General Info

File name

TotalAV_Setup.exe

Full analysis
https://app.any.run/tasks/69e09e6e-d462-49b0-bd7a-6ae6601cf035
Verdict
Malicious activity
Analysis date
8/13/2019, 16:55:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

stealer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

ee55c979e47bc2ed97a483cb9a944118

SHA1

b8880a0c165ecd2f148fd7b097a5cf2953467738

SHA256

d5466eb8f2fd988ea01c2ca84897372a012b71b0964d25870d736674fc786874

SSDEEP

393216:Zy6Qca9DNM7KIMM3nRXoftyPbekg+164cX359D+lvtJrxR:LrvNRXoftyPbtg+8HX35kr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • TotalAV.exe (PID: 3272)
  • SecurityService.exe (PID: 1244)
  • SecurityService.exe (PID: 3340)
  • subinacl.exe (PID: 3300)
  • avupdate.exe (PID: 1324)
  • TotalAV.exe (PID: 2932)
  • ns3312.tmp (PID: 3104)
  • ns214C.tmp (PID: 3144)
  • ns2546.tmp (PID: 2228)
  • ns22A4.tmp (PID: 2240)
  • ns23ED.tmp (PID: 3240)
  • ns1FF3.tmp (PID: 4024)
Loads dropped or rewritten executable
  • TotalAV.exe (PID: 2932)
  • avupdate.exe (PID: 1324)
  • SecurityService.exe (PID: 3340)
  • TotalAV_Setup.exe (PID: 2436)
Stealing of credential data
  • TotalAV.exe (PID: 2932)
Executable content was dropped or overwritten
  • SecurityService.exe (PID: 3340)
  • TotalAV.exe (PID: 2932)
  • TotalAV_Setup.exe (PID: 2436)
Creates files in the driver directory
  • SecurityService.exe (PID: 3340)
Creates files in the program directory
  • SecurityService.exe (PID: 3340)
  • avupdate.exe (PID: 1324)
  • SecurityService.exe (PID: 1244)
  • TotalAV_Setup.exe (PID: 2436)
  • TotalAV.exe (PID: 2932)
Executed as Windows Service
  • SecurityService.exe (PID: 3340)
Removes files from Windows directory
  • SecurityService.exe (PID: 3340)
Creates files in the Windows directory
  • SecurityService.exe (PID: 3340)
Creates a software uninstall entry
  • TotalAV_Setup.exe (PID: 2436)
Reads Environment values
  • TotalAV.exe (PID: 2932)
Creates files in the user directory
  • TotalAV.exe (PID: 2932)
Uses TASKKILL.EXE to kill process
  • ns1FF3.tmp (PID: 4024)
  • ns22A4.tmp (PID: 2240)
  • ns214C.tmp (PID: 3144)
  • ns23ED.tmp (PID: 3240)
Starts application with an unusual extension
  • TotalAV_Setup.exe (PID: 2436)
Dropped object may contain Bitcoin addresses
  • avupdate.exe (PID: 1324)
Reads settings of System Certificates
  • TotalAV.exe (PID: 2932)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2016:12:11 22:50:45+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
24576
InitializedDataSize:
118784
UninitializedDataSize:
1024
EntryPoint:
0x32bf
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
4.14.31.0
ProductVersionNumber:
4.14.31.0
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
FileDescription:
TotalAV Ultimate Antivirus Installer
FileVersion:
4.14.31.0
LegalCopyright:
(C) SS Protect Ltd
OriginalFileName:
TotalAV.exe
ProductName:
TotalAV
ProductVersion:
4.14.31.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
11-Dec-2016 21:50:45
Detected languages
English - United States
FileDescription:
TotalAV Ultimate Antivirus Installer
FileVersion:
4.14.31.0
LegalCopyright:
(C) SS Protect Ltd
OriginalFilename:
TotalAV.exe
ProductName:
TotalAV
ProductVersion:
4.14.31.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
11-Dec-2016 21:50:45
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005E59 0x00006000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.42419
.rdata 0x00007000 0x00001246 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.0004
.data 0x00009000 0x0001A818 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.21193
.ndata 0x00024000 0x00017000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0003B000 0x000194C0 0x00019600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 3.1717
Resources
1

2

3

4

5

6

7

8

9

10

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
62
Monitored processes
18
Malicious processes
4
Suspicious processes
1

Behavior graph

+
drop and start drop and start drop and start drop and start drop and start drop and start drop and start start drop and start totalav_setup.exe no specs totalav_setup.exe ns1ff3.tmp no specs taskkill.exe no specs ns214c.tmp no specs taskkill.exe no specs ns22a4.tmp no specs taskkill.exe no specs ns23ed.tmp no specs taskkill.exe no specs ns2546.tmp no specs ns3312.tmp no specs securityservice.exe no specs subinacl.exe no specs totalav.exe securityservice.exe avupdate.exe totalav.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1920
CMD
"C:\Users\admin\AppData\Local\Temp\TotalAV_Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\TotalAV_Setup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
TotalAV Ultimate Antivirus Installer
Version
4.14.31.0
Modules
Image
c:\users\admin\appdata\local\temp\totalav_setup.exe
c:\systemroot\system32\ntdll.dll

