Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1451180
MD5:	60feb08011db31607cee2a5bc1f2206f
SHA1:	f8f680a3a8ca7eb2058eebdf2f25a95904780988
SHA256:	20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2
Tags:	exe
Infos:

Detection

Score:	40
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	49
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to prevent local Windows debugging

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Found evasive API chain (may stop execution after checking volume information)

Found evasive API chain checking for user administrative privileges

Query firmware table information (likely to detect VMs)

Tries to harvest and steal browser information (history, passwords, etc)

Changes image file execution options

Checks for available system drives (often done to infect USB drives)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Disables exception chain validation (SEHOP)

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after accessing registry keys)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Common Autorun Keys Modification

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 1268 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 60FEB08011DB31607CEE2A5BC1F2206F)

ajF04F.exe (PID: 1684 cmdline: "C:\Users\user\AppData\Local\Temp\ajF04F.exe" /relaunch=8 /was_elevated=1 /tagdata MD5: ACB51434FD82EB460B052F05950B8DCA)

AVGBrowserUpdateSetup.exe (PID: 1576 cmdline: AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 9750EA6C750629D2CA971AB1C074DC9D)

AVGBrowserUpdate.exe (PID: 3116 cmdline: "C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 6448 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 5696 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdateComRegisterShell64.exe (PID: 6580 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" MD5: 2A3AD7362E6C8808FBB4D4CCABA4ED4A)

AVGBrowserUpdateComRegisterShell64.exe (PID: 2636 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" MD5: 2A3AD7362E6C8808FBB4D4CCABA4ED4A)

AVGBrowserUpdateComRegisterShell64.exe (PID: 5016 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe" MD5: 2A3AD7362E6C8808FBB4D4CCABA4ED4A)

AVGBrowserUpdate.exe (PID: 7272 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc2MzdDRkNCLUUwOEQtNDNENC1CMUY3LUMyNERBQjEzQkI4MH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntFMUJBQjY4OC1CMDJGLTQ3NDktOUY4OC0zRTFCNEU3REE5OTR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDMiIG1hY2hpbmVpZD0iezAwMDBGOEI1LUM3REUtQTQ4Qy1EMDU4LTA3RTI0NTVCOUE1Qn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsyNTJFNzAzQS1GNkRGLTRBQjYtOTE2MS00NEZENUYwNjYwMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuMjAwNiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLUdCIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA2MyIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 7288 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637CFCB-E08D-43D4-B1F7-C24DAB13BB80}" /silent MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowser.exe (PID: 5404 cmdline: AVGBrowser.exe --heartbeat --install --create-profile MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

svchost.exe (PID: 6784 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

AVGBrowserUpdate.exe (PID: 2504 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 6208 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ua /installsource scheduler MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 2636 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserUpdate.exe (PID: 7432 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /uninstall MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

msiexec.exe (PID: 5452 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

AVGBrowserUpdate.exe (PID: 7348 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc MD5: CBCDF56C8A2788ED761AD3178E2D6E9C)

AVGBrowserInstaller.exe (PID: 7536 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level MD5: 371F796FCFD9D0BA16C7DA57487323A0)

setup.exe (PID: 7676 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level MD5: 0DFA65976DA7822DB99118ABF2A50CC9)

setup.exe (PID: 7692 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408 MD5: 0DFA65976DA7822DB99118ABF2A50CC9)

AVGBrowserCrashHandler.exe (PID: 4672 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe" MD5: F73E60370EFE16A6D985E564275612DA)

AVGBrowserCrashHandler64.exe (PID: 4996 cmdline: "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe" MD5: DEEF1E7382D212CD403431727BE417A5)

svchost.exe (PID: 7576 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

AVGBrowser.exe (PID: 8044 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --hourly MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 8108 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --hourly MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 8152 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58 MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 7452 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2 MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 8060 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --logon MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 8128 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --logon MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 8160 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58 MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

AVGBrowser.exe (PID: 7440 cmdline: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2 MD5: 7BD74C28BFADFF16A053A3B5E2B51195)

elevation_service.exe (PID: 5856 cmdline: "C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe" MD5: A4FA49989838F0B3038A008870561894)

svchost.exe (PID: 1124 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

elevation_service.exe (PID: 5704 cmdline: "C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe" MD5: A4FA49989838F0B3038A008870561894)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x143404:$Dwork: D:\work 0x143460:$Dwork: D:\work 0x1497d8:$Dwork: D:\work 0x1e2c68:$Dwork: D:\work 0x1e2cc8:$Dwork: D:\work 0x1e95e0:$Dwork: D:\work 0x428c98:$Dwork: D:\work 0x428df0:$Dwork: D:\work 0x428f58:$Dwork: D:\work 0x429030:$Dwork: D:\work 0x429290:$Dwork: D:\work 0x4293b0:$Dwork: D:\work 0x4294d0:$Dwork: D:\work 0x429580:$Dwork: D:\work 0x50ca3:$Shell6: Shell6 0xa7533:$Shell6: Shell6
00000004.00000003.2112481989.0000000002C6C000.00000004.00000020.00020000.00000000.sdmp	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x143404:$Dwork: D:\work 0x143460:$Dwork: D:\work 0x1497d8:$Dwork: D:\work 0x1e2c68:$Dwork: D:\work 0x1e2cc8:$Dwork: D:\work 0x1e95e0:$Dwork: D:\work 0x428c98:$Dwork: D:\work 0x428df0:$Dwork: D:\work 0x428f58:$Dwork: D:\work 0x429030:$Dwork: D:\work 0x429290:$Dwork: D:\work 0x4293b0:$Dwork: D:\work 0x4294d0:$Dwork: D:\work 0x429580:$Dwork: D:\work 0x50ca3:$Shell6: Shell6 0xa7533:$Shell6: Shell6
00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x158674:$Dwork: D:\work 0x1586d0:$Dwork: D:\work 0x15eab0:$Dwork: D:\work 0x201b58:$Dwork: D:\work 0x201bb8:$Dwork: D:\work 0x2084f0:$Dwork: D:\work 0x470ac0:$Dwork: D:\work 0x470c18:$Dwork: D:\work 0x470d80:$Dwork: D:\work 0x470e58:$Dwork: D:\work 0x4710b8:$Dwork: D:\work 0x4711d8:$Dwork: D:\work 0x4712f8:$Dwork: D:\work 0x4713a8:$Dwork: D:\work 0x5343b:$Shell6: Shell6 0xb0fcf:$Shell6: Shell6
Process Memory Space: AVGBrowserUpdateSetup.exe PID: 1576	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x16e16:$Dwork: D:\work 0x16ee5:$Dwork: D:\work 0x18123:$Dwork: D:\work 0x18229:$Dwork: D:\work 0x18433:$Dwork: D:\work 0x18490:$Dwork: D:\work 0x18521:$Dwork: D:\work 0x1e83e:$Dwork: D:\work 0x24cbc:$Dwork: D:\work 0x24eea:$Dwork: D:\work 0x25a79:$Dwork: D:\work 0x25fe8:$Dwork: D:\work 0x2614e:$Dwork: D:\work 0x262b6:$Dwork: D:\work 0x29bef:$Dwork: D:\work 0x29d87:$Dwork: D:\work 0x29e08:$Dwork: D:\work 0x2a014:$Dwork: D:\work 0x2a37f:$Dwork: D:\work 0x2a50f:$Dwork: D:\work 0x2a58f:$Dwork: D:\work
Process Memory Space: AVGBrowserUpdate.exe PID: 3116	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x549e3:$Dwork: D:\work 0x6512f:$Dwork: D:\work 0x6527d:$Dwork: D:\work 0x653d4:$Dwork: D:\work 0x654a2:$Dwork: D:\work 0x6586f:$Dwork: D:\work 0x659b9:$Dwork: D:\work 0x65b0d:$Dwork: D:\work 0x65bd8:$Dwork: D:\work 0x65e05:$Dwork: D:\work 0x65f2c:$Dwork: D:\work 0x66030:$Dwork: D:\work 0x66148:$Dwork: D:\work 0x661f2:$Dwork: D:\work 0x662c8:$Dwork: D:\work 0x663dd:$Dwork: D:\work 0x66485:$Dwork: D:\work 0x8b922:$Dwork: D:\work 0x8c512:$Dwork: D:\work 0xd8df7:$Dwork: D:\work 0xde5b7:$Dwork: D:\work
Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 6580	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x5550:$Dwork: D:\work 0xb638:$Dwork: D:\work 0x17da:$Shell6: Shell6 0x6817:$Shell6: Shell6 0x6847:$Shell6: Shell6 0xc8ff:$Shell6: Shell6 0xc92f:$Shell6: Shell6 0xe541:$Shell6: Shell6 0xe5a3:$Shell6: Shell6 0xe5ff:$Shell6: Shell6 0xfa94:$Shell6: Shell6 0x103b0:$Shell6: Shell6 0x1041f:$Shell6: Shell6 0x10447:$Shell6: Shell6 0x10480:$Shell6: Shell6 0x104d1:$Shell6: Shell6 0x10547:$Shell6: Shell6 0x105b7:$Shell6: Shell6 0x10652:$Shell6: Shell6 0x10720:$Shell6: Shell6 0x1075d:$Shell6: Shell6
Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 2636	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x3bbf:$Dwork: D:\work 0x11def:$Dwork: D:\work 0x151:$Shell6: Shell6 0x4e86:$Shell6: Shell6 0x4eb6:$Shell6: Shell6 0x7cd4:$Shell6: Shell6 0x858d:$Shell6: Shell6 0x8619:$Shell6: Shell6 0x867c:$Shell6: Shell6 0x86b9:$Shell6: Shell6 0x86f6:$Shell6: Shell6 0x872f:$Shell6: Shell6 0x87bb:$Shell6: Shell6 0x8825:$Shell6: Shell6 0x8863:$Shell6: Shell6 0x8a0d:$Shell6: Shell6 0x8a46:$Shell6: Shell6 0x8e9a:$Shell6: Shell6 0x99fa:$Shell6: Shell6 0xa153:$Shell6: Shell6 0xa1af:$Shell6: Shell6
Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 5016	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x3a11:$Dwork: D:\work 0x12176:$Dwork: D:\work 0x4cd8:$Shell6: Shell6 0x4d08:$Shell6: Shell6 0x8111:$Shell6: Shell6 0x960e:$Shell6: Shell6 0x9aa9:$Shell6: Shell6 0x9ae5:$Shell6: Shell6 0x9b6e:$Shell6: Shell6 0x9bd9:$Shell6: Shell6 0x9c18:$Shell6: Shell6 0x9c5f:$Shell6: Shell6 0x9c98:$Shell6: Shell6 0x9d02:$Shell6: Shell6 0x9d95:$Shell6: Shell6 0x9e03:$Shell6: Shell6 0x9eb6:$Shell6: Shell6 0x9f25:$Shell6: Shell6 0xa1c8:$Shell6: Shell6 0xa3a8:$Shell6: Shell6 0xa4d7:$Shell6: Shell6
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.3.AVGBrowserUpdateSetup.exe.34af14c.173.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x1172b8:$Dwork: D:\work 0x117314:$Dwork: D:\work 0x11d68c:$Dwork: D:\work 0x1b6b1c:$Dwork: D:\work 0x1b6b7c:$Dwork: D:\work 0x1bd494:$Dwork: D:\work 0x3fcb4c:$Dwork: D:\work 0x3fcca4:$Dwork: D:\work 0x3fce0c:$Dwork: D:\work 0x3fcee4:$Dwork: D:\work 0x3fd144:$Dwork: D:\work 0x3fd264:$Dwork: D:\work 0x3fd384:$Dwork: D:\work 0x3fd434:$Dwork: D:\work 0x24b57:$Shell6: Shell6 0x7b3e7:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.348a40c.135.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x13bff8:$Dwork: D:\work 0x13c054:$Dwork: D:\work 0x1423cc:$Dwork: D:\work 0x1db85c:$Dwork: D:\work 0x1db8bc:$Dwork: D:\work 0x1e21d4:$Dwork: D:\work 0x42188c:$Dwork: D:\work 0x4219e4:$Dwork: D:\work 0x421b4c:$Dwork: D:\work 0x421c24:$Dwork: D:\work 0x421e84:$Dwork: D:\work 0x421fa4:$Dwork: D:\work 0x4220c4:$Dwork: D:\work 0x422174:$Dwork: D:\work 0x49897:$Shell6: Shell6 0xa0127:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.3e64620.92.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x105054:$Dwork: D:\work 0x1050b0:$Dwork: D:\work 0x10b490:$Dwork: D:\work 0x1ae538:$Dwork: D:\work 0x1ae598:$Dwork: D:\work 0x1b4ed0:$Dwork: D:\work 0x41d4a0:$Dwork: D:\work 0x41d5f8:$Dwork: D:\work 0x41d760:$Dwork: D:\work 0x41d838:$Dwork: D:\work 0x41da98:$Dwork: D:\work 0x41dbb8:$Dwork: D:\work 0x41dcd8:$Dwork: D:\work 0x41dd88:$Dwork: D:\work 0x5d9af:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.2c7340c.48.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x13bff8:$Dwork: D:\work 0x13c054:$Dwork: D:\work 0x1423cc:$Dwork: D:\work 0x1db85c:$Dwork: D:\work 0x1db8bc:$Dwork: D:\work 0x1e21d4:$Dwork: D:\work 0x42188c:$Dwork: D:\work 0x4219e4:$Dwork: D:\work 0x421b4c:$Dwork: D:\work 0x421c24:$Dwork: D:\work 0x421e84:$Dwork: D:\work 0x421fa4:$Dwork: D:\work 0x4220c4:$Dwork: D:\work 0x422174:$Dwork: D:\work 0x49897:$Shell6: Shell6 0xa0127:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.2cbce88.51.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0xf257c:$Dwork: D:\work 0xf25d8:$Dwork: D:\work 0xf8950:$Dwork: D:\work 0x191de0:$Dwork: D:\work 0x191e40:$Dwork: D:\work 0x198758:$Dwork: D:\work 0x3d7e10:$Dwork: D:\work 0x3d7f68:$Dwork: D:\work 0x3d80d0:$Dwork: D:\work 0x3d81a8:$Dwork: D:\work 0x3d8408:$Dwork: D:\work 0x3d8528:$Dwork: D:\work 0x3d8648:$Dwork: D:\work 0x3d86f8:$Dwork: D:\work 0x566ab:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.34d3e88.127.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0xf257c:$Dwork: D:\work 0xf25d8:$Dwork: D:\work 0xf8950:$Dwork: D:\work 0x191de0:$Dwork: D:\work 0x191e40:$Dwork: D:\work 0x198758:$Dwork: D:\work 0x3d7e10:$Dwork: D:\work 0x3d7f68:$Dwork: D:\work 0x3d80d0:$Dwork: D:\work 0x3d81a8:$Dwork: D:\work 0x3d8408:$Dwork: D:\work 0x3d8528:$Dwork: D:\work 0x3d8648:$Dwork: D:\work 0x3d86f8:$Dwork: D:\work 0x566ab:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.3e3e420.89.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x12b254:$Dwork: D:\work 0x12b2b0:$Dwork: D:\work 0x131690:$Dwork: D:\work 0x1d4738:$Dwork: D:\work 0x1d4798:$Dwork: D:\work 0x1db0d0:$Dwork: D:\work 0x4436a0:$Dwork: D:\work 0x4437f8:$Dwork: D:\work 0x443960:$Dwork: D:\work 0x443a38:$Dwork: D:\work 0x443c98:$Dwork: D:\work 0x443db8:$Dwork: D:\work 0x443ed8:$Dwork: D:\work 0x443f88:$Dwork: D:\work 0x2601b:$Shell6: Shell6 0x83baf:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.3e18220.102.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x151454:$Dwork: D:\work 0x1514b0:$Dwork: D:\work 0x157890:$Dwork: D:\work 0x1fa938:$Dwork: D:\work 0x1fa998:$Dwork: D:\work 0x2012d0:$Dwork: D:\work 0x4698a0:$Dwork: D:\work 0x4699f8:$Dwork: D:\work 0x469b60:$Dwork: D:\work 0x469c38:$Dwork: D:\work 0x469e98:$Dwork: D:\work 0x469fb8:$Dwork: D:\work 0x46a0d8:$Dwork: D:\work 0x46a188:$Dwork: D:\work 0x4c21b:$Shell6: Shell6 0xa9daf:$Shell6: Shell6
4.3.AVGBrowserUpdateSetup.exe.2c9814c.26.raw.unpack	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x1172b8:$Dwork: D:\work 0x117314:$Dwork: D:\work 0x11d68c:$Dwork: D:\work 0x1b6b1c:$Dwork: D:\work 0x1b6b7c:$Dwork: D:\work 0x1bd494:$Dwork: D:\work 0x3fcb4c:$Dwork: D:\work 0x3fcca4:$Dwork: D:\work 0x3fce0c:$Dwork: D:\work 0x3fcee4:$Dwork: D:\work 0x3fd144:$Dwork: D:\work 0x3fd264:$Dwork: D:\work 0x3fd384:$Dwork: D:\work 0x3fd434:$Dwork: D:\work 0x24b57:$Shell6: Shell6 0x7b3e7:$Shell6: Shell6
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: Common Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), wagga (name): Data: Details: AVG Secure Browser, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe, ProcessId: 7676, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982}\(Default)

