad1e8b4223c7ee06d649f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\component2_extract\avg_secure_browser_setup.exe

Filesize
5.8MB

MD5
591059d6711881a4b12ad5f74d5781bf

SHA1
33362f43eaf8ad42fd6041d9b08091877fd2efba

SHA256
99e8de20a35a362c2a61c0b9e48fe8eb8fc1df452134e7b6390211ab19121a65

SHA512
6280064a79ca36df725483e3269bc1e729e67716255f18af542531d7824a5d76b38a7dcefca048022c861ffcbd0563028d39310f987076f6a5da6c7898c1984c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5FB0H.tmp\utweb_installer.exe

Filesize
17.4MB

MD5
575c591b5502b0af0bab9be7e0fa170a

SHA1
738737d69a6f9bdd32743dd3ff0688199ce8fb3a

SHA256
a841f48ee29b6f7a62135091707cd1ce66fd515c2f304f771bfcef089eee2f8a

SHA512
c35ef49e27f1fdd609cada7250f818968635e728b44e14a1445cb7e243a0a1f3dafaf7afed5e11f15978150abdd8071bceaee1ff10b85977e7b83d36f0f5e169

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
9750ea6c750629d2ca971ab1c074dc9d

SHA1
7df3d1615bec8f5da86a548f45f139739bde286b

SHA256
cd1c5c7635d7e4e56287f87588dea791cf52b8d49ae599b60efb1b4c3567bc9c

SHA512
2ecbe819085bb9903a1a1fb6c796ad3b51617dd1fd03234c86e7d830b32a11fbcbff6cdc0191180d368497de2102319b0f56bfd5d8ac06d4f96585164801a04b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\CR.History.tmp

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\FF.places.tmp

Filesize
5.0MB

MD5
cbece3c2194c72ccb5970bc76f5b257e

SHA1
b33cddd26253cf1fbbf7e63f9529fc0f8ad270cb

SHA256
5217ba740476f6b332769e9e84b8f2ecdec8c1f4ad7145c9a9b802011644353a

SHA512
4f3de0fe5a2ab6d1e7685a79b6cfbdc69740bd7853a52afb5bb189ad21b8b899cea19522ac1e7e02dbd4e58fc3794e7ae3cb9faa429988573ec5b5748b77af3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
bd94620c8a3496f0922d7a443c750047

SHA1
23c4cb2b4d5f5256e76e54969e7e352263abf057

SHA256
c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644

SHA512
954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\Midex.dll

Filesize
126KB

MD5
581c4a0b8de60868b89074fe94eb27b9

SHA1
70b8bdfddb08164f9d52033305d535b7db2599f6

SHA256
b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd

SHA512
94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\StdUtils.dll

Filesize
195KB

MD5
7602b88d488e54b717a7086605cd6d8d

SHA1
c01200d911e744bdffa7f31b3c23068971494485

SHA256
2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11

SHA512
a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\jsis.dll

Filesize
127KB

MD5
4b27df9758c01833e92c51c24ce9e1d5

SHA1
c3e227564de6808e542d2a91bbc70653cf88d040

SHA256
d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb

SHA512
666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\nsJSON.dll

Filesize
36KB

MD5
ddb56a646aea54615b29ce7df8cd31b8

SHA1
0ea1a1528faafd930ddceb226d9deaf4fa53c8b2

SHA256
07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069

SHA512
5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso73C6.tmp\thirdparty.dll

Filesize
93KB

MD5
070335e8e52a288bdb45db1c840d446b

SHA1
9db1be3d0ab572c5e969fea8d38a217b4d23cab2

SHA256
c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc

SHA512
6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu5CA3.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu5CA3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu5CA3.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu5CA3.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu5CA3.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\oi0fh1ts.exe

Filesize
2.4MB

MD5
949bf696ed315129212512b13857956a

SHA1
3a15464db57e24d34075906de75c9ffc11c1b9be

SHA256
2fa47e480510d71cd16b7c9e26bcff305c140a5de9543a9f2014191a90cccff9

SHA512
d89e4bfedab3f56551c8c79fb6ddac544896cbccd01464558069be4f04de383626168317e54b4519a6733f40c5e90a94f505d670bc4b3d739cd1c7ee3ddb5385