PID
2436
CMD
"C:\Users\admin\AppData\Local\Temp\TotalAV_Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\TotalAV_Setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
TotalAV Ultimate Antivirus Installer
Version
4.14.31.0
Modules
Image
c:\users\admin\appdata\local\temp\totalav_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\system.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\nsexec.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns1ff3.tmp
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns214c.tmp
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns22a4.tmp
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns23ed.tmp
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns2546.tmp
c:\users\admin\appdata\local\temp\nsrf70d.tmp\nsrandom.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\nsis7z.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\accesscontrol.dll
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns3312.tmp
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netutils.dll

PID
4024
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns1FF3.tmp" "taskkill" /F /FI "WINDOWTITLE eq TotalAV"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns1FF3.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns1ff3.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2960
CMD
"taskkill" /F /FI "WINDOWTITLE eq TotalAV"
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
ns1FF3.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
3144
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns214C.tmp" "taskkill" /f /T /IM "avupdate.exe"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns214C.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns214c.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3628
CMD
"taskkill" /f /T /IM "avupdate.exe"
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
ns214C.tmp
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
2240
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns22A4.tmp" "taskkill" /f /T /IM "Update.Win.exe"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns22A4.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns22a4.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
4020
CMD
"taskkill" /f /T /IM "Update.Win.exe"
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
ns22A4.tmp
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
3240
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns23ED.tmp" "taskkill" /f /T /IM "PasswordExtension.Win.exe"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns23ED.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns23ed.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2304
CMD
"taskkill" /f /T /IM "PasswordExtension.Win.exe"
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
ns23ED.tmp
User
admin
Integrity Level
HIGH
Exit code
128
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
2228
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns2546.tmp" "C:\Program Files\TotalAV\SecurityService.exe" "--uninstall" "--for-install"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns2546.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
3221225501
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns2546.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3104
CMD
"C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns3312.tmp" "C:\Program Files\TotalAV\SecurityService.exe" "--install"
Path
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns3312.tmp
Indicators
No indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsrf70d.tmp\ns3312.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\totalav\securityservice.exe

PID
1244
CMD
"C:\Program Files\TotalAV\SecurityService.exe" "--install"
Path
C:\Program Files\TotalAV\SecurityService.exe
Indicators
No indicators
Parent process
ns3312.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
TotalAV
Description
TotalAV Ultimate Antivirus Service
Version
4.14.31.0
Modules
Image
c:\program files\totalav\securityservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.serv759bfb78#\c37de755ec3ee73d604bc11f85599177\system.serviceprocess.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.confe64a9051#\29e00d9446b0496db6e145d3bdfc365a\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\system32\apphelp.dll
c:\program files\totalav\bins\subinacl.exe

PID
3300
CMD
"C:\Program Files\TotalAV\bins\subinacl.exe" /SERVICE "SecurityService" /GRANT=everyone=T
Path
C:\Program Files\TotalAV\bins\subinacl.exe
Indicators
No indicators
Parent process
SecurityService.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
SubInAcl
Version
5.2.3790.1180
Modules
Image
c:\program files\totalav\bins\subinacl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcirt.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\version.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\samlib.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2932
CMD
"C:\Program Files\TotalAV\TotalAV.exe" --installed
Path
C:\Program Files\TotalAV\TotalAV.exe
Indicators
Parent process
TotalAV_Setup.exe
User
admin
Integrity Level
HIGH
Version:
Company
TotalAV
Description
TotalAV Ultimate Antivirus User Interface
Version
4.14.31.0
Modules
Image
c:\program files\totalav\totalav.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\1288d7e030bc0c5d8b2cbe5f33aeed7f\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\totalav\utilizr.ras.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rtutils.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\2dc6cfd856864312d563098f9486361c\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsform0b574481#\c6131c3262a5bf98463da8f219b75baa\windowsformsintegration.ni.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\f971acbc25b64dfe4d70e5b25837c780\microsoft.visualbasic.ni.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\f52bfe40c54917622ed3abb98db8f90a\presentationframework-systemxml.ni.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\winmm.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a6349c#\d7f5c5b7ad6ae9510514a279c1cb5665\presentationframework-systemcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio84a7b877#\bc98161a485ea05967844bc0b0c55338\presentationframework-systemdata.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.numerics\5ac17cc5b92efda83e2925857f4fa655\system.numerics.ni.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\1e1a1bd97e618bc4934ee967bea27ae8\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.serv759bfb78#\c37de755ec3ee73d604bc11f85599177\system.serviceprocess.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\e27ae693b6e71bb689ec66761a65901f\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\a7a48457faaea5fc8a1e59b4921ac4a3\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\7a1dfc357f4135dbddcf38fd9279b2a7\system.servicemodel.internals.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\program files\totalav\savapi\avupdate.exe