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default", EventID: 13, EventType: SetValue, Image: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe, ProcessId: 8108, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGBrowserAutoLaunch_53F4AD9791D53E4F31988DF26A2B411E

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6784, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Directory created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\secure.7z
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Extensions
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\124.0.25069.209.manifest
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\aswEngineConnector.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\AVGBrowser.exe.sig
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\browser_crash_reporter.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll.sig
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_100_percent.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_200_percent.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_elf.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_pwa_launcher.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_wer.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\config.def
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\d3dcompiler_47.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\dxcompiler.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\dxil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\elevation_service.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\eventlog_provider.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Extensions\external_extensions.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\ffmpeg.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\icudtl.dat
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\libEGL.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\libGLESv2.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\af.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\am.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ar.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\bg.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\bn.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ca.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\cs.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\da.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\de.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\el.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\en-GB.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\en-US.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\es-419.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\es.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\et.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fa.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fil.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\gu.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\he.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hu.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\id.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\it.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ja.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\kn.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ko.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\lt.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\lv.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ml.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\mr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ms.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\nb.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\nl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pt-BR.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pt-PT.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ro.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ru.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sk.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sv.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sw.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ta.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\te.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\th.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\tr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\uk.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ur.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\vi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\zh-CN.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\zh-TW.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload\manifest.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload\preloaded_data.pb
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\mimic.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\mojo_core.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\notification_helper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\resources.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\setup_helper_syslib.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\snapshot_blob.bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\v8_context_snapshot.bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements\Logo.png
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements\SmallLogo.png
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vk_swiftshader.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vk_swiftshader_icd.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vulkan-1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowser.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserProtect.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserQHelper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserUninstall.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\browser_proxy.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\initial_preferences
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowser.VisualElementsManifest.xml
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\SetupMetrics
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\chrmstp.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\browser_proxy.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\initial_preferences
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowserQHelper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\SetupMetrics\9235c4e7-ae53-479e-b681-9b7e025f31b5.tmp

Creates install or setup log file

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\AVGBrowser_installer.log

PE / OLE file has a valid certificate

Source: file.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: goopdateres_unsigned_ms.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003222000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000440F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165133974.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165205878.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164927132.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fa.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003961000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004337000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152791561.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152687306.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152408496.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ru.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000445F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A89000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168125977.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168061555.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167925652.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_lt.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A0B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163524223.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163205272.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163413117.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_el.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003104000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042F1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150108705.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150018075.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149856176.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\initialexe\AVGBrowser.exe.pdb source: AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: goopdateres_unsigned_tr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AF1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044C7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170590288.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_de.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042E6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149702229.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149481017.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149639323.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_bg.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042AD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147250436.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147135412.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146941772.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_mr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003216000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004402000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164735319.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164643030.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164450051.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateComRegisterShell64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145841812.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146084049.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146150231.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000000.2186495616.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000002.2189908666.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000000.2190630223.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000002.2192620515.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000002.2195344439.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000000.2193531111.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: AVGBrowserCrashHandler64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145507317.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\setup_nosign.exe.pdb source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: goopdateres_unsigned_gu.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003177000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004364000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154278126.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154217263.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154003772.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A94000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004481000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169214564.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169165916.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169045548.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_th.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044BB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170430862.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172532345.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdbT source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172800095.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserCrashHandler_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdbX source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171945813.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-avg-x64\mini_installer.exe.pdb source: AVGBrowserInstaller.exe, 00000014.00000000.2482861483.00007FF73BED4000.00000002.00000001.01000000.00000026.sdmp, AVGBrowserInstaller.exe, 00000014.00000002.2879711339.00007FF73BED4000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: AVGBrowserUpdateOnDemand_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\chrome_elf.dll.pdb source: AVGBrowser.exe, 0000001E.00000002.2898134802.00007FF8A7ACB000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: psuser_unsigned_64.pdbT source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172227367.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_am.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146198832.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146406367.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146331005.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateWebPlugin_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ta.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003ACD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170084642.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_lv.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043EC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163686580.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163921549.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163990015.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_cs.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030E2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148756524.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149020532.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148956582.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdate_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2143860339.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000399A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004370000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154799321.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154508962.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154944559.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateBroker_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176127906.0000000000782000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_es-419.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003949000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000431F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151812044.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151812044.00000000007A4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151560568.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000002.2908814795.0000000000B28000.00000002.00000001.01000000.00000018.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000000.2108944984.0000000000B28000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: goopdateres_unsigned_pt-BR.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000443D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A67000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167065963.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166860815.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167145584.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000437C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000318F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155429261.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155653574.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155088171.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_id.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004392000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159583853.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159098504.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2158363262.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned_64.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172227367.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateComRegisterShell64_unsigned.pdb^ source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145841812.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146084049.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146150231.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000000.2186495616.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000002.2189908666.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000000.2190630223.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000002.2192620515.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000002.2195344439.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000000.2193531111.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: goopdateres_unsigned_zh-TW.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B12000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044FF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000ABF000.00000004.00000010.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171629574.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned.pdbX source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172532345.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sw.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004498000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169921274.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169760351.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169979059.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_it.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043A9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160342541.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160573365.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160666549.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_pt-PT.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004448000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167235240.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167405477.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167460912.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_vi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044E8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B13000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171109384.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_bn.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038E2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042B8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147746330.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147854898.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147498223.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: acuapi_64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2173471506.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sv.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000448D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AA0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169451957.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169609203.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169288884.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ja.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161534514.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161282116.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161673996.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_es.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000393E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004314000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151022828.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151295194.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151365862.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_is.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000039C8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000439E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159809709.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160034051.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160191266.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ro.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A7E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004453000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167789427.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167735488.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167562873.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_uk.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AE5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044D2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170749651.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003983000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004358000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153691467.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153837503.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153911762.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ca.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148671542.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148513714.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148000470.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_nl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000322D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165310044.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165673173.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165540989.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ko.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162834499.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162957240.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162442370.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_et.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000313E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000432B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152035302.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152168818.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152246594.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ur.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044DD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170927202.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_no.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004426000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166353148.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165885183.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166432853.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_iw.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161092400.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160811345.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160987300.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_te.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AD9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044AF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170266211.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fil.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000434D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153610715.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153306642.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153556127.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_pl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166681516.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166534186.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166754218.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_en-GB.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003933000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004309000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000002.2900499809.0000000000A10000.00000002.00000001.00040000.0000002D.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150672751.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150920384.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150858095.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000011.00000002.2888623349.0000000000C00000.00000002.00000001.00040000.0000002C.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2896108642.00000000013E0000.00000002.00000001.00040000.0000002C.sdmp
Source:	Binary string: goopdateres_unsigned_fi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004342000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152886939.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153171386.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153084030.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sk.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168546407.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168236782.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168465236.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171945813.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ml.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000320A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043F7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164264655.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164335990.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164095384.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: npAvgBrowserUpdate3_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176075476.0000000000781000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176029036.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hu.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004387000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000319A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2156600983.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2157791884.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2158175358.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_da.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003905000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042DB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149386687.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149172877.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149326912.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_en.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042FD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003110000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150223781.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150536478.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150458860.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000006.00000002.2180276782.0000000000C20000.00000002.00000001.00040000.0000001E.sdmp, AVGBrowserUpdate.exe, 0000000D.00000002.2292632206.0000000000F60000.00000002.00000001.00040000.0000001E.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2896542114.00000000014B0000.00000002.00000001.00040000.0000001E.sdmp
Source:	Binary string: psmachine_unsigned_64.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172800095.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ar.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146568139.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146833064.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146745656.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A89000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004476000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168861429.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168701046.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168945218.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdate_unsigned.pdb source: AVGBrowserUpdate.exe, AVGBrowserUpdate.exe, 00000006.00000002.2179645124.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000008.00000000.2185347276.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000B.00000000.2192928136.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000D.00000000.2193569917.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000E.00000002.2217270400.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244031208.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000011.00000002.2887745804.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000012.00000000.2227648919.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000013.00000002.2284298938.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: goopdateres_unsigned_zh-CN.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171368998.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_kn.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031DE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043CB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162128901.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162261282.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161914207.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: acuapi_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2173194656.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateCore_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145023147.0000000000795000.00000004.00000020.00020000.00000000.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1C375 FindFirstFileExW,	4_2_00B1C375
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A6D8AF FindFirstFileExW,	5_2_00A6D8AF
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_0007D8AF FindFirstFileExW,	6_2_0007D8AF
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4F014 FindFirstFileExW,	9_2_00007FF677B4F014
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_00776015 FindFirstFileExW,	32_2_00776015
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD6F4C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	33_2_00007FF60BFD6F4C

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 184.28.90.27 184.28.90.27

Source: AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp

String found in binary or memory: Yahoo!yahoo.comhttps://www.yahoo.com/favicon.icohttps://ch.search.yahoo.com/yhs/search{google:pathWildcard}?hspart=avg&hsimp=yhs-securebrowser&type={yahoo:campaignId}&param1={yahoo:param1}&param2={yahoo:param2}&param3={yahoo:param3}&param4={yahoo:param4}&p={searchTerms}UTF-8http://sugg.ch.search.yahoo.com/gossip-ch-partner/?output=fxjson&appid=avg&command={searchTerms} equals www.yahoo.com (Yahoo)

Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8291
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8297
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8417
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8484
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8503
Source: AVGBrowserUpdate.exe, 00000012.00000003.2889037888.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897780593.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2895005428.00000000015A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browser-update.avg.com/
Source: AVGBrowserUpdate.exe, 00000012.00000003.2895005428.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897412994.0000000001582000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2888337213.0000000002950000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browser-update.avg.com/browser-avg/win/x64/124.0.25069.209/
Source: AVGBrowserUpdate.exe, 00000012.00000002.2897951433.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2887537422.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2888337213.0000000002950000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2431679167.00000000015E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browser-update.avg.com/browser-avg/win/x64/124.0.25069.209/AVGBrowserInstaller.exe
Source: AVGBrowserUpdate.exe, 00000012.00000002.2899056963.00000000031A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browser-update.avg.com/browser-avg/win/x64/124.0.25069.209/AVGBrowserInstaller.exeam
Source: AVGBrowserUpdate.exe, 00000005.00000003.2172532345.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171945813.0000000000796000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2920975476.0000000004131000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: setup.exe, 00000017.00000003.2847212789.0000020739945000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: svchost.exe, 00000002.00000003.2032432628.000001B642C00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: AVGBrowser.exe, 0000001C.00000003.3012851459.00001B1C024C0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012804820.00001B1C024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012959395.00001B1C024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986500277.00000FDC024D8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986938270.00000FDC024E0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986714551.00000FDC024DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: AVGBrowser.exe, 0000001C.00000003.3012851459.00001B1C024C0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012804820.00001B1C024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012959395.00001B1C024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986500277.00000FDC024D8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986938270.00000FDC024E0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986714551.00000FDC024DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.com/p
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: file.exe, 00000000.00000000.2010109307.000000000040A000.00000008.00000001.01000000.00000003.sdmp, ajF04F.exe, 00000003.00000000.2044910383.000000000040A000.00000008.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicerq
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2920975476.0000000004131000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sugg.ch.search.yahoo.com/gossip-ch-partner/?output=fxjson&appid=avg&command=
Source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: AVGBrowser.exe, 0000001D.00000003.2950597680.00000FDC029A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com
Source: ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0/
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com1.2.840.113549.1.9.4
Source: ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://abptestpages.org/en/abp-testcase-subscription.txt
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktopct
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avast.com/
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avg.com/
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avg.com/$
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avg.securebrowser.com1)https://addons.ccleaner.securebrowser.com.&https://addons.avir
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.ccleaner.com/
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.ccleaner.com/.&https://addons.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.norton.securebrowser.com1)https://test-browser-addons.svc.avast.comQIDiscover
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8417
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://auth-browser-sync.svc.avast.com/auth/token
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-config.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-config.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-config.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-config.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-config.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-content.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-engagement-content.avastbrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-onboarding.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-onboarding.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-onboarding.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-onboarding.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beta-onboarding.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2926044433.00000FDC00F52000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: ajF04F.exe, 00000003.00000003.2098910133.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2075467453.00000000007AC000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3007093988.00001B1C02DA0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.2999861869.00001B1C02940000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3004396509.00001B1C02D94000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986082293.00000FDC02D38000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2985890198.00000FDC02D7C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://config.norton.securebrowser.com;
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://content.securebrowser.com
Source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-config.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-config.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-config.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-config.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-config.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-content.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-engagement-content.avastbrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-onboarding.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-onboarding.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-onboarding.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-onboarding.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dev-onboarding.norton.securebrowser.com
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txtt
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txttxt
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/abpindo
Source: AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/abpvn
Source: AVGBrowser.exe, 0000001D.00000003.2950597680.00000FDC029A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/dandelion_sprouts_nordic_filters
Source: AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/easylist.txt
Source: AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://easylist-downloads.adblockplus.org/exceptionrules.txt
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/79014/pg_indicator_on_light.svg
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/79015/pg_indicator_on_dark.svg
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/79016/spc_light.svg
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/79017/spc_dark.svg
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/84600/icon_avast.svg
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94047/illustration.svg
Source: AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94047/illustration.svgor
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94055/illustration-3.svg
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94624/icon_norton.svg
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94625/icon_avira.svg
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94626/icon_avg.png
Source: AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/94627/icon_ccleaner.png
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://engagement-content.avastbrowser.com/95232/Coupon.svg
Source: svchost.exe, 00000002.00000003.2032432628.000001B642C73000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000002.00000003.2032432628.000001B642C00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: AVGBrowser.exe, 0000001C.00000003.3047803586.00001B1C02AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: AVGBrowser.exe, 0000001C.00000003.3012851459.00001B1C024C0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012804820.00001B1C024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012959395.00001B1C024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986500277.00000FDC024D8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986938270.00000FDC024E0000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986714551.00000FDC024DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://id.avast.com/
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/155487768
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/288119108
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292282210
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292285899
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/309028728
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/315836169
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/328837151
Source: AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: ajF04F.exe, 00000003.00000003.2075467453.00000000007AC000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: ajF04F.exe, 00000003.00000003.2075467453.00000000007AC000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2075467453.00000000007DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: AVGBrowser.exe, 0000001C.00000003.3013268260.00001B1C024A8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3013020019.00001B1C0249C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987281454.00000FDC024B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987561449.00000FDC024BC000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3013972187.00000FDC024C4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2987608916.00000FDC024C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://onboarding.avast.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://onboarding.avg.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://onboarding.avira.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://onboarding.ccleaner.securebrowser.com
Source: AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://onboarding.norton.securebrowser.com
Source: AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/yhs/search
Source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://somewhereopenSystem32windirexploreEnabled://somewhereSHCore.dllSYSTEM32windirsetup_helper_sy
Source: ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/
Source: ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/?_=1717427700642&retry_tracking_count=0&last_request_error_code=0&la
Source: ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.securebrowser.com/N
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.avast.com/en-us/article/secure-browser-faq
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.avg.com/SupportArticleView?l=en&urlName=avg-secure-browser-faq&q=coupons&supportType
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.avira.com/hc/en-us/articles/13707860217233
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.norton.com/sp/en/us/home/current/solutions/v2023031322263778
Source: AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://test-browser-addons.svc.avast.com
Source: AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244872340.0000000000CAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897358431.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2889037888.0000000001571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/
Source: AVGBrowserUpdate.exe, 0000000D.00000002.2285893864.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 0000000D.00000003.2281016026.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/V
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/adblock/assets/v3/document_whitelist.txt
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/adblock/assets/v3/document_whitelist.txtblink.mojom.WidgetInputHandler
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/adblock/assets/v3/filter_whitelist.txt
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/adblock/assets/v3/filter_whitelist.txtt
Source: AVGBrowserUpdate.exe, 00000010.00000002.2244872340.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2243791317.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2889037888.00000000015A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/service/update2
Source: AVGBrowserUpdate.exe, 00000012.00000003.2891305776.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2895370553.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897153726.0000000001537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/service/update27
Source: AVGBrowserUpdate.exe, 00000012.00000003.2895005428.000000000159E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2891305776.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897358431.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2895370553.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2892228142.000000000159C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897153726.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2889037888.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897780593.00000000015A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/service/update2?cup2key=9:1470396613&cup2hreq=9946070338cefa8ad493aa8c
Source: AVGBrowserUpdate.exe, 0000000D.00000002.2284690621.0000000000D25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/service/update2s
Source: AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244872340.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com/service/update2~
Source: AVGBrowserUpdate.exe, 00000010.00000002.2244635331.0000000000C69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com:443/service/update2
Source: AVGBrowserUpdate.exe, 0000000D.00000002.2284690621.0000000000CD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.avgbrowser.com:443/service/update2serUpdate.exe
Source: AVGBrowser.exe, 0000001C.00000003.3047803586.00001B1C02AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.
Source: ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AVGBrowser.exe, 0000001D.00000003.2931251986.00000FDC00276000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=&
Source: AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.startpage.com/en/how-startpage-works
Source: AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.startpage.com/sp/cdn/images/startpage-logo-new.svg
Source: AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.icohttps://ch.search.yahoo.com/yhs/search

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B1C148 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,

9_2_00007FF677B1C148

Contains functionality to modify clipboard data

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B1C148 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,

9_2_00007FF677B1C148

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.3.AVGBrowserUpdateSetup.exe.34af14c.173.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.348a40c.135.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.3e64620.92.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.2c7340c.48.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.2cbce88.51.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.34d3e88.127.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.3e3e420.89.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.3e18220.102.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 4.3.AVGBrowserUpdateSetup.exe.2c9814c.26.raw.unpack, type: UNPACKEDPE	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 00000004.00000003.2112481989.0000000002C6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: AVGBrowserUpdateSetup.exe PID: 1576, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: AVGBrowserUpdate.exe PID: 3116, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 6580, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 2636, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 5016, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5d2f0a.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI32A4.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5d2f0d.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5d2f0d.msi

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\5d2f0d.msi

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B25CAB	4_2_00B25CAB
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1A8D4	4_2_00B1A8D4
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B22438	4_2_00B22438
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1F931	4_2_00B1F931
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B21FB0	4_2_00B21FB0
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1432C	4_2_00B1432C
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A73BBB	5_2_00A73BBB
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_00083BBB	6_2_00083BBB
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4D90C	9_2_00007FF677B4D90C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B270E0	9_2_00007FF677B270E0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3A8A8	9_2_00007FF677B3A8A8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3B050	9_2_00007FF677B3B050
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4F014	9_2_00007FF677B4F014
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B40FD0	9_2_00007FF677B40FD0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4B7E0	9_2_00007FF677B4B7E0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B477B0	9_2_00007FF677B477B0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B307B4	9_2_00007FF677B307B4
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4971C	9_2_00007FF677B4971C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4D690	9_2_00007FF677B4D690
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B26644	9_2_00007FF677B26644
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B25654	9_2_00007FF677B25654
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3AE64	9_2_00007FF677B3AE64
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B50D98	9_2_00007FF677B50D98
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B1E5AC	9_2_00007FF677B1E5AC
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3FD54	9_2_00007FF677B3FD54
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3CD10	9_2_00007FF677B3CD10
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B414C8	9_2_00007FF677B414C8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3BCE4	9_2_00007FF677B3BCE4
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3AC7C	9_2_00007FF677B3AC7C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4ACB0	9_2_00007FF677B4ACB0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B54464	9_2_00007FF677B54464
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B433E0	9_2_00007FF677B433E0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B283E8	9_2_00007FF677B283E8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B30388	9_2_00007FF677B30388
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B52360	9_2_00007FF677B52360
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B54B68	9_2_00007FF677B54B68
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B43ACA	9_2_00007FF677B43ACA
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B48A88	9_2_00007FF677B48A88
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3AA90	9_2_00007FF677B3AA90
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B2DAB4	9_2_00007FF677B2DAB4
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3B238	9_2_00007FF677B3B238
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4E214	9_2_00007FF677B4E214
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B3C944	9_2_00007FF677B3C944
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4915C	9_2_00007FF677B4915C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4B160	9_2_00007FF677B4B160
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Code function: 20_2_00007FF73BED12C0	20_2_00007FF73BED12C0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158BC40	23_2_00007FF60158BC40
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158CE50	23_2_00007FF60158CE50
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158B900	23_2_00007FF60158B900
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60165CB10	23_2_00007FF60165CB10
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601583D10	23_2_00007FF601583D10
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6015838E0	23_2_00007FF6015838E0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158AEC0	23_2_00007FF60158AEC0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158DEC0	23_2_00007FF60158DEC0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601583780	23_2_00007FF601583780
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158A560	23_2_00007FF60158A560
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601581760	23_2_00007FF601581760
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601581D60	23_2_00007FF601581D60
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158BB72	23_2_00007FF60158BB72
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601583B70	23_2_00007FF601583B70
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158A820	23_2_00007FF60158A820
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF60158CC28	23_2_00007FF60158CC28
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6016C560C	23_2_00007FF6016C560C
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6015859E0	23_2_00007FF6015859E0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF601582FE0	23_2_00007FF601582FE0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6015825D0	23_2_00007FF6015825D0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158BC40	24_2_00007FF60158BC40
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158CE50	24_2_00007FF60158CE50
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158B900	24_2_00007FF60158B900
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60165CB10	24_2_00007FF60165CB10
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601583D10	24_2_00007FF601583D10
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6015838E0	24_2_00007FF6015838E0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158AEC0	24_2_00007FF60158AEC0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158DEC0	24_2_00007FF60158DEC0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601583780	24_2_00007FF601583780
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158A560	24_2_00007FF60158A560
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601581760	24_2_00007FF601581760
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601581D60	24_2_00007FF601581D60
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158BB72	24_2_00007FF60158BB72
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601583B70	24_2_00007FF601583B70
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158A820	24_2_00007FF60158A820
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF60158CC28	24_2_00007FF60158CC28
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6016C560C	24_2_00007FF6016C560C
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6015859E0	24_2_00007FF6015859E0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF601582FE0	24_2_00007FF601582FE0
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6015825D0	24_2_00007FF6015825D0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF691048A4C	30_2_00007FF691048A4C
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F08240	30_2_00007FF690F08240
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F1D280	30_2_00007FF690F1D280
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FB5290	30_2_00007FF690FB5290
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690EFE9C0	30_2_00007FF690EFE9C0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F712C0	30_2_00007FF690F712C0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FD1AD0	30_2_00007FF690FD1AD0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F1EAD0	30_2_00007FF690F1EAD0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FB7B10	30_2_00007FF690FB7B10
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F03B30	30_2_00007FF690F03B30
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FE5960	30_2_00007FF690FE5960
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FF5170	30_2_00007FF690FF5170
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FEE180	30_2_00007FF690FEE180
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F601D0	30_2_00007FF690F601D0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF691011490	30_2_00007FF691011490
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF69103AC84	30_2_00007FF69103AC84
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690EF1BD0	30_2_00007FF690EF1BD0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F02BB3	30_2_00007FF690F02BB3
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F194D0	30_2_00007FF690F194D0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690EFCB60	30_2_00007FF690EFCB60
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910ABD30	30_2_00007FF6910ABD30
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FB3D30	30_2_00007FF690FB3D30
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F01520	30_2_00007FF690F01520
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910AC370	30_2_00007FF6910AC370
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F36370	30_2_00007FF690F36370
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FE93B0	30_2_00007FF690FE93B0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910243F0	30_2_00007FF6910243F0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910A5C10	30_2_00007FF6910A5C10
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F3EE40	30_2_00007FF690F3EE40
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF69103AE88	30_2_00007FF69103AE88
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF691090680	30_2_00007FF691090680
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF691046EB0	30_2_00007FF691046EB0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FBF720	30_2_00007FF690FBF720
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F37F30	30_2_00007FF690F37F30
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F8CD40	30_2_00007FF690F8CD40
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FF7D70	30_2_00007FF690FF7D70
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF69101B5F0	30_2_00007FF69101B5F0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF69103B08C	30_2_00007FF69103B08C
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910A58C0	30_2_00007FF6910A58C0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690F1D920	30_2_00007FF690F1D920
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF690FB5770	30_2_00007FF690FB5770
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910A3FF0	30_2_00007FF6910A3FF0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910AC7E0	30_2_00007FF6910AC7E0
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF6910167E0	30_2_00007FF6910167E0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_0077C40B	32_2_0077C40B
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD59E4	33_2_00007FF60BFD59E4
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFDCEF8	33_2_00007FF60BFDCEF8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD6F4C	33_2_00007FF60BFD6F4C
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768613780	36_2_00007FF768613780
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768613B70	36_2_00007FF768613B70
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861BB72	36_2_00007FF76861BB72
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861A560	36_2_00007FF76861A560
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768611760	36_2_00007FF768611760
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768611D60	36_2_00007FF768611D60
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768612FE0	36_2_00007FF768612FE0
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF7686159E0	36_2_00007FF7686159E0
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF7686125D0	36_2_00007FF7686125D0
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861CE50	36_2_00007FF76861CE50
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861BC40	36_2_00007FF76861BC40
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861CC28	36_2_00007FF76861CC28
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861A820	36_2_00007FF76861A820
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF768613D10	36_2_00007FF768613D10
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861B900	36_2_00007FF76861B900
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF7686138E0	36_2_00007FF7686138E0
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861AEC0	36_2_00007FF76861AEC0
Source: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe	Code function: 36_2_00007FF76861DEC0	36_2_00007FF76861DEC0

Found potential string decryption / allocating functions

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: String function: 00007FF677B1A990 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: String function: 00B157E0 appears 33 times
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: String function: 00077F50 appears 33 times
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: String function: 00A67F50 appears 33 times
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: String function: 00771940 appears 33 times
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: String function: 00007FF69106D940 appears 197 times

PE file contains executable resources (Code or Archives)

Source: file.exe	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: ajF04F.exe.0.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: AVGBrowserUninstall.exe.3.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.3.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_vi.dll.4.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.4.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.4.dr	Static PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.4.dr	Static PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.4.dr	Static PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.4.dr	Static PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.4.dr	Static PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_ca.dll.5.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.5.dr	Static PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.5.dr	Static PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101

PE file contains strange resources

Source: file.exe	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: ajF04F.exe.0.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: AVGBrowserUninstall.exe.3.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

PE file does not import any functions

Source: sciterui.dll.3.dr	Static PE information: No import functions for PE file found
Source: sciterui.dll.0.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Yara signature match

Source: 4.3.AVGBrowserUpdateSetup.exe.34af14c.173.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.348a40c.135.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.3e64620.92.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.2c7340c.48.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.2cbce88.51.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.34d3e88.127.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.3e3e420.89.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.3e18220.102.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 4.3.AVGBrowserUpdateSetup.exe.2c9814c.26.raw.unpack, type: UNPACKEDPE	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 00000004.00000003.2112481989.0000000002C6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: AVGBrowserUpdateSetup.exe PID: 1576, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: AVGBrowserUpdate.exe PID: 3116, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 6580, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 2636, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: AVGBrowserUpdateComRegisterShell64.exe PID: 5016, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: classification engine

Classification label: mal40.spyw.evad.winEXE@82/560@0/6

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B12E59 GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,