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avcodec-58.dll

Filesize
1.4MB

MD5
9d7585d920144436fd23b5397ad20abf

SHA1
396b69f02b672b2df8b630e0690c440f17e7cd8e

SHA256
8b527770e0580ee328f8c91aae05016b174d15e13f28befff5a6b6a6f4837084

SHA512
c6fce0b220e319c8c91739159e9870302240e734b15c1721bb1357b6e62772b743d62f0a8b280aa285d8adde10e1fe24056ccfd1b05b9bf220e7f4f9434dd356

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avformat-58.dll

Filesize
927KB

MD5
c123211331c1f98b8a679ecbd5048997

SHA1
4b6807dcbbb0160b191cba08413c79ce557921ed

SHA256
4e8d418e6b1345c05e08a4b88e78a84a97c9a8179ca851bd87c93836c2409f31

SHA512
4232c5f759109cb71a5c5833cb3de2b641c71504f62132cced98f56f792c11d9d5a84ac96c91c8dec6b4d19021b9ba555976779957faa3a6c6438f0abc51a6e8

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\avutil-56.dll

Filesize
620KB

MD5
e0cdb9bbfa7a22ef965d55161945176e

SHA1
1d0929e86b838f02025552cd4e0f6eb91f769d75

SHA256
47a1c21d501b81a93088ae081da08e74d098ac82e0dbae7a909f39af5bd24815

SHA512
813c9b18aa7e8d8794010cc40eda839db324079a87a784b9ab8a98c3f318e9c12d2d86eaa8bd4ec1e4ec6175a9e12efce243c0d0daa193b802ed0cc4739173f5

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\helper.partial

Filesize
5.6MB

MD5
96b220a306b716a01d8c6d1fe6de719a

SHA1
07ea647454d25acf0ebf6f56b9741656d92fec08

SHA256
a44c00f9ebefdaa26c5f53b8091a1adc71ad73be51494c208cd7ecfc2ba00400

SHA512
2d500a17a5bf3f653a3a500d01fee2392c37fa7fb26871bdf15b03b6acb0bbe21342bfa48297c5354627ebc1a9900c4f88bf7cbb9de4ca0c0f752e264db779ff

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\helper\helper.exe

Filesize
5.5MB

MD5
3680213ff0faad3800661ed36954506d

SHA1
bc206e577405fdf2dd9ff3fed121df4d80cd486e

SHA256
4f4bda741adb2f6c1724a6cf70e6dc3cc4be1e0dee89aa51f184c83590124f41

SHA512
22c97de7b057f391fa54cab7a4910258220d3ba2dc3d23ed0384bf8c76fc457208d498e208822e438f2ec6e83bd19700041f42edee88556d2b13ff09f802aa63

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\libssl-1_1.dll

Filesize
525KB

MD5
88228668dfd302da82a2ce585db55f38

SHA1
30092d8680c184726e45879f6c7340ecdf98b388

SHA256
2129c263ad08f415ac40abce658e13327ab5911f59a21767dab56d3167083020

SHA512
8b88a1cf14ef47c39c00568df9b421a45936c74989b428e668ec737438fe993f0c08f65a1f164d54594ea66b49e976c3991cc9a9bc2d56c0bce90e589e142bda

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\swresample-3.dll

Filesize
149KB

MD5
69ae94597b9412a9936aa43340ad1826

SHA1
67cdf694af7543186f1492897d69f5ab41cfe4d4

SHA256
11771c928aff73893e72de8e01912dbbb8c5d8643f23601545457c96d5b8361f

SHA512
34c7e20d67eb0c8076fb83fdc01628d7d532611a5e56c882085acf648eeb6199a5f4b54c6d848846c502f6c1089cf5eacddc0b7bce6667bd84369b2d338f6e93

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent Web\utweb.exe

Filesize
6.1MB

MD5
44cf1d0d3ee2b2392e03d182c3ef4f8e

SHA1
02d6cc30a1ad7f6c9672d9c4e315a0aa566be877

SHA256
18d660245b164a86df69f97195c0189e65bc4fa8dd886ad5e6a20f9edb04c2dc

SHA512
bd3a33104abae849aa89b3314325f490a7c4275254cc78d87cd25db62189deaf745cca36139718a35227640c5a1847e25447f02e7e943570b274f8a5314cb1ee