PID
3340
CMD
"C:\Program Files\TotalAV\SecurityService.exe"
Path
C:\Program Files\TotalAV\SecurityService.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
TotalAV
Description
TotalAV Ultimate Antivirus Service
Version
4.14.31.0
Modules
Image
c:\program files\totalav\securityservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.serv759bfb78#\c37de755ec3ee73d604bc11f85599177\system.serviceprocess.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\7c32e936a07e0c7d9cae3ac27497f613\system.web.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wintrust.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscorsecimpl.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\1288d7e030bc0c5d8b2cbe5f33aeed7f\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servicemodel\e27ae693b6e71bb689ec66761a65901f\system.servicemodel.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.servd1dec626#\7a1dfc357f4135dbddcf38fd9279b2a7\system.servicemodel.internals.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\smdiagnostics\a7a48457faaea5fc8a1e59b4921ac4a3\smdiagnostics.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll
c:\windows\system32\pcwum.dll
c:\program files\totalav\protocolfilters.dll
c:\program files\totalav\ssleay32.dll
c:\program files\totalav\libeay32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\e588691224a17737f3a164cc2d46c156\system.management.ni.dll
c:\program files\totalav\nfapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.transactions\baa30f3e0869fa3e8885df044c880bbc\system.transactions.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.transactions\v4.0_4.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.ente96d83b35#\6682e8964200a1336f1dbe49392f7797\system.enterpriseservices.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.enterpriseservices\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.enterpriseservices.wrapper.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.ente96d83b35#\6682e8964200a1336f1dbe49392f7797\system.enterpriseservices.wrapper.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\program files\totalav\totalav.exe

PID
1324
CMD
"C:\Program Files\TotalAV\SAVAPI\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
Path
C:\Program Files\TotalAV\SAVAPI\avupdate.exe
Indicators
Parent process
TotalAV.exe
User
admin
Integrity Level
HIGH
Version:
Company
Avira Operations GmbH & Co. KG
Description
Updater for Avira products
Version
2.2.0.57
Modules
Image
c:\program files\totalav\savapi\avupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\program files\totalav\savapi\msvcr120.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
3272
CMD
"C:\Program Files\TotalAV\TotalAV.exe" --startup
Path
C:\Program Files\TotalAV\TotalAV.exe
Indicators
No indicators
Parent process
SecurityService.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
TotalAV
Description
TotalAV Ultimate Antivirus User Interface
Version
4.14.31.0
Modules
Image
c:\program files\totalav\totalav.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\867cbe7462b04e2cf1ae39abb576ae2a\presentationframework.classic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.data\1288d7e030bc0c5d8b2cbe5f33aeed7f\system.data.ni.dll
c:\windows\microsoft.net\assembly\gac_32\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrtremote.dll

Registry activity

Total events
735
Read events
667
Write events
68
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3272
TotalAV.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
TotalAV.exe
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
DisplayName
TotalAV
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
UninstallString
C:\Program Files\TotalAV\uninst.exe
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
DisplayIcon
C:\Program Files\TotalAV\uninst.exe
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
DisplayVersion
4.14.31
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
VersionMajor
4
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
MajorVersion
4
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
VersionMinor
14
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
MinorVersion
14
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
URLInfoAbout
http://www.totalav.com
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
Publisher
TotalAV
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
HelpLink
http://support.totalav.com
2436
TotalAV_Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
InstallLocation
C:\Program Files\TotalAV
2436
TotalAV_Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2436
TotalAV_Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1244
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application
AutoBackupLogFiles
0
1244
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SecurityService
EventMessageFile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
2932
TotalAV.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
TotalAV.exe
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
EnableFileTracing
0
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
EnableConsoleTracing
0
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
FileTracingMask
4294901760
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
ConsoleTracingMask
4294901760
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
MaxFileSize
1048576
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASAPI32
FileDirectory
%windir%\tracing
2932
TotalAV.exe
write
HKEY_CURRENT_USER\Software\SSProtect\SecuritySuite
Install
1565708142
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
EnableFileTracing
0
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
EnableConsoleTracing
0
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
FileTracingMask
4294901760
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
ConsoleTracingMask
4294901760
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
MaxFileSize
1048576
2932
TotalAV.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\TotalAV_RASMANCS
FileDirectory
%windir%\tracing
2932
TotalAV.exe
write
HKEY_CLASSES_ROOT\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\LocalServer32
C:\Program Files\TotalAV\TotalAV.exe
2932
TotalAV.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2932
TotalAV.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2932
TotalAV.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3340
SecurityService.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3340
SecurityService.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3340
SecurityService.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3340
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
cadca5fe-87d3-4b96-b7fb-a231484277cc
0
3340
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
PNP_TDI
09000000050000000100000002000000030000000400000009000000060000000700000008000000
3340
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters
DisabledComponents
8
3340
SecurityService.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
DisableTaskOffload
1