4_2_00B12E59

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B11ECD GetTempFileNameW,FindResourceW,LoadResource,LockResource,CreateFileW,SizeofResource,SetFilePointerEx,CloseHandle,

4_2_00B11ECD

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe

File created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe

File created: C:\Users\user\AppData\Local\AVG

Jump to behavior

Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Mutant created: \Sessions\1\BaseNamedObjects\avg-securebrowser_installer_mutex2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Mutant created: NULL
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\AVGBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\AVGBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\AVGBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_12217705488491377990
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Mutant created: \BaseNamedObjects\Global\AVGBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_12217705488491377990

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\nsaE38A.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Command line argument: kernel32.dll	4_2_00B124AD
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Command line argument: kernel32.dll	5_2_00A66BD8
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Command line argument: DllEntry	5_2_00A66BD8
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Command line argument: kernel32.dll	6_2_00076BD8
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Command line argument: DllEntry	6_2_00076BD8

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: AVGBrowser.exe, 0000001D.00000003.2985648854.00000FDC02AE8000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe

Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\ajF04F.exe "C:\Users\user\AppData\Local\Temp\ajF04F.exe" /relaunch=8 /was_elevated=1 /tagdata
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe "C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: unknown	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: unknown	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc2MzdDRkNCLUUwOEQtNDNENC1CMUY3LUMyNERBQjEzQkI4MH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntFMUJBQjY4OC1CMDJGLTQ3NDktOUY4OC0zRTFCNEU3REE5OTR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDMiIG1hY2hpbmVpZD0iezAwMDBGOEI1LUM3REUtQTQ4Qy1EMDU4LTA3RTI0NTVCOUE1Qn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsyNTJFNzAzQS1GNkRGLTRBQjYtOTE2MS00NEZENUYwNjYwMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuMjAwNiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLUdCIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA2MyIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637CFCB-E08D-43D4-B1F7-C24DAB13BB80}" /silent
Source: unknown	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /uninstall
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Source: unknown	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --hourly
Source: unknown	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --logon
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --hourly
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --logon
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2
Source: unknown	Process created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe "C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe AVGBrowser.exe --heartbeat --install --create-profile
Source: unknown	Process created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe "C:\Program Files\AVG\Browser\Application\124.0.25069.209\elevation_service.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\ajF04F.exe "C:\Users\user\AppData\Local\Temp\ajF04F.exe" /relaunch=8 /was_elevated=1 /tagdata	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe "C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc2MzdDRkNCLUUwOEQtNDNENC1CMUY3LUMyNERBQjEzQkI4MH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntFMUJBQjY4OC1CMDJGLTQ3NDktOUY4OC0zRTFCNEU3REE5OTR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDMiIG1hY2hpbmVpZD0iezAwMDBGOEI1LUM3REUtQTQ4Qy1EMDU4LTA3RTI0NTVCOUE1Qn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsyNTJFNzAzQS1GNkRGLTRBQjYtOTE2MS00NEZENUYwNjYwMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuMjAwNiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLUdCIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA2MyIvPjwvYXBwPjwvcmVxdWVzdD4	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637CFCB-E08D-43D4-B1F7-C24DAB13BB80}" /silent	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /uninstall
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe "C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --hourly
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --heartbeat --logon
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe AVGBrowser.exe --heartbeat --install --create-profile
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msxml3.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: srpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: tsappcmp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msxml3.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: cscapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: atlthunk.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Section loaded: wtsapi32.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Checks if Microsoft Office is installed

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\Lync\Capabilities\URLAssociations

Creates a directory in C:\Program Files

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Directory created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\secure.7z
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Extensions
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\124.0.25069.209.manifest
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\aswEngineConnector.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\AVGBrowser.exe.sig
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\browser_crash_reporter.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll.sig
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_100_percent.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_200_percent.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_elf.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_pwa_launcher.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome_wer.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\config.def
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\d3dcompiler_47.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\dxcompiler.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\dxil.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\elevation_service.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\eventlog_provider.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Extensions\external_extensions.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\ffmpeg.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\icudtl.dat
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\libEGL.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\libGLESv2.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\af.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\am.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ar.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\bg.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\bn.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ca.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\cs.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\da.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\de.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\el.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\en-GB.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\en-US.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\es-419.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\es.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\et.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fa.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fil.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\fr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\gu.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\he.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\hu.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\id.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\it.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ja.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\kn.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ko.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\lt.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\lv.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ml.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\mr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ms.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\nb.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\nl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pt-BR.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\pt-PT.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ro.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ru.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sk.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sl.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sv.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\sw.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ta.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\te.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\th.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\tr.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\uk.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\ur.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\vi.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\zh-CN.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\Locales\zh-TW.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload\manifest.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\MEIPreload\preloaded_data.pb
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\mimic.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\mojo_core.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\notification_helper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\resources.pak
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\setup_helper_syslib.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\snapshot_blob.bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\v8_context_snapshot.bin
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements\Logo.png
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\VisualElements\SmallLogo.png
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vk_swiftshader.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vk_swiftshader_icd.json
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\vulkan-1.dll
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowser.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserProtect.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserQHelper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowserUninstall.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\browser_proxy.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\initial_preferences
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\AVGBrowser.VisualElementsManifest.xml
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\SetupMetrics
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\setup.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\124.0.25069.209\Installer\chrmstp.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\browser_proxy.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\initial_preferences
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowserQHelper.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Directory created: C:\Program Files\AVG\Browser\Application\SetupMetrics\9235c4e7-ae53-479e-b681-9b7e025f31b5.tmp

PE / OLE file has a valid certificate

Source: file.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: file.exe

Static file information: File size 6116304 > 1048576

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: goopdateres_unsigned_ms.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003222000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000440F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165133974.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165205878.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164927132.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fa.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003961000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004337000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152791561.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152687306.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152408496.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ru.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000445F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A89000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168125977.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168061555.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167925652.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_lt.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043E1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A0B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163524223.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163205272.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163413117.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_el.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003104000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042F1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150108705.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150018075.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149856176.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\initialexe\AVGBrowser.exe.pdb source: AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: goopdateres_unsigned_tr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AF1000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044C7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170590288.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_de.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042E6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149702229.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149481017.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149639323.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_bg.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042AD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147250436.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147135412.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146941772.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_mr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003216000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004402000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164735319.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164643030.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164450051.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateComRegisterShell64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145841812.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146084049.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146150231.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000000.2186495616.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000002.2189908666.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000000.2190630223.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000002.2192620515.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000002.2195344439.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000000.2193531111.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: AVGBrowserCrashHandler64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145507317.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\setup_nosign.exe.pdb source: setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: goopdateres_unsigned_gu.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003177000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004364000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154278126.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154217263.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154003772.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A94000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004481000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169214564.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169165916.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169045548.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_th.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044BB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170430862.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172532345.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdbT source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172800095.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserCrashHandler_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdbX source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171945813.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-avg-x64\mini_installer.exe.pdb source: AVGBrowserInstaller.exe, 00000014.00000000.2482861483.00007FF73BED4000.00000002.00000001.01000000.00000026.sdmp, AVGBrowserInstaller.exe, 00000014.00000002.2879711339.00007FF73BED4000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: AVGBrowserUpdateOnDemand_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\9736f8b792bcd5e7\src\out\Release-x64\chrome_elf.dll.pdb source: AVGBrowser.exe, 0000001E.00000002.2898134802.00007FF8A7ACB000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: psuser_unsigned_64.pdbT source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172227367.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_am.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146198832.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146406367.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146331005.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateWebPlugin_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ta.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003ACD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170084642.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_lv.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043EC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A16000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163686580.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163921549.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2163990015.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_cs.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030E2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148756524.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149020532.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148956582.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdate_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2143860339.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000399A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004370000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154799321.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154508962.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2154944559.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateBroker_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176127906.0000000000782000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_es-419.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003949000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000431F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151812044.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151812044.00000000007A4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151560568.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000002.2908814795.0000000000B28000.00000002.00000001.01000000.00000018.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000000.2108944984.0000000000B28000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: goopdateres_unsigned_pt-BR.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000443D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A67000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167065963.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166860815.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167145584.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000437C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000318F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155429261.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155653574.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2155088171.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_id.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004392000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159583853.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159098504.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2158363262.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned_64.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172227367.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateComRegisterShell64_unsigned.pdb^ source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145841812.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146084049.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146150231.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000000.2186495616.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 00000009.00000002.2189908666.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000000.2190630223.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000A.00000002.2192620515.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000002.2195344439.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp, AVGBrowserUpdateComRegisterShell64.exe, 0000000C.00000000.2193531111.00007FF677B5B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: goopdateres_unsigned_zh-TW.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B12000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044FF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000ABF000.00000004.00000010.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171629574.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned.pdbX source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172532345.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sw.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004498000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169921274.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169760351.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169979059.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_it.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043A9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160342541.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160573365.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160666549.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_pt-PT.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004448000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167235240.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167405477.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167460912.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_vi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044E8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B13000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171109384.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_bn.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038E2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042B8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147746330.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147854898.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2147498223.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: acuapi_64_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2173471506.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sv.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000448D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AA0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169451957.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169609203.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2169288884.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ja.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161534514.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161282116.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161673996.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_es.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000393E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004314000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151022828.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151295194.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2151365862.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_is.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000039C8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000439E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2159809709.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160034051.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160191266.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ro.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A7E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004453000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167789427.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167735488.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2167562873.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_uk.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AE5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044D2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170749651.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fr.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003983000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004358000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153691467.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153837503.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153911762.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ca.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148671542.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148513714.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2148000470.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_nl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000322D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165310044.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165673173.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165540989.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ko.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162834499.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162957240.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162442370.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_et.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000313E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000432B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152035302.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152168818.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152246594.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ur.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044DD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170927202.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_no.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004426000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166353148.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2165885183.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166432853.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_iw.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161092400.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160811345.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2160987300.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_te.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003AD9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044AF000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2170266211.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_fil.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000434D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153610715.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153306642.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153556127.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_pl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A5B000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166681516.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166534186.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2166754218.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_en-GB.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003933000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004309000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000002.2900499809.0000000000A10000.00000002.00000001.00040000.0000002D.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150672751.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150920384.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150858095.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000011.00000002.2888623349.0000000000C00000.00000002.00000001.00040000.0000002C.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2896108642.00000000013E0000.00000002.00000001.00040000.0000002C.sdmp
Source:	Binary string: goopdateres_unsigned_fi.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004342000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2152886939.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153171386.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2153084030.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sk.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168546407.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168236782.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168465236.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171945813.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ml.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000320A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043F7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164264655.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164335990.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2164095384.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: npAvgBrowserUpdate3_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003BCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176075476.0000000000781000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2176029036.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_hu.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004387000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.000000000319A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2156600983.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2157791884.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2158175358.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_da.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003905000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042DB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149386687.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149172877.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2149326912.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_en.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042FD000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003110000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150223781.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150536478.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2150458860.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000006.00000002.2180276782.0000000000C20000.00000002.00000001.00040000.0000001E.sdmp, AVGBrowserUpdate.exe, 0000000D.00000002.2292632206.0000000000F60000.00000002.00000001.00040000.0000001E.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2896542114.00000000014B0000.00000002.00000001.00040000.0000001E.sdmp
Source:	Binary string: psmachine_unsigned_64.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2172800095.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_ar.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146568139.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146833064.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2146745656.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_sl.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002A89000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004476000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168861429.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168701046.0000000000796000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2168945218.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdate_unsigned.pdb source: AVGBrowserUpdate.exe, AVGBrowserUpdate.exe, 00000006.00000002.2179645124.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000008.00000000.2185347276.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000B.00000000.2192928136.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000D.00000000.2193569917.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 0000000E.00000002.2217270400.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244031208.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000011.00000002.2887745804.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000012.00000000.2227648919.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, AVGBrowserUpdate.exe, 00000013.00000002.2284298938.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: goopdateres_unsigned_zh-CN.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2171368998.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: goopdateres_unsigned_kn.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031DE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000043CB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162128901.00000000007A5000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2162261282.0000000000795000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2161914207.0000000000796000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: acuapi_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2173194656.0000000000795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AVGBrowserUpdateCore_unsigned.pdb source: AVGBrowserUpdateSetup.exe, 00000004.00000002.2908350799.0000000000AC4000.00000004.00000010.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000005.00000003.2145023147.0000000000795000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B17F90 LoadLibraryW,GetProcAddress,FreeLibrary,

9_2_00007FF677B17F90

PE file contains an invalid checksum

Source: ajF04F.exe.0.dr	Static PE information: real checksum: 0x5d664c should be: 0x5dd049
Source: file.exe	Static PE information: real checksum: 0x5d664c should be: 0x5daa1d
Source: AVGBrowserUninstall.exe.3.dr	Static PE information: real checksum: 0x5d664c should be: 0x5dd049

PE file contains sections with non-standard names

Source: AVGBrowserUpdateComRegisterShell64.exe.4.dr	Static PE information: section name: _RDATA
Source: acuapi_64.dll.4.dr	Static PE information: section name: _RDATA
Source: psmachine.dll.4.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.4.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.4.dr	Static PE information: section name: _RDATA
Source: psuser.dll.4.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.4.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.4.dr	Static PE information: section name: _RDATA
Source: AVGBrowserCrashHandler64.exe.4.dr	Static PE information: section name: _RDATA
Source: AVGBrowserCrashHandler64.exe.5.dr	Static PE information: section name: _RDATA
Source: AVGBrowserUpdateComRegisterShell64.exe.5.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B264C6 push ecx; ret	4_2_00B264D9
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A742F6 push ecx; ret	5_2_00A74309
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_000842F6 push ecx; ret	6_2_00084309
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 18_2_02A5D325 pushad ; ret	18_2_02A5D40E
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 18_2_02A5EB00 pushad ; ret	18_2_02A5EB01
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 18_2_02A5D149 pushad ; ret	18_2_02A5D14A
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_0077CB46 push ecx; ret	32_2_0077CB59

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\Download\{48F69C39-1356-4A7B-A899-70E3539D4982}\124.0.25069.209\AVGBrowserInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\npAvgBrowserUpdate3.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sw.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_am.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_es.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_bn.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_bg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_mr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ta.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\sciterui.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\psmachine.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateComRegisterShell64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_uk.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\acuapi_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_el.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ja.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ar.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	File created: C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_da.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserCrashHandler64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_is.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_cs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_am.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_en.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_id.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\acuapi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sv.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	File created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\browser_crash_reporter.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fr.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	File created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\aswEngineConnector.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ur.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserCrashHandler.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\{DF5A446B-D24D-4C0E-B25C-417D247911DA}\scrt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdate.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_tr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ru.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ca.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_et.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ja.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_no.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\reboot.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_cs.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\Midex.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\sciterui.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ms.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\jsis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\Midex.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hu.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	File created: C:\Users\user\AppData\Local\Temp\{1FF43E4D-AA88-4479-9A55-5241D9C8AAC8}-AVGBrowserInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\jsis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_mr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_lv.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_nl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ro.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_th.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	File created: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdate.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_vi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\reboot.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_de.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ta.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_is.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	File created: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	File created: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll	Jump to dropped file