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 897156.crdownload

Filesize
1.7MB

MD5
3769ac2d13b3a162d156be9ef9bcacf7

SHA1
b4dcbd90d3613188d6f8d1f17ba91dda8ff0a26f

SHA256
322b72fde02347eee92faca2b199d63db65cbc61c9c315d367680197f7dd7baf

SHA512
ba8eb2de6192ba6e251273e934730cd824a4f4244bc680f09079bc0b450cbcc91f84d7d498c393e7dd39b8fab8832c38196b2cf7a1c5464d4eafc020dea4c846

Download Submit
memory/1584-534-0x000001F59F6D0000-0x000001F59F728000-memory.dmp

Filesize
352KB

Download
memory/1584-447-0x000001F584C20000-0x000001F584D2C000-memory.dmp

Filesize
1.0MB

Download
memory/1584-526-0x000001F59F240000-0x000001F59F26E000-memory.dmp

Filesize
184KB

Download
memory/1584-449-0x000001F59F110000-0x000001F59F156000-memory.dmp

Filesize
280KB

Download
memory/1584-3774-0x000001F59F8C0000-0x000001F59F910000-memory.dmp

Filesize
320KB

Download
memory/1584-509-0x000001F59F190000-0x000001F59F1B2000-memory.dmp

Filesize
136KB

Download
memory/1584-508-0x000001F59F380000-0x000001F59F432000-memory.dmp

Filesize
712KB

Download
memory/1584-458-0x000001F59F0C0000-0x000001F59F0F0000-memory.dmp

Filesize
192KB

Download
memory/2104-249-0x000002C165CA0000-0x000002C1661C8000-memory.dmp

Filesize
5.2MB

Download
memory/2104-248-0x000002C14B320000-0x000002C14B328000-memory.dmp

Filesize
32KB

Download
memory/3312-95-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-82-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/3312-92-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/3312-208-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-93-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-58-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-1104-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-1098-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-87-0x00000000075C0000-0x0000000007700000-memory.dmp

Filesize
1.2MB

Download
memory/3312-83-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3312-88-0x0000000000400000-0x0000000000710000-memory.dmp

Filesize
3.1MB

Download
memory/3484-94-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3484-53-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3484-51-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3484-1106-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/5196-1140-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1148-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1147-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1146-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1145-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1144-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1301-0x00007FF6BBD50000-0x00007FF6BBD60000-memory.dmp

Filesize
64KB

Download
memory/5196-1364-0x00007FF6AB1A0000-0x00007FF6AB1B0000-memory.dmp

Filesize
64KB

Download
memory/5196-1337-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1329-0x00007FF6AB1A0000-0x00007FF6AB1B0000-memory.dmp

Filesize
64KB

Download
memory/5196-1317-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1291-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1266-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1264-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1256-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1252-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1250-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1247-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1227-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1219-0x00007FF6C3810000-0x00007FF6C3820000-memory.dmp

Filesize
64KB

Download
memory/5196-1216-0x00007FF6D7360000-0x00007FF6D7370000-memory.dmp

Filesize
64KB

Download
memory/5196-1213-0x00007FF6D7360000-0x00007FF6D7370000-memory.dmp

Filesize
64KB

Download
memory/5196-1178-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1175-0x00007FF6D7360000-0x00007FF6D7370000-memory.dmp

Filesize
64KB

Download
memory/5196-1171-0x00007FF681C10000-0x00007FF681C20000-memory.dmp

Filesize
64KB

Download
memory/5196-1170-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1158-0x00007FF6D9430000-0x00007FF6D9440000-memory.dmp

Filesize
64KB

Download
memory/5196-1149-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1168-0x00007FF6A8180000-0x00007FF6A8190000-memory.dmp

Filesize
64KB

Download
memory/5196-1139-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1141-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1138-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1133-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1131-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1130-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1117-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1118-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1119-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1100-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1099-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1097-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1085-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1086-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1096-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1087-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1088-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download
memory/5196-1095-0x00007FF6CB660000-0x00007FF6CB670000-memory.dmp

Filesize
64KB

Download