Files activity

Executable files
118
Suspicious files
37
Text files
68
Unknown types
294

Dropped files

PID
Process
Filename
Type
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\nsDialogs.dll
executable
MD5: b3070cf20db659fdfb3cb2ed38130e8d
SHA256: f2c1409faf2952c1c91f4b5495158ef5c7d1a1db6eea4a18f163574bd52fcad0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win7\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\msvcr120.dll
executable
MD5: 034ccadc1c073e4216e9466b720f9849
SHA256: 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win7\avgntflt.sys
executable
MD5: a84684bebc36790cae1d5c771666e480
SHA256: 831fdfae43f95f8c4485d1f7c8ad84653555c936228b459758a6961e053073c9
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\msvcp90.dll
executable
MD5: 6de5c66e434a9c1729575763d891c6c2
SHA256: 4f7ed27b532888ce72b96e52952073eab2354160d1156924489054b7fa9b0b1a
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\nfapi.dll
executable
MD5: a67f2ade6f265aa120cbcb252932bdc5
SHA256: ef9020bcca7ae72e58dc95d33c302970f920a1619adea57472bd239d8faa6366
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\msvcp120.dll
executable
MD5: fd5cabbe52272bd76007b68186ebaf00
SHA256: 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win7\avkmgr.sys
executable
MD5: 185cb049fa670298e2948ca3141d7ac1
SHA256: dccd32487e6b227c21ce55df2136adc657f138ae672a3c98aa8021c57c36b007
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\msvcm90.dll
executable
MD5: 0df6a06cc8ec836204ad2fa3da36bb93
SHA256: a475438d54ae74e39c47492036de6e89e4b6a916bc02ddead1a3d21352b965d8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\lib_SCAPI.dll
executable
MD5: 62f2961d94dfd87b90c7d9697ece8c67
SHA256: bcc16caa08f1f751e355eec88636827fc246987cdfcfb53a0e67650381d3bca8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\vista\avkmgr.sys
executable
MD5: 185cb049fa670298e2948ca3141d7ac1
SHA256: dccd32487e6b227c21ce55df2136adc657f138ae672a3c98aa8021c57c36b007
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avgntflt.sys
executable
MD5: 9db2f67c0c975ecfe4a8685241e6efc8
SHA256: 9bec3d57f867563fd5680967b850092ede58d3e177477c2e3225e58f70a60815
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\msvcr90.dll
executable
MD5: e7d91d008fe76423962b91c43c88e4eb
SHA256: ed0170d3de86da33e02bfa1605eec8ff6010583481b1c530843867c1939d2185
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\libssl-1_1.dll
executable
MD5: 978675b7a520ca5192500b307b31c581
SHA256: 0393c11615c633a9360f22658e0427b30ae9646bda1fac457b1a6e4bbe96f535
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\vista\avipbb.sys
executable
MD5: cc2fa54e156c009163bf8e797e2f882f
SHA256: 95aa6277ac95b077541a2287a662d539ec3da448d555ba643b0e29affff1dff0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avipbb.sys
executable
MD5: 416f1f6b70327c297be3b806f0a50c5d
SHA256: 8a907c4a1218165ea40996d2ac64decb9c6dcf7e692e739a3aa63c2d0f013eb5
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\SCAPI.dll
executable
MD5: 6b6b937e975d6c76d3c1b9470360e83d
SHA256: 0c5466cf70a853b1f0a09a0abd56a9a4ded7f4866d7931ad328b72ea1b773396
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\libeay32.dll
executable
MD5: 4c765c124058752eda82b4fe5d30b2b7
SHA256: e93e555ba996868316f0475750e0b83564ab8782476ae856af0d5c0e57f440c6
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\vista\avgntflt.sys
executable
MD5: a84684bebc36790cae1d5c771666e480
SHA256: 831fdfae43f95f8c4485d1f7c8ad84653555c936228b459758a6961e053073c9
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win8\avkmgr.sys
executable
MD5: bd5bbb8ce66a0e44983ac53d30f840b1
SHA256: bcf481cf591ac99135005cc707f94c29e296a0f5f699cfe0fb24ad32156813ce
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ProtocolFilters.dll
executable
MD5: 6802ac67c4d5eee3b5165e5a0d19ec2b
SHA256: ab38bedd4145895adc8fca9c3cabf43316d0445ea47aa6100a351d3115430433
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\liblzo2-2.dll
executable
MD5: e4fb2a7c1f92d4e61cffe3f2c0ce9f87
SHA256: 09d3be28f0a87c8e6e1296e494cbc175e7ee77526fe955393a4e3c83748d5c3b
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\vista\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ShellBrowser.dll
executable
MD5: 99f6569b3577c8de2bb1df73cb082045
SHA256: 0a7e0a1e7c00d65801b55f13a2b07e7c270fb012d8cc41be6fc0aab032962b09
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\libpkcs11-helper-1.dll
executable
MD5: 7578cb46e21e85da20490f4e78f83619
SHA256: 431812271d60e389b0891ea84cce54767a9b6eb30ba7fac40fdedf7b8f6b4bb8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\utils\sd_inst.exe
executable
MD5: 3a42f27bd1d209ff45b38aa7d6fbd3b0
SHA256: 621f2bda22c2fd358c56fc7b61a52687a5085d966422d90ebb54f49d1ec1d164
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avgntflt.sys
executable
MD5: a84684bebc36790cae1d5c771666e480
SHA256: 831fdfae43f95f8c4485d1f7c8ad84653555c936228b459758a6961e053073c9
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\x86\SQLite.Interop.dll
executable
MD5: c8f7183903a54a1cd53129899fb70de2
SHA256: db718f5496217604b9b90532f694be9570ff55a1d9d8e5b273047bf67052d24c
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\xp\liblzo2-2.dll
executable
MD5: 0b27fdc654b1585848d1b17922aa5240
SHA256: 9802f9c04e359f08124bd90cbec70d4e5b759b8dd08eaf79e6819269ca1852c9
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\vdfupd.dll
executable
MD5: f35c6f578d1cb2c4796aa7282c5ae47e
SHA256: a323f83d87d8aee61ba11fc5de6d5b0ee7ef433879785512338caf7d09fbbd93
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avipbb.sys
executable
MD5: cc2fa54e156c009163bf8e797e2f882f
SHA256: 95aa6277ac95b077541a2287a662d539ec3da448d555ba643b0e29affff1dff0
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\x64\SQLite.Interop.dll
executable
MD5: 39a4f63abc14b99ed9b75cc7772d4b08
SHA256: 739d647600c97c8e9e6f2f21fde8c014299b550a2d9e86be1c140a27f175c65b
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\xp\libpkcs11-helper-1.dll
executable
MD5: 5b2e721dd15e4585b34570b8a44115a0
SHA256: 0878443e1adb6f81be7faf1818ecab2ed7b7968754e43bf4534964561abfa82d
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\savapiclient.dll
executable
MD5: ab90d31f5ff147483a0bc0cf2f95c2f1
SHA256: 6862a4e1bc0233378710b4fa03ee53fd3d2a899bb3e06c6d8d2d08f19de871b4
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\xp\avkmgr.sys
executable
MD5: 185cb049fa670298e2948ca3141d7ac1
SHA256: dccd32487e6b227c21ce55df2136adc657f138ae672a3c98aa8021c57c36b007
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\xp\ssleay32.dll
executable
MD5: 7d7a817b5bc001a69c9fb3f0d2001d85
SHA256: 153ed2fd6f270e794d2741bc97f8e1b1f0ec5f1e6d44835003192178c9a96f42
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\xp\libeay32.dll