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B22374 SHGetFolderPathW,_invalid_parameter_noinfo_noreturn,GetPrivateProfileStringW,_Init_thread_footer,		9_2_00007FF677B22374
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B15414 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,		9_2_00007FF677B15414

Creates install or setup log file

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\AVGBrowser_installer.log

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe DisableExceptionChainValidation	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe DisableExceptionChainValidation	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} NULL
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} NULL
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} StubPath
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} StubPath
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} Localized Name
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} Localized Name
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} IsInstalled
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} IsInstalled
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} Version
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48F69C39-1356-4A7B-A899-70E3539D4982} Version

Creates multiple autostart registry keys

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_726B817271C484847A690E2C1C98BF60
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_53F4AD9791D53E4F31988DF26A2B411E
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_6124C6D99F5330FF26FB94C49688230C

Changes image file execution options

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe DisableExceptionChainValidation

Jump to behavior

Creates or modifies windows services

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Browser

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_53F4AD9791D53E4F31988DF26A2B411E
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_53F4AD9791D53E4F31988DF26A2B411E
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_726B817271C484847A690E2C1C98BF60
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_726B817271C484847A690E2C1C98BF60
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_6124C6D99F5330FF26FB94C49688230C
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_6124C6D99F5330FF26FB94C49688230C

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Found evasive API chain (may stop execution after checking volume information)

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe

Evasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcess

Found evasive API chain checking for user administrative privileges

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Check user administrative privileges: IsUserAndAdmin, DecisionNode

graph_4-12080

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	System information queried: FirmwareTableInformation

Contains capabilities to detect virtual machines

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File opened / queried: C:\Program Files\VMware\VMware Tools
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Tools
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

Code function: 30_2_00007FF690EF9820 rdtsc

30_2_00007FF690EF9820

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\file.exe

Window / User API: windowPlacementGot 790

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_id.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\npAvgBrowserUpdate3.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sw.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_am.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_bn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_mr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_bg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\inetc.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ta.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\sciterui.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fa.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_uk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\acuapi_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_el.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ja.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_da.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\jsisdl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_is.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_cs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_am.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_en.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_id.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\acuapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ca.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sv.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Dropped PE file which has not been started: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\browser_crash_reporter.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fr.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Dropped PE file which has not been started: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\aswEngineConnector.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{DF5A446B-D24D-4C0E-B25C-417D247911DA}\scrt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdate.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_tr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ru.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ca.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_nl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_et.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_iw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ja.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_te.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_no.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\reboot.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_cs.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_da.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_zh-TW.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\Midex.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en-GB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_es-419.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\sciterui.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\jsis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgE448.tmp\Midex.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_hu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\thirdparty.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ko.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\jsis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ur.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateOnDemand.exe	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_mr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ml.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_lv.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_gu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_nl.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_th.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ro.dll	Jump to dropped file
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Dropped PE file which has not been started: C:\Program Files\AVG\Browser\Temp\source7676_1868020628\Safer-bin\124.0.25069.209\chrome.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdate.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_vi.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_lt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\reboot.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_sw.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_de.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-BR.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AccessControl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_ta.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_is.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_fil.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_it.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdateCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\GUMA6B.tmp\goopdateres_zh-CN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\JsisPlugins.dll	Jump to dropped file
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll	Jump to dropped file

Found evasive API chain (may stop execution after accessing registry keys)

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe

Evasive API call chain: RegOpenKey,DecisionNodes,ExitProcess

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found evasive API chain checking for process token information

Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	API coverage: 9.3 %
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	API coverage: 9.8 %
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	API coverage: 7.8 %
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	API coverage: 6.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 5844	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe TID: 7312	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe TID: 7384	Thread sleep time: -30000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Queries keyboard layouts

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_Bios
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_Bios
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_Bios

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8108_647370180\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8108_647370180\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8108_647370180\Default\blob_storage\5e8100cf-7159-4e99-9313-0a869d31e733 FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8108_647370180\Default FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8108_647370180 FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8128_116327840\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\Heartbeat8128_116327840\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default\blob_storage\197db9ea-a404-48c2-aea2-45dc34949ea9 FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default FullSizeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File Volume queried: C:\Users\user\AppData\Local\AVG\Browser\User Data FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1C375 FindFirstFileExW,	4_2_00B1C375
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A6D8AF FindFirstFileExW,	5_2_00A6D8AF
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_0007D8AF FindFirstFileExW,	6_2_0007D8AF
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B4F014 FindFirstFileExW,	9_2_00007FF677B4F014
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_00776015 FindFirstFileExW,	32_2_00776015
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD6F4C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	33_2_00007FF60BFD6F4C

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: AVGBrowserUpdate.exe, 00000010.00000002.2245081307.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2243565183.0000000000CC9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2243791317.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU
Source: AVGBrowser.exe, 0000001C.00000003.3008186896.000002822CFFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 0000000D.00000002.2284690621.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 0000000D.00000002.2292259990.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 0000000D.00000003.2280447200.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244814021.0000000000C9D000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2245081307.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000C99000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2243565183.0000000000CC9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000003.2243791317.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AVGBrowserUpdate.exe, 00000005.00000002.2900214476.00000000007AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^j
Source: AVGBrowser.exe, 0000001C.00000003.3008484978.000002822D00D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: AVGBrowser.exe, 0000001C.00000003.3054877241.000002822D005000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}d\|

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks if the current process is being debugged

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process queried: DebugPort

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

Code function: 30_2_00007FF690EF9820 rdtsc

30_2_00007FF690EF9820

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B1BCC4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00B1BCC4

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B30DEC InitializeCriticalSectionAndSpinCount,GetLastError,IsDebuggerPresent,OutputDebugStringW,

9_2_00007FF677B30DEC

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B17F90 LoadLibraryW,GetProcAddress,FreeLibrary,

9_2_00007FF677B17F90

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1D630 mov eax, dword ptr fs:[00000030h]	4_2_00B1D630
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B187D6 mov ecx, dword ptr fs:[00000030h]	4_2_00B187D6
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A6BEA8 mov ecx, dword ptr fs:[00000030h]	5_2_00A6BEA8
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A6D651 mov eax, dword ptr fs:[00000030h]	5_2_00A6D651
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_0007D651 mov eax, dword ptr fs:[00000030h]	6_2_0007D651
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_0007BEA8 mov ecx, dword ptr fs:[00000030h]	6_2_0007BEA8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_0077485A mov ecx, dword ptr fs:[00000030h]	32_2_0077485A
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_00776E79 mov eax, dword ptr fs:[00000030h]	32_2_00776E79

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B111D5 GetProcessHeap,__Init_thread_footer,__Init_thread_footer,

4_2_00B111D5

Enables debug privileges

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1BCC4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00B1BCC4
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B1557C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00B1557C
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B15A10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00B15A10
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Code function: 4_2_00B15710 SetUnhandledExceptionFilter,	4_2_00B15710
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A67D01 SetUnhandledExceptionFilter,	5_2_00A67D01
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A67A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00A67A48
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A6B7EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00A6B7EE
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Code function: 5_2_00A67B6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00A67B6A
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_00077D01 SetUnhandledExceptionFilter,	6_2_00077D01
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_00077A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00077A48
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_00077B6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00077B6A
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Code function: 6_2_0007B7EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_0007B7EE
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B38FE8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF677B38FE8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B31708 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00007FF677B31708
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B31CA0 SetUnhandledExceptionFilter,	9_2_00007FF677B31CA0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: 9_2_00007FF677B31ABC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF677B31ABC
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6016C79A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	23_2_00007FF6016C79A8
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 23_2_00007FF6016AEC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	23_2_00007FF6016AEC08
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6016C79A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00007FF6016C79A8
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Code function: 24_2_00007FF6016AEC08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_00007FF6016AEC08
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF69104BE54 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	30_2_00007FF69104BE54
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: 30_2_00007FF691032DA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	30_2_00007FF691032DA8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_0077187E SetUnhandledExceptionFilter,	32_2_0077187E
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_007759A4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_007759A4
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_0077125E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	32_2_0077125E
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	Code function: 32_2_007716EA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_007716EA
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD693C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_00007FF60BFD693C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD1980 SetUnhandledExceptionFilter,	33_2_00007FF60BFD1980
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD12AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	33_2_00007FF60BFD12AC
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	Code function: 33_2_00007FF60BFD179C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_00007FF60BFD179C

HIPS / PFW / Operating System Protection Evasion

Contains functionality to prevent local Windows debugging

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B29FFC OutputDebugStringA,WaitForSingleObject,InitializeCriticalSection,EnterCriticalSection,SetFilePointer,WriteFile,ReleaseMutex,LeaveCriticalSection,IsDebuggerPresent,DebugBreak,GetCurrentProcess,TerminateProcess,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

9_2_00007FF677B29FFC

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc2MzdDRkNCLUUwOEQtNDNENC1CMUY3LUMyNERBQjEzQkI4MH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntFMUJBQjY4OC1CMDJGLTQ3NDktOUY4OC0zRTFCNEU3REE5OTR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDMiIG1hY2hpbmVpZD0iezAwMDBGOEI1LUM3REUtQTQ4Qy1EMDU4LTA3RTI0NTVCOUE1Qn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsyNTJFNzAzQS1GNkRGLTRBQjYtOTE2MS00NEZENUYwNjYwMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuMjAwNiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLUdCIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA2MyIvPjwvYXBwPjwvcmVxdWVzdD4	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637CFCB-E08D-43D4-B1F7-C24DAB13BB80}" /silent	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8108_647370180\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\\Heartbeat8128_116327840\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe AVGBrowser.exe --heartbeat --install --create-profile
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe avgbrowserupdatesetup.exe /silent /install "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe "c:\program files (x86)\guma6b.tmp\avgbrowserupdate.exe" /silent /install "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezfdodlfrjjglue4oeutnerfmc05n0zfluncndbdoeu0rkvfqx0iihvwzgf0zxj2zxjzaw9upsixljgumty5my42iibzagvsbf92zxjzaw9upsixljgumty5my42iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0iezc2mzddrkncluuwoeqtndnenc1cmuy3lumynerbqjezqki4mh0iignlcnrfzxhwx2rhdgu9ijiwmjuwote3iib1c2vyawq9intfmujbqjy4oc1cmdjgltq3ndktouy4oc0zrtfcneu3ree5otr9iib1c2vyawrfzgf0zt0imjaynda2mdmiig1hy2hpbmvpzd0iezawmdbgoei1lum3reutqtq4qy1emdu4lta3rti0ntvcoue1qn0iig1hy2hpbmvpzf9kyxrlpsiymdi0mdywmyigaw5zdgfsbhnvdxjjzt0ib3rozxjpbnn0ywxsy21kiib0zxn0c291cmnlpsjhdxrviibyzxf1zxn0awq9insyntjfnzazqs1gnkrgltrbqjytote2ms00nezenuywnjywmer9iibkzwr1cd0iy3iiigrvbwfpbmpvaw5lzd0imci-pgh3ihboexntzw1vcnk9ijgiihnzzt0imsigc3nlmj0imsigc3nlmz0imsigc3nzztm9ijeiihnzztqxpsixiibzc2u0mj0imsigyxz4psixii8-pg9zihbsyxrmb3jtpsj3aw4iihzlcnnpb249ijewljaumtkwnduumjawniigc3a9iiigyxjjad0iedy0ii8-pgfwccbhchbpzd0iezfdodlfrjjglue4oeutnerfmc05n0zfluncndbdoeu0rkvfqx0iihzlcnnpb249iiigbmv4dhzlcnnpb249ijeuoc4xnjkzljyiigxhbmc9imvuludciibicmfuzd0ioti0osigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inja2myivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe" /handoff "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637cfcb-e08d-43d4-b1f7-c24dab13bb80}" /silent
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\avgbrowserinstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\setup.exe" --install-archive="c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\secure.packed.7z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\windows\systemtemp\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\\heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\\heartbeat8108_647370180\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\\heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\\heartbeat8128_116327840\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	Process created: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe avgbrowserupdatesetup.exe /silent /install "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe	Process created: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe "c:\program files (x86)\guma6b.tmp\avgbrowserupdate.exe" /silent /install "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezfdodlfrjjglue4oeutnerfmc05n0zfluncndbdoeu0rkvfqx0iihvwzgf0zxj2zxjzaw9upsixljgumty5my42iibzagvsbf92zxjzaw9upsixljgumty5my42iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0iezc2mzddrkncluuwoeqtndnenc1cmuy3lumynerbqjezqki4mh0iignlcnrfzxhwx2rhdgu9ijiwmjuwote3iib1c2vyawq9intfmujbqjy4oc1cmdjgltq3ndktouy4oc0zrtfcneu3ree5otr9iib1c2vyawrfzgf0zt0imjaynda2mdmiig1hy2hpbmvpzd0iezawmdbgoei1lum3reutqtq4qy1emdu4lta3rti0ntvcoue1qn0iig1hy2hpbmvpzf9kyxrlpsiymdi0mdywmyigaw5zdgfsbhnvdxjjzt0ib3rozxjpbnn0ywxsy21kiib0zxn0c291cmnlpsjhdxrviibyzxf1zxn0awq9insyntjfnzazqs1gnkrgltrbqjytote2ms00nezenuywnjywmer9iibkzwr1cd0iy3iiigrvbwfpbmpvaw5lzd0imci-pgh3ihboexntzw1vcnk9ijgiihnzzt0imsigc3nlmj0imsigc3nlmz0imsigc3nzztm9ijeiihnzztqxpsixiibzc2u0mj0imsigyxz4psixii8-pg9zihbsyxrmb3jtpsj3aw4iihzlcnnpb249ijewljaumtkwnduumjawniigc3a9iiigyxjjad0iedy0ii8-pgfwccbhchbpzd0iezfdodlfrjjglue4oeutnerfmc05n0zfluncndbdoeu0rkvfqx0iihzlcnnpb249iiigbmv4dhzlcnnpb249ijeuoc4xnjkzljyiigxhbmc9imvuludciibicmfuzd0ioti0osigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0inja2myivpjwvyxbwpjwvcmvxdwvzdd4	Jump to behavior
Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe "c:\program files (x86)\avg\browser\update\avgbrowserupdate.exe" /handoff "bundlename=avg secure browser&appguid={48f69c39-1356-4a7b-a899-70e3539d4982}&appname=avg secure browser&needsadmin=true&lang=en-gb&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{7637cfcb-e08d-43d4-b1f7-c24dab13bb80}" /silent	Jump to behavior
Source: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\avgbrowserinstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\setup.exe" --install-archive="c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\secure.packed.7z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Process created: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe "c:\program files (x86)\avg\browser\update\install\{4677e0b5-6b78-429f-9d3a-dc313e93f94b}\cr_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\windows\systemtemp\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\\heartbeat8108_647370180 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\\heartbeat8108_647370180\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=2124,i,2166630059599507292,14770330184015614422,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\\heartbeat8128_116327840 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\\heartbeat8128_116327840\crashpad --url=fake_url --annotation=plat=win64 --annotation=prod=avg --annotation=ver=124.0.25069.209 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a7b0dc40,0x7ff8a7b0dc4c,0x7ff8a7b0dc58
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Process created: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe "c:\program files\avg\browser\application\avgbrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=2028,i,14563547802735666349,826896251076988020,262144 --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:2