executable
MD5: da7f1a686a682ce25cf8f6b881a04bce
SHA256: 4c542dea3e477cd5461c023e43d84fda89c540ec4ce4f7771e8508c5b3176122
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\savapi.dll
executable
MD5: 57ca420885edc30750e29f0f545e5c94
SHA256: 5e6d0116152707f0e648f5e0a780510b80af04cec8520aceb4f21055c49cb50e
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\System.Data.SQLite.dll
executable
MD5: 8cf564f9e8666f9945429735c8b17c77
SHA256: 5dcb9bc7ec6baf4c59052229c56dd61aee3df791528fd4ff5f9306ac384053eb
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\libcrypto-1_1.dll
executable
MD5: 034d15c7f0c26c2b7723af63060e0b67
SHA256: d8fbdfaaebfc1f5c5c8fbaacd247c86bf1411089acb02f3d0e84b213350ff2e4
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\msvcr120.dll
executable
MD5: 034ccadc1c073e4216e9466b720f9849
SHA256: 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avgntflt.sys
executable
MD5: 6a03c41e3011f42eb6e95bd0e257e575
SHA256: 80ebc26d1284a3ebb2bc60d1ac8847585d5b2ff4a383fd281c949a4704dd7eaa
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\Utilizr.Ras.dll
executable
MD5: 701ac7a61efdc0b43ca1aee92bfce422
SHA256: 6cce158b89688cac7eb311aeaaf931b4ea5c27c5a33fd5f85b5cc133c2810d4b
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\Update.Win.exe
executable
MD5: a3ddee9214ff150c1f91d2a6d35820a3
SHA256: b17c84594e7a00157f20637d5b7504bda030fed64f451478def21e8ea9eed064
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\msvcp120.dll
executable
MD5: fd5cabbe52272bd76007b68186ebaf00
SHA256: 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avipbb.sys
executable
MD5: 65de4d2ee3532f3e54702998ea986b71
SHA256: 64f614444b1509a87fa4d2861dd98f2235e0063adc503931d2018f4d09a21fee
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\vccorlib120.dll
executable
MD5: 69837e50c50561a083a72a5f8ea1f6a2
SHA256: 9c9d4e421c55f7ef4e455e75b58a6639428ccd75c76e5717f448afe4c21c52bc
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\TotalAV.exe
executable
MD5: 7f4c46593aef026afb4d4770ee47ed84
SHA256: 2e5d29d152ae8b1b309ea41c6ed81c83b1e458210dbd6ae2cc988f72f73e64a0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\avupdate.exe
executable
MD5: b4e681c7a94989c585e20e94a6d190e2
SHA256: b5c5a11a2c79dd9ec21389c74c7c3fbb60c12db8b368433735918d4c027e4734
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\vista\avkmgr.sys
executable
MD5: 3e0ab8c453fa433b15a30baa8bd4b275
SHA256: 30453e68013df1a3cd9197f28e8591a67bfa6ca784129666a6f7df9d2e12440b
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ssleay32.dll
executable
MD5: 1783d088f8a885313423238df35aeea4
SHA256: 6f8b8832f1f2718d28a26917dff3132cf253d9b45242c5242bbd737fe9c05919
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\bins\subinacl.exe
executable
MD5: 7bd591f56af173edc8ca01bd62df6eac
SHA256: 371cd9c35282843d572a3186975cc749e425fd4eeae1bb93a9b0cf20c22a9dc8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\apchash.dll
executable
MD5: cce3f50e5eb4797684e8d228c44d23bf
SHA256: 6fa32b8b36b807e4aec6a19e04f7e898116b5993f7f6c933124c6c32d521e70c
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win7\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\driver\amd64\tap0901.sys
executable
MD5: 54cb62322b7b1210cb317c4462691b10
SHA256: 89cb62e73fbd0500a8b811a632602c504753777313d7e424cca68f1619b55211
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\SecurityService.exe
executable
MD5: 71288d9231ca653985cfa5bf417730ec
SHA256: 21f96525ede689515572c2f13b22ebe08d7ef78f8e6eae86c24790218164e5c0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\apcfile.dll
executable
MD5: 2b82f7bae600676a10143dc6b3caddb1
SHA256: da67392efbf41609e374fb36b54a74cce0a4198ff7f7ee4d68443f8ab931aae2
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win7\avgntflt.sys
executable
MD5: 6a03c41e3011f42eb6e95bd0e257e575
SHA256: 80ebc26d1284a3ebb2bc60d1ac8847585d5b2ff4a383fd281c949a4704dd7eaa
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\tdi\amd64\webshieldfilter.sys
executable
MD5: 7995a311533f9e8862bea1484b8c315b
SHA256: 5bef322fa6d3f29b71b3838116af69fd85d401800bb355e21ad29463464f6077
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\PasswordExtension.Win.exe
executable
MD5: 59b9ef1faf699eb30a5f7a0e3435670b
SHA256: 40d21d2874d56991bbbe7b32788e8ea906d63aa8d2db2ad3cd95874f58fd37e8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aevdf.dll
executable
MD5: 5d11a07597b4f21061a3e5528637e4a2
SHA256: 7b9047bb4778ed8b5e696617e5e542e3d846b63a131701d6c0284b5a6e169c30
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win7\avipbb.sys
executable
MD5: 65de4d2ee3532f3e54702998ea986b71
SHA256: 64f614444b1509a87fa4d2861dd98f2235e0063adc503931d2018f4d09a21fee
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows10\amd64\webshieldfilter.sys
executable
MD5: 62aaf005268f26c26ffe71f76e09ee96
SHA256: 76c5fb6914d65362ccc41de22da5df1b7bbd519c2478e183338b52eff7a7eaaf
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\xp\openvpn.exe
executable
MD5: a3705b057ec8391d73d196f863b947aa
SHA256: 99cd28c626e988a28a66ad1e7dbd44803cd474e585feca184d67fb545c38544b
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aescript.dll
executable
MD5: f54b9813a49a74265338f7dcdfcf1272
SHA256: 1d7ca8e699d6cb4bad22e39426d1d3064aff31ce0a9025156d2ebdc7a7b2ec61
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win7\avkmgr.sys
executable
MD5: 3e0ab8c453fa433b15a30baa8bd4b275
SHA256: 30453e68013df1a3cd9197f28e8591a67bfa6ca784129666a6f7df9d2e12440b
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\tdi\i386\webshieldfilter.sys
executable
MD5: c742e0f1541924e2f1fcbd72258b666b
SHA256: b6ac9fa3b95af806dcd766d315a04584c939c3024d0e8a6c3d1b03c3ab4345ac
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\openvpn.exe
executable
MD5: 9cf337b8932e88ea180e32edef919766
SHA256: 7f4f204769e4f6cdc427de59db783c36ff7c9a12c7f574226363a93174d2bfe9
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aescn.dll
executable
MD5: 4c97c892c0c4d7543a8881717c48c189
SHA256: b78803653e5761983562bae965d8ce7a8dd288554352276b8764256f5c5838b5
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\driver\i386\tap0901.sys
executable
MD5: a23d03a5eb0b221bcd33d98ff30e4dbf
SHA256: c43a60e16a011622a963cb93264c7e1365a10fce8c43d5c4fad895880af4dd91
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\ovpn\openssl.exe
executable
MD5: bda3e7e4198d5c9f2d5662dc791a3076
SHA256: 9f5e914b2f67c3be6bc422064a5fa86067b4cb4976c6f1c1d8fb0b5fb8b94be0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aesbx.dll
executable
MD5: dc4a1bd86008a08e55a8c161d06939a2
SHA256: 1c55867f96a12e759871a4ddab4d3c4b82c4caf07c6c7c284acbf1d2efa2b76b
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avgntflt.sys
executable
MD5: 0bd06fb509a21021cb3488b6e9222c82
SHA256: b4a368db8041af1fe13a90f5b08971de4aea74497b4583457572a07bdf1313a8
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows8\i386\webshieldfilter.sys
executable
MD5: e4f65068f027d19e07fff7772599a5d4
SHA256: 8e4004f8827f0e0f905054562ec7853d4b74a3386f01fcbf223f8681b028914a
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\driver\i386\devcon.exe
executable
MD5: d0006c3ec1f8b894e41667355b088448
SHA256: f228844f92969a6c88ec6b9168815c259881f436f3188f9b038eb0b1dce08bbf
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aerdl.dll
executable
MD5: f94e67a96db01268382f84017a1c956a
SHA256: 0979821d13aec02aa5e32fcc814a3bec11d114bf82bf9458b1fd6d69e7b6ab1b
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avipbb.sys
executable
MD5: 57ad887283d961b370f655b7bc541903
SHA256: 5f247929c9bc484dd5c61bd0160c4a35f6cf8db03d2847e7dc17036048cc9d1a
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows8\amd64\webshieldfilter.sys
executable
MD5: b417e4c9a1907023f61c81ab0c6f0e26
SHA256: f8a010b20b199172d65fb5af6a5fb9816a8d76e43652c52da79757c28d2657a8
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\driver\amd64\devcon.exe
executable
MD5: 9ab7634bb81f326d489e453c358ae8ea
SHA256: 118e04049f21d272c8005e1e746248a4654b305a41b29e5c735231d2b83bbaa6
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aepack.dll
executable
MD5: c5a13c082775631c1afe9b9c1d79dccd
SHA256: f7f37dbff085331ee6dd1ebf271b1af0d034f584d70355358f08b1d9335284ba
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\win8\avkmgr.sys
executable
MD5: 2cba09a7983b1d39531b768bced08c20
SHA256: b40968dfe1a648ccb9260033e1ea57b5d496274a335b000354156b0db740ede0
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows10\i386\webshieldfilter.sys
executable
MD5: 2e0798cd34789f6170e6e85d605655e7
SHA256: 923c951b66e13ca8fd7b624f2e367f634cc57b3fb4bb2358e39f3d286c7acee2
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\nsis7z.dll
executable
MD5: d3850d9ef1d81d2ee2e0a1583e3292f8
SHA256: 47ee083861b20a03a751593073dfb533a0aa447833bfb190a73732c7efb2a2b2
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aeoffice.dll
executable
MD5: 19e0f29836a72f6a89f02ba39afe1066
SHA256: 0783b56c5cf1ad6b5391966e93954cc076d3808bdc6bc4ee770e51ff3fb282b3
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows7\i386\webshieldfilter.sys
executable
MD5: 8a756cff6a89e82f1806b11e17a3df2f
SHA256: c78a2cf6aa501845b2195d97c944bf85ebe278c18a255f64727dabfd4527f548
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\nsRandom.dll
executable
MD5: ab467b8dfaa660a0f0e5b26e28af5735
SHA256: db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aemobile.dll
executable
MD5: 022689df63f0e1d54011638b761c4def
SHA256: 6a9c3004cc6a106e0501be07d383df9c564712fa78eec3f61b8be4bb914e8ef1
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avgntflt.sys
executable
MD5: d83c17a4d89feef89798a7582c96042c
SHA256: 3d900431e3ea6259bec6c2db19e739e69035939462f9e8156edd675b35c0108f
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\urldrv\wfp\windows7\amd64\webshieldfilter.sys
executable
MD5: bd970986784248585942722846edc406
SHA256: d577d5b646d98424be130dba2d4be993668c1d99bfbf8e4d27c90d5068147867
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns2546.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aelibinf.dll
executable
MD5: 0fc5c8a5ff713a93b9131839c0ea3a65
SHA256: 43b38d8e9d0233a280cf794eb1f82e67d1209532ba1e6f5c378fae2c48afe1a4
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avipbb.sys
executable
MD5: b137ebfd940f3bdc86d53ff78c5bffd2
SHA256: 98ae155647a77dba767c281af14b5bed267a3dd07b8e0e767f92e946dbd84aed
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\AccessControl.dll
executable
MD5: 9e7d36edcc188e166dee9552017ac94f
SHA256: d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns22A4.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aeheur.dll
executable
MD5: 625f5c5e9e71bc7b27c716f9269ec206
SHA256: 10424489b9c24cfb5d110673ee66dba9fe66549bf7b700b545885c0f2c263ff8
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win64\xp\avkmgr.sys
executable
MD5: f6eab99872dfc9e6d45c3721e14625d4
SHA256: b1ce013f9540ee3232db02bf2d01fd81912f125b43fdd6cdf764d17d082f35d9
2436
TotalAV_Setup.exe
C:\Program Files\TotalAV\uninst.exe
executable
MD5: b530df75bef6aaa695a51a622b1c82ab
SHA256: 4efa1689e3bf51d32f620dbc2d6db8f2ad73ca9c8bbfc71f94a7a95f72e4caa2
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns214C.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\ns3312.tmp
executable
MD5: 37707a29bd8efbeb912019737bb2b584
SHA256: 4751809ef6fd3ced738392e7c5df6d4e3938d85711daa0b52b045b5092913c27
2932
TotalAV.exe
C:\Program Files\TotalAV\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aebb.dll
executable
MD5: ca7497dfec41ae39c2aba49df489716c
SHA256: be84ca71660188e04c3a777e19019412e280af4bf6be9e14ca2d54ea2ec47b17
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\nsExec.dll
executable
MD5: b5a1f9dc73e2944a388a61411bdd8c70
SHA256: 288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aecore.dll
executable
MD5: 75d070b39149c915fab7e7eb5f492332
SHA256: 9acc2fe8a78545431c2f7f6e8438b7f4077c40dd5128400e3f66fefa51ae71d2
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\avgio.dll
executable
MD5: 34422e1f23ed76278b1aa384c89f91b4
SHA256: 3f35b2236d3e5b72867b7ca3c7de631496cf889c1cad8c3bf2a721b4471ce270
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aecrypto.dll
executable
MD5: dff010b4b3da7bc89660debc1d5f7afa
SHA256: 151cefe5119fd59636986befec370aed14bbac2ce18f89d878aec1edef8cac33
2436
TotalAV_Setup.exe
C:\Users\admin\AppData\Local\Temp\nsrF70D.tmp\System.dll
executable
MD5: 3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA256: fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aehelp.dll
executable
MD5: 189679348cecebd814ccf11f0be048ff
SHA256: 3e993b11d1e6b9d471c1248b466eb02e106e5da21516f1e975580646f5fc4b19
3340
SecurityService.exe
C:\Windows\system32\drivers\webshieldfilter.sys
executable
MD5: 8a756cff6a89e82f1806b11e17a3df2f
SHA256: c78a2cf6aa501845b2195d97c944bf85ebe278c18a255f64727dabfd4527f548
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aeemu.dll
executable
MD5: c147954ad962c8845b3d545a01300e6e
SHA256: b716dfbf6b92d4e38ac4a1a46a962e411ee89535b7615dfa4cad9082dbd6aa82
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aedroid.dll
executable
MD5: 8bd9ad92261aa190a6af51f7d29ab391
SHA256: e3ee2e5e91e89b931167e99818c779dc0c5dc488ac1ddbd880d440277f3fae9e
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aeexp.dll
executable
MD5: f86f0e04965f2d4b24f9bfaf7d0caf29
SHA256: e4878da4a1e284b7b3146a0375cc5b7b63110a70b6188734e355427af65c9237
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\aegen.dll