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B17650 GetSecurityDescriptorDacl,InitializeSecurityDescriptor,GetAclInformation,SetSecurityDescriptorDacl,_invalid_parameter_noinfo,

9_2_00007FF677B17650

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B15825 cpuid

4_2_00B15825

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	9_2_00007FF677B52904
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: GetLocaleInfoW,	9_2_00007FF677B53004
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: GetLocaleInfoW,	9_2_00007FF677B4C6F0
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF677B52DB8
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: EnumSystemLocalesW,	9_2_00007FF677B52D20
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: EnumSystemLocalesW,	9_2_00007FF677B52C50
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF677B53338
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: EnumSystemLocalesW,	9_2_00007FF677B4C26C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: GetLocaleInfoW,	9_2_00007FF677B5320C
Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_00007FF677B5315C
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: EnumSystemLocalesW,	30_2_00007FF69105C248
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: EnumSystemLocalesW,	30_2_00007FF691060AAC
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: EnumSystemLocalesW,	30_2_00007FF691060DC8
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: GetLocaleInfoW,	30_2_00007FF69105B5D4
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	30_2_00007FF691061058
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	30_2_00007FF6910607AC

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\124.0.25069.209\MEIPreload\manifest.json VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\124.0.25069.209\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\124.0.25069.209\MEIPreload\manifest.json VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default\Preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\124.0.25069.209\MEIPreload\manifest.json VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\initial_preferences VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Mozilla Firefox\private_browsing.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Mozilla Firefox\firefox.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Windows\System32\control.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\377cc4f8-0c1a-49d4-a7d3-dc885f2ebb50.tmp VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe VolumeInformation
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	Queries volume information: C:\Program Files\AVG\Browser\Application\124.0.25069.209\MEIPreload\preloaded_data.pb VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe

Code function: 4_2_00B1546C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00B1546C

Source: C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

Code function: 9_2_00007FF677B4D90C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

9_2_00007FF677B4D90C

Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe

Code function: 30_2_00007FF690FED2C0 _Init_thread_header,GetVersionExW,GetProductInfo,_Init_thread_header,GetNativeSystemInfo,

30_2_00007FF690FED2C0

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables exception chain validation (SEHOP)

Source: C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGBrowserUpdate.exe DisableExceptionChainValidation

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ajF04F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File opened: C:\Users\user\AppData\Local\AVG\Browser\User Data\Default\History
Source: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	231 Native API	1 Image File Execution Options Injection	1 Image File Execution Options Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	13 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	2 Obfuscated Files or Information	Security Account Manager	11 Peripheral Device Discovery	SMB/Windows Admin Shares	2 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 DLL Side-Loading	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	21 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 File Deletion	LSA Secrets	166 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	21 Registry Run Keys / Startup Folder	13 Masquerading	Cached Domain Credentials	1 Query Registry	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	14 Virtualization/Sandbox Evasion	DCSync	271 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Process Injection	Proc Filesystem	14 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 Remote System Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateSetup.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdate.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_am.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ar.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bg.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_bn.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ca.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_cs.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_da.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_de.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_el.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en-GB.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_en.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es-419.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_es.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_et.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fa.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fi.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fil.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_fr.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_gu.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hi.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hr.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_hu.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_id.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_is.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_it.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_iw.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ja.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_kn.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ko.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lt.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_lv.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ml.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_mr.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ms.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_nl.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_no.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pl.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-BR.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_pt-PT.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ro.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ru.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sk.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sl.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sr.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sv.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_sw.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ta.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_te.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_th.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_tr.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_uk.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_ur.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_vi.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-CN.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_zh-TW.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll	0%	ReversingLabs
C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\psmachine.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://anglebug.com/4633	0%	URL Reputation	safe
https://anglebug.com/7382	0%	URL Reputation	safe
https://issuetracker.google.com/284462263	0%	URL Reputation	safe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	0%	URL Reputation	safe
https://anglebug.com/7714	0%	URL Reputation	safe
http://unisolated.invalid/	0%	URL Reputation	safe
http://anglebug.com/6248	0%	URL Reputation	safe
http://anglebug.com/6929	0%	URL Reputation	safe
http://anglebug.com/5281	0%	URL Reputation	safe
https://issuetracker.google.com/255411748	0%	URL Reputation	safe
https://crashpad.chromium.org/	0%	URL Reputation	safe
https://anglebug.com/7246	0%	URL Reputation	safe
https://anglebug.com/7369	0%	URL Reputation	safe
https://anglebug.com/7489	0%	URL Reputation	safe
https://drive-daily-2.corp.google.com/	0%	URL Reputation	safe
https://issuetracker.google.com/161903006	0%	URL Reputation	safe
https://drive-daily-1.corp.google.com/	0%	URL Reputation	safe
https://drive-daily-5.corp.google.com/	0%	URL Reputation	safe
http://anglebug.com/3078	0%	URL Reputation	safe
http://anglebug.com/7553	0%	URL Reputation	safe
http://anglebug.com/5375	0%	URL Reputation	safe
http://anglebug.com/5371	0%	URL Reputation	safe
http://anglebug.com/4722	0%	URL Reputation	safe
http://anglebug.com/7556	0%	URL Reputation	safe
https://drive-preprod.corp.google.com/	0%	URL Reputation	safe
http://anglebug.com/6692	0%	URL Reputation	safe
https://issuetracker.google.com/258207403	0%	URL Reputation	safe
http://anglebug.com/3502	0%	URL Reputation	safe
http://anglebug.com/3623	0%	URL Reputation	safe
http://anglebug.com/3625	0%	URL Reputation	safe
http://anglebug.com/3624	0%	URL Reputation	safe
https://crashpad.chromium.org/bug/new	0%	URL Reputation	safe
http://anglebug.com/5007	0%	URL Reputation	safe
http://anglebug.com/3862	0%	URL Reputation	safe
http://www.avast.com0/	0%	URL Reputation	safe
http://anglebug.com/4836	0%	URL Reputation	safe
https://issuetracker.google.com/issues/166475273	0%	URL Reputation	safe
http://anglebug.com/4384	0%	URL Reputation	safe
http://anglebug.com/3970	0%	URL Reputation	safe
https://anglebug.com/7604	0%	URL Reputation	safe
http://anglebug.com/7761	0%	URL Reputation	safe
http://anglebug.com/7760	0%	URL Reputation	safe
http://anglebug.com/5901	0%	URL Reputation	safe
http://anglebug.com/3965	0%	URL Reputation	safe
http://anglebug.com/6439	0%	URL Reputation	safe
http://anglebug.com/7406	0%	URL Reputation	safe
https://anglebug.com/7161	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://engagement-content.avastbrowser.com/94047/illustration.svg	AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://www.yahoo.com/favicon.icohttps://ch.search.yahoo.com/yhs/search	AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://update.avgbrowser.com/V	AVGBrowserUpdate.exe, 0000000D.00000002.2285893864.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 0000000D.00000003.2281016026.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4633	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7382	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/284462263	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.avast.com1.2.840.113549.1.9.4	ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://search.yahoo.com/yhs/search	AVGBrowser.exe, 0000001C.00000003.3000072043.00001B1C02D40000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://support.avg.com/SupportArticleView?l=en&urlName=avg-secure-browser-faq&q=coupons&supportType	AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://browser-update.avg.com/browser-avg/win/x64/124.0.25069.209/AVGBrowserInstaller.exeam	AVGBrowserUpdate.exe, 00000012.00000002.2899056963.00000000031A0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	false	URL Reputation: safe	unknown
https://docs.google.com/	ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7714	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://unisolated.invalid/	AVGBrowser.exe, 0000001D.00000003.2950597680.00000FDC029A0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/6248	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://addons.avg.securebrowser.com	AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/6929	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://update.avgbrowser.com/adblock/assets/v3/filter_whitelist.txt	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5281	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/255411748	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crashpad.chromium.org/	setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7246	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7369	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7489	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://beta-onboarding.avira.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://config.ccleaner.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore	AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/8417	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://drive-daily-2.corp.google.com/	ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.startpage.com/en/how-startpage-works	AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/161903006	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drive-daily-1.corp.google.com/	ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://easylist-downloads.adblockplus.org/easylist.txt	AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://drive-daily-5.corp.google.com/	ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dev-onboarding.avira.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://dev-onboarding.norton.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3078	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/7553	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/5375	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/155487768	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://update.avgbrowser.com/	AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244872340.0000000000CAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897358431.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2889037888.0000000001571000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.startpage.com/sp/cdn/images/startpage-logo-new.svg	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5371	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://update.avgbrowser.com/service/update2?cup2key=9:1470396613&cup2hreq=9946070338cefa8ad493aa8c	AVGBrowserUpdate.exe, 00000012.00000003.2895005428.000000000159E000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2891305776.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897358431.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2895370553.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2892228142.000000000159C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897153726.0000000001537000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2889037888.0000000001571000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897780593.00000000015A0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4722	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://addons.avast.securebrowser.com	AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://easylist-downloads.adblockplus.org/exceptionrules.txt	AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://addons.avast.com/	AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://easylist-downloads.adblockplus.org/abpvn	AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://engagement-content.avastbrowser.com/79015/pg_indicator_on_dark.svg	AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://engagement-content.avastbrowser.com/94625/icon_avira.svg	AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/7556	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://addons.norton.securebrowser.com1)https://test-browser-addons.svc.avast.comQIDiscover	AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://drive-preprod.corp.google.com/	ajF04F.exe, 00000003.00000003.2074644451.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://onboarding.ccleaner.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://easylist-downloads.adblockplus.org/abpindo	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3047052872.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://addons.avg.securebrowser.com1)https://addons.ccleaner.securebrowser.com.&https://addons.avir	AVGBrowser.exe, 0000001C.00000003.3012102665.00001B1C029B8000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012296585.00001B1C02E6C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012199682.00001B1C02934000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3017727475.00001B1C02C60000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3012373557.00001B1C02E80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://dev-config.avast.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://gemini.google.com/app?q=	AVGBrowser.exe, 0000001C.00000003.3047803586.00001B1C02AD0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/6692	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/258207403	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stats.securebrowser.com/N	ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3502	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3623	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3625	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3624	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://crashpad.chromium.org/bug/new	setup.exe, 00000017.00000002.2873586684.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000017.00000000.2539988971.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000002.2876710388.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, setup.exe, 00000018.00000000.2544840578.00007FF6017BA000.00000002.00000001.01000000.00000027.sdmp, AVGBrowser.exe, 0000001A.00000000.2869521627.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001B.00000000.2872124493.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001C.00000000.2875770965.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001D.00000000.2876092036.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000002.2889102468.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001E.00000000.2878831708.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000002.2896650039.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp, AVGBrowser.exe, 0000001F.00000000.2879064714.00007FF6910EE000.00000002.00000001.01000000.00000028.sdmp	false	URL Reputation: safe	unknown
https://engagement-content.avastbrowser.com/94055/illustration-3.svg	AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5007	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://engagement-content.avastbrowser.com/79014/pg_indicator_on_light.svg	AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3862	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://beta-config.avira.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.avast.com0/	ajF04F.exe, 00000003.00000003.2920688630.0000000003973000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000441A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030D6000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000042C3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044A3000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.000000000446A000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003977000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.00000000044F4000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000002B23000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2116230812.0000000004431000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000396C000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.000000000326F000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003B07000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.00000000038CC000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2119106262.0000000003A72000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.0000000003239000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdateSetup.exe, 00000004.00000003.2112481989.00000000031E9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/4836	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/issues/166475273	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.norton.com/sp/en/us/home/current/solutions/v2023031322263778	AVGBrowser.exe, 0000001C.00000003.3046330607.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011991588.00001B1C02E30000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3027804980.00001B1C029E4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986448715.00000FDC02E0C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4384	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://browser-update.avg.com/browser-avg/win/x64/124.0.25069.209/	AVGBrowserUpdate.exe, 00000012.00000003.2895005428.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000002.2897412994.0000000001582000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000012.00000003.2888337213.0000000002950000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txtt	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/309028728	AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3970	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/8503	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://config.avast.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://engagement-content.avastbrowser.com/94626/icon_avg.png	AVGBrowser.exe, 0000001D.00000003.3045716415.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://update.avgbrowser.com/service/update2s	AVGBrowserUpdate.exe, 0000000D.00000002.2284690621.0000000000D25000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://beta-onboarding.avg.securebrowser.com	AVGBrowser.exe, 0000001D.00000003.2985955121.00000FDC02A44000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://stats.securebrowser.com/?_=1717427700642&retry_tracking_count=0&last_request_error_code=0&la	ajF04F.exe, 00000003.00000003.2099462467.000000000395A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://update.avgbrowser.com/service/update2~	AVGBrowserUpdate.exe, 00000010.00000003.2242142015.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp, AVGBrowserUpdate.exe, 00000010.00000002.2244872340.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7604	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/7761	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.avast.com	ajF04F.exe, 00000003.00000003.2108302657.0000000004491000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2926022679.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2925888033.00000000044A0000.00000004.00000020.00020000.00000000.sdmp, ajF04F.exe, 00000003.00000003.2108426382.0000000004499000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/7760	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/8297	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5901	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt	AVGBrowser.exe, 0000001C.00000003.2981624358.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011651551.00001B1C02B80000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3965	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/6439	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/7406	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7161	AVGBrowser.exe, 0000001C.00000003.3011819534.00001B1C02DC4000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001C.00000003.3011748371.00001B1C0253C000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986176559.00000FDC02550000.00000004.00001000.00020000.00000000.sdmp, AVGBrowser.exe, 0000001D.00000003.2986258984.00000FDC02DA8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.41.145	unknown	United States	13335	CLOUDFLARENETUS	false
2.16.164.59	unknown	European Union	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.28.90.27	unknown	United States	16625	AKAMAI-ASUS	false
104.20.87.8	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1451180
Start date and time:	2024-06-03 17:14:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal40.spyw.evad.winEXE@82/560@0/6
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Execution Graph export aborted for target AVGBrowserUpdate.exe, PID 2636 because there are no executed function
Execution Graph export aborted for target AVGBrowserUpdate.exe, PID 7348 because there are no executed function
Execution Graph export aborted for target elevation_service.exe, PID 5856 because there are no executed function
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
11:14:55	API Interceptor	2x Sleep call for process: svchost.exe modified
11:15:16	API Interceptor	2x Sleep call for process: AVGBrowserUpdate.exe modified
17:15:11	Task Scheduler	Run new task: AVGUpdateTaskMachineCore path: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe s>/c
17:15:11	Task Scheduler	Run new task: AVGUpdateTaskMachineUA path: C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe s>/ua /installsource scheduler
17:16:18	Task Scheduler	Run new task: AVG Secure Browser Heartbeat Task (Hourly) path: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe s>--type=heartbeat --hourly
17:16:19	Task Scheduler	Run new task: AVG Secure Browser Heartbeat Task (Logon) path: C:\Program Files\AVG\Browser\Application\AVGBrowser.exe s>--type=heartbeat --logon
17:16:31	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_726B817271C484847A690E2C1C98BF60 "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default"
17:16:40	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_53F4AD9791D53E4F31988DF26A2B411E "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default"
17:16:48	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_6124C6D99F5330FF26FB94C49688230C "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default"
17:16:54	Task Scheduler	Run new task: AVGBrowserProtectS-1-5-21-2246122658-3693405117-2476756634-1003 path: C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe s>--runonce
17:16:56	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AVGBrowserAutoLaunch_726B817271C484847A690E2C1C98BF60 "C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.41.145	SecuriteInfo.com.Trojan.InstallCore.4077.7832.32635.exe	Get hash	malicious	PureLog Stealer	Browse
	avg_secure_browser_setup.exe	Get hash	malicious	Unknown	Browse
	utweb_installer.exe	Get hash	malicious	Mars Stealer	Browse
	utweb_installer.exe	Get hash	malicious	Mars Stealer, Vidar	Browse
239.255.255.250	https://c2hcr321.caspio.com/dp/20ced00016e9653b00c2435d8109	Get hash	malicious	Unknown	Browse
	20ced00016e9653b00c2435d8109.htm	Get hash	malicious	Unknown	Browse
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#abc@gmail.com	Get hash	malicious	HTMLPhisher	Browse
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#tracey_kroboth@condenast.com	Get hash	malicious	HTMLPhisher	Browse
	https://secure.adpucm.com/adpwebmanager/preAuth/SearchEmployer?company_code=74972&desired_app=UCX-Case-Builder	Get hash	malicious	Unknown	Browse
	http://emminentintl.com/utils/set_language.html?lang=en&key=catalog_119329&return_url=https://ips-webmailsquoto.net/rjfkrg/###tom.winney@wfel.com	Get hash	malicious	HTMLPhisher	Browse
	http://midwestozonegroup.com	Get hash	malicious	HTMLPhisher	Browse
	https://afrikikoresort.com/	Get hash	malicious	Unknown	Browse
	https://muse.krazzykriss.com/	Get hash	malicious	Unknown	Browse
	https://assets-eur.mkt.dynamics.com/21f9f50d-1320-ef11-8406-000d3adc9e50/digitalassets/standaloneforms/3a7ec846-5e21-ef11-840a-0022489c8b2d?code=FnYBDrD1	Get hash	malicious	Unknown	Browse
184.28.90.27	Scannable QrCode.docx	Get hash	malicious	Unknown	Browse
	Ticket (WS455-6593).msg	Get hash	malicious	Unknown	Browse
	https://download2.easeus.com/installer_rss_new.php	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Evo-gen.26431.15713.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse
	Attachments.zip	Get hash	malicious	Unknown	Browse
	10478_20_VSW-100_VSC-03_08_4946.msi	Get hash	malicious	Unknown	Browse
	Endpoint Agent-x64-1.195.0.msi	Get hash	malicious	Unknown	Browse
	n6N8r2Rjfa	Get hash	malicious	Unknown	Browse
	https://pixeldrain.com/l/fXxFweL2	Get hash	malicious	Babadeda, Blank Grabber, Osno	Browse
	finalshell_windows_x64.exe	Get hash	malicious	Unknown	Browse
104.20.87.8	SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	Scannable QrCode.docx	Get hash	malicious	Unknown	Browse	88.221.110.227
	http://telegrum.xyz	Get hash	malicious	Unknown	Browse	95.101.148.20
	Ticket (WS455-6593).msg	Get hash	malicious	Unknown	Browse	2.16.164.75
	nxz1JLFrc3.elf	Get hash	malicious	Mirai	Browse	23.215.60.30
	https://ledger-sync-extens.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	95.101.148.20
	https://www.of372.com/	Get hash	malicious	Unknown	Browse	95.101.148.20
	https://www.cs2ip.net/	Get hash	malicious	Unknown	Browse	95.101.149.47
	ls0PnGaKLG.elf	Get hash	malicious	Unknown	Browse	95.100.100.184
	wechat-3.9.7-installer_ae-GFz1.exe	Get hash	malicious	Coinhive, Crypto Miner, DarkComet, GhostRat, IcedID, LaZagne, Mini RAT	Browse	23.197.126.143
	wechat-3.9.7-installer_ae-GFz1.exe	Get hash	malicious	PureLog Stealer	Browse	104.124.11.8
CLOUDFLARENETUS	https://c2hcr321.caspio.com/dp/20ced00016e9653b00c2435d8109	Get hash	malicious	Unknown	Browse	172.64.154.248
	20ced00016e9653b00c2435d8109.htm	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#abc@gmail.com	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#tracey_kroboth@condenast.com	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.25325.32677.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.97.3
	http://emminentintl.com/utils/set_language.html?lang=en&key=catalog_119329&return_url=https://ips-webmailsquoto.net/rjfkrg/###tom.winney@wfel.com	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	03-07-2024 SWIFT.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	igcc.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	20055.xls	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	TFMUpLhFq6.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
CLOUDFLARENETUS	https://c2hcr321.caspio.com/dp/20ced00016e9653b00c2435d8109	Get hash	malicious	Unknown	Browse	172.64.154.248
	20ced00016e9653b00c2435d8109.htm	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#abc@gmail.com	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#tracey_kroboth@condenast.com	Get hash	malicious	HTMLPhisher	Browse	104.18.10.207
	SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.25325.32677.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	188.114.97.3
	http://emminentintl.com/utils/set_language.html?lang=en&key=catalog_119329&return_url=https://ips-webmailsquoto.net/rjfkrg/###tom.winney@wfel.com	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	03-07-2024 SWIFT.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	igcc.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	20055.xls	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	TFMUpLhFq6.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
AKAMAI-ASUS	Phaser_3117_Win8_32-bit_and_64-bit_GDI.exe	Get hash	malicious	Unknown	Browse	2.19.244.127
	Scannable QrCode.docx	Get hash	malicious	Unknown	Browse	184.28.90.27
	https://supersimple365.com/microsoft-lists-user-experience-update-mid-2023/	Get hash	malicious	Unknown	Browse	23.201.252.227
	https://dawatywmaitzdzmys.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	104.102.48.219
	Ticket (WS455-6593).msg	Get hash	malicious	Unknown	Browse	184.28.90.27
	ESjluyNExL.exe	Get hash	malicious	Vidar	Browse	104.102.42.29
	4xGw66BS5c.elf	Get hash	malicious	Mirai	Browse	104.112.24.27
	jboc00A6YP.elf	Get hash	malicious	Mirai	Browse	23.7.49.149
	z9BtNf1MSZ.elf	Get hash	malicious	Mirai	Browse	184.28.181.110
	https://www.cs2ip.net/	Get hash	malicious	Unknown	Browse	2.16.202.57