executable
MD5: ec545a77015ee17f2015eb5befea2a83
SHA256: 44f3a24fa8423f65c61338772c8a9ffb655be8e845b58d0265658e1b10e89c42
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\on_access\win32\win7\avipbb.sys
executable
MD5: cc2fa54e156c009163bf8e797e2f882f
SHA256: 95aa6277ac95b077541a2287a662d539ec3da448d555ba643b0e29affff1dff0
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\tk2its5x.gqr
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00200.vdf
vdf
MD5: 1deb0d84cedd026ef8ea58dfb393cc14
SHA256: 57d830b2e3d4993e39976b71e0c8bef212381887b54b4e7d2b652043f3c58e2c
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2hgpdlfe.1i2
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00199.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\pxdxa0ef.0xf
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00198.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\qpid0awi.dw1
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00197.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\hjgwgfut.aye
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00196.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\3h2pvktq.onk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00195.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\chvshkxn.k5l
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00194.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\mlluavug.kkz
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00193.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\wa1vvqc3.n3l
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00192.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\a4bonum5.gp1
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00191.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\d0owhg1p.niv
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00190.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\nzl4xek0.zer
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00189.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2ahf4ad2.xm4
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00188.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\gbmnj23x.hfd
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00187.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\os31py0k.a2z
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00186.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\cqjqk1ih.wu4
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00185.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\w5gnnf2m.n1z
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00184.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\3j5dnqqs.b31
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00183.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\q3yrfsov.1qx
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00182.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\bwiauwx0.r0m
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00181.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\rtcyxwju.iqk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00180.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\lj0jag1j.0i1
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00179.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2i3sn0wy.czo
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00178.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\foh5shpr.laj
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00177.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\wpcavnjo.ylc
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00176.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\m2fmnqnk.ery
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00175.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\3pzctro1.c0f
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00174.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xxjhucs2.eia
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00173.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\1etmxaz5.lea
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00172.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ud02mspz.wpp
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00171.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\4rzc5u2m.oeh
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00170.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\5qmdtdov.rkv
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00169.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\stt0er30.an5
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00168.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\4r5nosdp.scg
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00167.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\dzihigcp.a2m
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00166.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ifixtb5v.wqf
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00165.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ty5qsbpw.nme
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00164.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\nw3eswac.urj
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00163.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\znbu41pd.ec1
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00162.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\wmmwv2ln.3yr
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00161.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\0ygnguao.30i
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00160.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\gu5avaxk.vqs
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00159.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\yszyf5kz.0rk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00158.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\uipg4eza.aya
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00157.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\sl4qstq3.utj
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00156.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\zqpdnxn2.ux2
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00155.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\lcogbo2n.hoa
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00154.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\v3uxeo2w.n0c
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00153.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2zxltrkg.vei
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00152.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\hcrnusoq.25b