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	7820
Entropy (8bit):	5.53496639787323
Encrypted:	false
SSDEEP:	192:XDzo8euIbvqPXCIMAebvqPXCVMAy/2Ens6FX:X4m/4m/d7
MD5:	5917E5A29FA75A9C274423DCC66F6227
SHA1:	E8BD0F3E91A089DA7063DA896FEBD27E533B4C32
SHA-256:	B58C9B3B8925D22395B3F669C81DC5E8ACAD8EF72BD26BBD061506784C5CE9CC
SHA-512:	37E532F23D4E5ACE7DAEE29E5EA93F41E7AA3C03521BF5BF7E00F68D91BE3E57A39CAB0C2CBB52DCE48688A85B75657BCC517A5C92AC38F99F6B36847448A811
Malicious:	false
Preview:	...@IXOS.@.....@.Y.X.@.....@.....@.....@.....@.....@......&.{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}..AVG Update Helper..AVGBrowserUpdateHelper.msi.@.....@.....@.....@........&.{A87CFB5C-61CB-4FE0-9552-F287D1928D95}.....@.....@.....@.....@.......@.....@.....@.......@......AVG Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\AVG\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\5d2f0d.msi...

Process:	C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152880
Entropy (8bit):	6.814650653995357
Encrypted:	false
SSDEEP:	3072:rPfhJk6XlsbrElrmPARuDnQeH9E3DrhsMslRj53Xh6KlBrUAyDfUgQ1ewnI:bfYKsHKmzJK3DrOMA53Xh7l2/vwn
MD5:	F73E60370EFE16A6D985E564275612DA
SHA1:	2F829A0A611AC7ADD51A6BC50569E75181CDFD58
SHA-256:	9CF076866935A0C64366EFAEFF2EC76D45AC816030EBD616FD5DEFB1870BC30E
SHA-512:	2E44E87C285BB7B72D45C8119D08EA6F2D13CEA77CF0005A3CF530790BB86C7F2DF7C5EDAC9D86C9D7214ABB224738C3BF6B31F6BF104051512BB1DE133042DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L.....e.....................p......T.............@..........................P............@.................................d'..(....P..............H&.......@......L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc........P.....................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................

Process:	C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	27
Entropy (8bit):	3.736006946447657
Encrypted:	false
SSDEEP:	3:5M/SNVDzNnv:S/MVnv
MD5:	FC8EE03B2A65F381E4245432D5FEF60E
SHA1:	D2B7D9BE66C75CCF24FCB45A6D0DACEDD8B6DD6F
SHA-256:	751A04263C2EBB889FDCD11045D6F3602690318EBAAA54F66E1332D76DDE9EF4
SHA-512:	0837F2B22C9629990165C5E070E710A69AD4951B7FCFE28BD52354C4B8A7246672497B8AAF521A8773C7EC2A4249FC4318330948AB0D8DB8C6C74DA57B32F1C4
Malicious:	false
Preview:	27 mtime=1711026622.653471.

Process:	C:\Users\user\AppData\Local\Temp\ajF04F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	6116200
Entropy (8bit):	7.990490156580378
Encrypted:	true
SSDEEP:	98304:A9Aqm4Riz+Hbw3PR/eqltg9yLcYGgtf2euoelboe2u+8zBfjjGMfLrmdxiW4KTmv:9qxRii7AoyLVG8XuoelbT2+bK2rmdADJ
MD5:	ACB51434FD82EB460B052F05950B8DCA
SHA1:	707D192DB2CE7CEFDEFCE3037DFB85A18B8811F3
SHA-256:	29FFA251CB267969AF445EB664DF04D1A7BADBCADE61A7F754DE42B6D4340055
SHA-512:	013DC0ABCC9760C6298B7E48007EB1AC4BC2E453F06C1CE4AFF218F50CD1E2C4BB44AD6BC5687EDB057DF8B0E38FA0AAADA7A8D045ED08412278D3031527229D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV._...PV..PW.MPV._...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f..........5............@.................................Lf]...@..........................................................].P)...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8307298153167398
Encrypted:	false
SSDEEP:
MD5:	5A87DDF5CDC00B0F334A120BAF4C7AD0
SHA1:	405CB6A141FE9B224CB550ECD584CF3DDDAB09CC
SHA-256:	C94FF693957EF6F69C44E8BC0E98DDC392268DAA58E364BCD9856BE0332FAF72
SHA-512:	75347BD0FF96B477EEF3891622010C4240B14642AC0FD7BB1BDD59C7841D34E692ACB25388CBD0EFB83332E50D8E27B5A5EF5758B742C4421545D6DCAB54E1DF
Malicious:	false
Reputation:	unknown
Preview:	...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

Process:	C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7242
Entropy (8bit):	5.851245751549517
Encrypted:	false
SSDEEP:
MD5:	0D31FE9461BCCC2FA1D25ED129B6DD5F
SHA1:	859F4614DE3D8E9105CDD2CF26BED8E4142C68C6
SHA-256:	889C1445AE4362EE6EB9502402884E6B5C457297E17BCAAD676508C99A14DC53
SHA-512:	05198CC24F881C77C0340B25F9568F19CEA0F913D4D96685BE48D6A4E5F1FE6C3FD7720460A0A50254B11124702132F5D689554D40BEE80907BA4A035BF054EA
Malicious:	false
Reputation:	unknown
Preview:	{"autolaunch":{"engagement_count":-1,"id":"422","restore_tabs":false,"show_infobar_count":-2,"show_ntp":false,"skip_infobar_count":1,"start_maximized":false,"state":3,"timestamp":1643760000},"background_mode":1,"breadcrumbs":{"enabled":false,"enabled_time":"13361901387716892"},"browser":{"shortcut_migration_version":"124.0.25069.209"},"engagement":{"changed_by_user":{"background_mode":false}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"last_run_browser_version":"124.0.25069.209","latest_experiments_overrides":["EnableTabMuting","browserProtect","BrowserPro","AvastVPN","BackgroundImages","PhalanxContentScanning","InterpolateGoogleTiles","NtpExtension","ReplaceUserAgent","first-search-omnibox","GpuSpoofProcessName","PhalanxJavaScriptScriptsScanning","RedesignedClose"],"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"app_b

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	6116200
Entropy (8bit):	7.990490156580378
Encrypted:	true
SSDEEP:
MD5:	ACB51434FD82EB460B052F05950B8DCA
SHA1:	707D192DB2CE7CEFDEFCE3037DFB85A18B8811F3
SHA-256:	29FFA251CB267969AF445EB664DF04D1A7BADBCADE61A7F754DE42B6D4340055
SHA-512:	013DC0ABCC9760C6298B7E48007EB1AC4BC2E453F06C1CE4AFF218F50CD1E2C4BB44AD6BC5687EDB057DF8B0E38FA0AAADA7A8D045ED08412278D3031527229D
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV._...PV..PW.MPV._...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f..........5............@.................................Lf]...@..........................................................].P)...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

Entrypoint:	0x40350d
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5DF6D4ED [Mon Dec 16 00:50:53 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	24f4223e271413c25abad52fd456a9bc

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	16/09/2022 02:00:00 18/09/2025 01:59:59
Subject Chain	CN="AVG Technologies USA, LLC", O="AVG Technologies USA, LLC", L=Redwood City, S=California, C=US
Version:	3
Thumbprint MD5:	A1611C3679916473A418093E16AEDD48
Thumbprint SHA-1:	79A1F7262575EC7D1304F9CDAC161C91DA814B87
Thumbprint SHA-256:	EF742180FB09007A9E14469292CCC7A0E2E63EB33336A03DFA293EB5EE954E49
Serial:	0435603F7A888AE16C05B00F153CC6FC

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8504	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8a000	0x20be8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x5d2a18	0x29b8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2ac	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x647b	0x6600	126ee0e9857c3dd1da49a87c83cf68a5	False	0.6578967524509803	data	6.426522741823245	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1384	0x1400	c0b38cbc803107c82ebed5a1c15c1ffa	False	0.45	data	5.136348990166042	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x20358	0x600	9e607f846cdaf2d9c5b82d7d05f433ac	False	0.5032552083333334	data	4.005849468822358	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2b000	0x5f000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x8a000	0x20be8	0x20c00	366befd0e6e7b858479c47dcd6e974a4	False	0.36560710877862596	data	5.717909981456929	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x8ab80	0x7d11	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9981572289721086
RT_ICON	0x92898	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.3860995850622407
RT_ICON	0x94e40	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.5056285178236398
RT_ICON	0x95ee8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2835 x 2835 px/m, 256 important colors	English	United States	0.4978678038379531
RT_ICON	0x96d90	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2835 x 2835 px/m, 256 important colors	English	United States	0.5870938628158845
RT_ICON	0x97638	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152, resolution 2835 x 2835 px/m, 16 important colors	English	United States	0.37865853658536586
RT_ICON	0x97ca0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2835 x 2835 px/m, 256 important colors	English	United States	0.6235549132947977
RT_ICON	0x98208	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.7606382978723404
RT_ICON	0x98670	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512, resolution 2835 x 2835 px/m, 16 important colors	English	United States	0.5497311827956989
RT_ICON	0x98958	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, resolution 2835 x 2835 px/m, 16 important colors	English	United States	0.7905405405405406
RT_DIALOG	0x98a80	0x100	data	English	United States	0.5234375
RT_DIALOG	0x98b80	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x98ca0	0x60	data	English	United States	0.7291666666666666
RT_DIALOG	0x98d00	0x100	data	English	United States	0.55859375
RT_DIALOG	0x98e00	0x11c	data	English	United States	0.6408450704225352
RT_DIALOG	0x98f20	0x60	data	English	United States	0.7916666666666666
RT_DIALOG	0x98f80	0x100	data	English	United States	0.55859375
RT_DIALOG	0x99080	0x11c	data	English	United States	0.6408450704225352
RT_DIALOG	0x991a0	0x60	data	English	United States	0.7916666666666666
RT_DIALOG	0x99200	0x100	data	English	United States	0.55859375
RT_DIALOG	0x99300	0x11c	data	English	United States	0.6408450704225352
RT_DIALOG	0x99420	0x60	data	English	United States	0.7916666666666666
RT_DIALOG	0x99480	0xf8	data	English	United States	0.532258064516129
RT_DIALOG	0x99578	0x114	data	English	United States	0.6376811594202898
RT_DIALOG	0x99690	0x58	data	English	United States	0.7840909090909091
RT_DIALOG	0x996e8	0xec	data	English	United States	0.5042372881355932
RT_DIALOG	0x997d8	0x108	data	English	United States	0.6212121212121212
RT_DIALOG	0x998e0	0x4c	data	English	United States	0.75
RT_DIALOG	0x99930	0xec	data	English	United States	0.5042372881355932
RT_DIALOG	0x99a20	0x108	data	English	United States	0.6136363636363636
RT_DIALOG	0x99b28	0x4c	data	English	United States	0.75
RT_DIALOG	0x99b78	0xf0	data	English	United States	0.5125
RT_DIALOG	0x99c68	0x10c	data	English	United States	0.6343283582089553
RT_DIALOG	0x99d78	0x50	data	English	United States	0.7625
RT_GROUP_ICON	0x99dc8	0x92	data	English	United States	0.636986301369863
RT_VERSION	0x99e60	0x604	data	Arabic	Saudi Arabia	0.4707792207792208
RT_VERSION	0x9a468	0x604	data	Bulgarian	Bulgaria	0.462987012987013
RT_VERSION	0x9aa70	0x61c	data	Catalan	Spain	0.45460358056265987
RT_VERSION	0x9b090	0x5e4	data	Chinese	Taiwan	0.473474801061008
RT_VERSION	0x9b678	0x61c	data	Czech	Czech Republic	0.45460358056265987
RT_VERSION	0x9bc98	0x614	data	Danish	Denmark	0.45437017994858614
RT_VERSION	0x9c2b0	0x614	data	German	Germany	0.455012853470437
RT_VERSION	0x9c8c8	0x604	data	Greek	Greece	0.4688311688311688
RT_VERSION	0x9ced0	0x5ec	data	English	United States	0.46437994722955145
RT_VERSION	0x9d4c0	0x60c	data	Spanish	Spain	0.45671834625323
RT_VERSION	0x9dad0	0x5f4	data	Finnish	Finland	0.463254593175853
RT_VERSION	0x9e0c8	0x614	data	French	France	0.4537275064267352
RT_VERSION	0x9e6e0	0x5f0	SysEx File - Passport	Hebrew	Israel	0.47039473684210525
RT_VERSION	0x9ecd0	0x60c	data	Hungarian	Hungary	0.46382428940568476
RT_VERSION	0x9f2e0	0x614	data	Italian	Italy	0.45437017994858614
RT_VERSION	0x9f8f8	0x5dc	data	Japanese	Japan	0.48933333333333334
RT_VERSION	0x9fed8	0x5dc	data	Korean	North Korea	0.4713333333333333
RT_VERSION	0x9fed8	0x5dc	data	Korean	South Korea	0.4713333333333333
RT_VERSION	0xa04b8	0x604	data	Dutch	Netherlands	0.4636363636363636
RT_VERSION	0xa0ac0	0x614	data	Norwegian	Norway	0.45437017994858614
RT_VERSION	0xa10d8	0x624	data	Polish	Poland	0.45229007633587787
RT_VERSION	0xa1700	0x60c	data	Portuguese	Brazil	0.45801033591731266
RT_VERSION	0xa1d10	0x5fc	data	Romanian	Romania	0.45822454308093996
RT_VERSION	0xa2310	0x5fc	data	Russian	Russia	0.46736292428198434
RT_VERSION	0xa2910	0x634	data	Croatian	Croatia	0.45654911838790935
RT_VERSION	0xa2f48	0x630	data	Slovak	Slovakia	0.45391414141414144
RT_VERSION	0xa3578	0x5fc	data	Swedish	Sweden	0.45822454308093996
RT_VERSION	0xa3b78	0x62c	data	Thai	Thailand	0.4727848101265823
RT_VERSION	0xa41a8	0x5f4	data	Turkish	Turkey	0.4658792650918635
RT_VERSION	0xa47a0	0x5ec	data	Urdu	Pakistan	0.46899736147757254
RT_VERSION	0xa47a0	0x5ec	data	Urdu	India	0.46899736147757254
RT_VERSION	0xa4d90	0x5ec	data	Indonesian	Indonesia	0.4630606860158311
RT_VERSION	0xa5380	0x604	data	Ukrainian	Ukrain	0.4668831168831169
RT_VERSION	0xa5988	0x5fc	data	Belarusian	Belarus	0.46344647519582244
RT_VERSION	0xa5f88	0x62c	data	Slovenian	Slovenia	0.45126582278481014
RT_VERSION	0xa65b8	0x61c	data	Estonian	Estonia	0.4648337595907928
RT_VERSION	0xa6bd8	0x604	data	Latvian	Lativa	0.4616883116883117
RT_VERSION	0xa71e0	0x600	TTComp archive data, binary, 4K dictionary	Lithuanian	Lithuania	0.46484375
RT_VERSION	0xa77e0	0x5ec	data	Farsi	Iran	0.4683377308707124
RT_VERSION	0xa77e0	0x5ec	data	Farsi	Afganistan	0.4683377308707124
RT_VERSION	0xa77e0	0x5ec	data	Farsi	Tajikistan	0.4683377308707124
RT_VERSION	0xa77e0	0x5ec	data	Farsi	Uzbekistan	0.4683377308707124
RT_VERSION	0xa7dd0	0x5fc	data	Vietnamese	Vietnam	0.46344647519582244
RT_VERSION	0xa83d0	0x5ec	data	Hindi	India	0.46899736147757254
RT_VERSION	0xa89c0	0x5fc	data	Malay	Malaysia	0.4614882506527415
RT_VERSION	0xa8fc0	0x604	data	Bengali	India	0.4844155844155844
RT_VERSION	0xa95c8	0x5dc	data	Chinese	China	0.47333333333333333
RT_VERSION	0xa9ba8	0x614	data	Portuguese	Portugal	0.45629820051413883
RT_VERSION	0xaa1c0	0x624	data	Serbian	Italy	0.4548346055979644
RT_MANIFEST	0xaa7e8	0x3fc	XML 1.0 document, ASCII text, with very long lines (1020), with no line terminators	English	United States	0.5107843137254902

DLL	Import
KERNEL32.dll	ExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, MoveFileW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, lstrcmpW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, DeleteFileW, FindFirstFileW, FindNextFileW, FindClose, SetFilePointer, ReadFile, MulDiv, lstrlenA, WideCharToMultiByte, MultiByteToWideChar, WritePrivateProfileStringW, FreeLibrary, GetPrivateProfileStringW, GetModuleHandleW, LoadLibraryExW
USER32.dll	GetWindowRect, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, ScreenToClient, EnableMenuItem, GetDlgItem, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, SystemParametersInfoW, EndDialog, RegisterClassW, DialogBoxParamW, CreateWindowExW, GetClassInfoW, DestroyWindow, CharNextW, ExitWindowsEx, SetWindowTextW, LoadImageW, SetTimer, ShowWindow, PostQuitMessage, wsprintfW, SetWindowLongW, FindWindowExW, IsWindow, CreatePopupMenu, AppendMenuW, GetSystemMetrics, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
GDI32.dll	SelectObject, SetTextColor, SetBkMode, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
SHELL32.dll	ShellExecuteExW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHGetFileInfoW, SHFileOperationW, SHBrowseForFolderW
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Target ID:	0
Start time:	11:14:52
Start date:	03/06/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	6'116'304 bytes
MD5 hash:	60FEB08011DB31607CEE2A5BC1F2206F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	11:14:54
Start date:	03/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	3
Start time:	11:14:56
Start date:	03/06/2024
Path:	C:\Users\user\AppData\Local\Temp\ajF04F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\ajF04F.exe" /relaunch=8 /was_elevated=1 /tagdata
Imagebase:	0x400000
File size:	6'116'200 bytes
MD5 hash:	ACB51434FD82EB460B052F05950B8DCA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	11:15:02
Start date:	03/06/2024
Path:	C:\Users\user\AppData\Local\Temp\nswF1F4.tmp\AVGBrowserUpdateSetup.exe
Wow64 process (32bit):	true
Commandline:	AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Imagebase:	0xb10000
File size:	1'688'480 bytes
MD5 hash:	9750EA6C750629D2CA971AB1C074DC9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: 00000004.00000003.2119106262.0000000003483000.00000004.00000020.00020000.00000000.sdmp, Author: Seth Hardy Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: 00000004.00000003.2112481989.0000000002C6C000.00000004.00000020.00020000.00000000.sdmp, Author: Seth Hardy Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: 00000004.00000003.2116230812.0000000003E11000.00000004.00000020.00020000.00000000.sdmp, Author: Seth Hardy
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	11:15:05
Start date:	03/06/2024
Path:	C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\GUMA6B.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-GB&brand=9249&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Imagebase:	0xa60000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	6
Start time:	11:15:09
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
Imagebase:	0x70000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	8
Start time:	11:15:10
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
Imagebase:	0x70000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	11:15:11
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c
Imagebase:	0x70000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\5d2f0c.rbs

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler64.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdate.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateBroker.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateComRegisterShell64.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateCore.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateHelper.msi

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateOnDemand.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateSetup.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserUpdateWebPlugin.exe

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi.dll

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\acuapi_64.dll

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdate.dll

C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\goopdateres_am.dll

Windows Analysis Report
file.exe

Target ID:	15
Start time:	11:15:12
Start date:	03/06/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff77aad0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	16
Start time:	11:15:14
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY5My42IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY5My42IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezc2MzdDRkNCLUUwOEQtNDNENC1CMUY3LUMyNERBQjEzQkI4MH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntFMUJBQjY4OC1CMDJGLTQ3NDktOUY4OC0zRTFCNEU3REE5OTR9IiB1c2VyaWRfZGF0ZT0iMjAyNDA2MDMiIG1hY2hpbmVpZD0iezAwMDBGOEI1LUM3REUtQTQ4Qy1EMDU4LTA3RTI0NTVCOUE1Qn0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDYwMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InsyNTJFNzAzQS1GNkRGLTRBQjYtOTE2MS00NEZENUYwNjYwMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuMjAwNiIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNjkzLjYiIGxhbmc9ImVuLUdCIiBicmFuZD0iOTI0OSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA2MyIvPjwvYXBwPjwvcmVxdWVzdD4
Imagebase:	0x70000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	19
Start time:	11:15:19
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /uninstall
Imagebase:	0x70000
File size:	209'736 bytes
MD5 hash:	CBCDF56C8A2788ED761AD3178E2D6E9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	20
Start time:	11:15:40
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Imagebase:	0x7ff73bed0000
File size:	117'845'816 bytes
MD5 hash:	371F796FCFD9D0BA16C7DA57487323A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	22
Start time:	11:15:39
Start date:	03/06/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	23
Start time:	11:15:45
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --system-level
Imagebase:	0x7ff601580000
File size:	3'498'000 bytes
MD5 hash:	0DFA65976DA7822DB99118ABF2A50CC9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	24
Start time:	11:15:46
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\Install\{4677E0B5-6B78-429F-9D3A-DC313E93F94B}\CR_80683.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=124.0.25069.209 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff60185a3f0,0x7ff60185a3fc,0x7ff60185a408
Imagebase:	0x7ff601580000
File size:	3'498'000 bytes
MD5 hash:	0DFA65976DA7822DB99118ABF2A50CC9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	26
Start time:	11:16:18
Start date:	03/06/2024
Path:	C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --hourly
Imagebase:	0x7ff690ef0000
File size:	3'146'744 bytes
MD5 hash:	7BD74C28BFADFF16A053A3B5E2B51195
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	27
Start time:	11:16:19
Start date:	03/06/2024
Path:	C:\Program Files\AVG\Browser\Application\AVGBrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\AVG\Browser\Application\AVGBrowser.exe" --type=heartbeat --logon
Imagebase:	0x7ff690ef0000
File size:	3'146'744 bytes
MD5 hash:	7BD74C28BFADFF16A053A3B5E2B51195
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	32
Start time:	11:16:20
Start date:	03/06/2024
Path:	C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\AVGBrowserCrashHandler.exe"
Imagebase:	0x770000
File size:	152'880 bytes
MD5 hash:	F73E60370EFE16A6D985E564275612DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true