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00151.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\gt0bklxi.uir
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00150.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\pyq5hvlj.uz4
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00149.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2kvnowxw.wqe
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00148.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\nkgozywv.lpr
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00147.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2uuxuuxd.gbm
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00146.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\av3aammi.w3g
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00145.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ejjgnes5.mau
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00144.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\djolduar.ycw
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00143.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\na3jcclq.hzk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00142.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\htwk4ssb.mco
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00141.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\dmdavljx.ket
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00140.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\pr0542qs.sbl
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00139.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\lbyrwhpt.n0k
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00138.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\qzdabpe5.njz
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00137.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\fg04us0j.o4n
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00136.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\522h1akg.em3
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00135.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\tt53jwgg.pxe
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00134.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\zyiluwnr.ene
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00133.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\kc5kr3dg.2jo
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00132.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\trp02nqd.egm
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00131.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\kcnuyedp.ecu
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00130.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ruz2xfgy.xeq
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00129.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\jpg51nex.33d
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00128.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\jw4dde5c.ovy
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00127.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\hsjnohup.api
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00126.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xpocrosg.4kp
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00125.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ghef24ls.nyg
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00124.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\exd4jxix.wrq
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00123.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\gq1ncpew.ark
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00122.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\a4d31cuk.buc
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00121.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\cig3syjg.jjr
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00120.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\o24yq11b.axu
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00119.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\g0kvdgav.4ax
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00118.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\zgtsjq45.dsg
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00117.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\tpbxfutg.hkn
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00116.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\jbi0jzo5.uha
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00115.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\1i2h0q3i.n14
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00114.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\o2vcpvor.tp3
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00113.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\00ka1xib.fjt
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00112.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ml5eyzps.phk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00111.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\lq5ydlyr.mhh
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00110.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\pjfmj5el.urt
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00109.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\f4q4bouc.ulm
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00108.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xlplsaec.trk
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00107.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\seqehbwe.bxc
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00106.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\4swq00pe.ejl
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00105.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\1d5jlduz.4jx
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00104.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\tr3ydvfr.giv
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00103.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\31nkbogz.nzv
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00102.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\wymqhgl4.nac
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00101.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\mtqmg0i5.0ml
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00100.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\di0jopqu.1cl
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00099.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2ds2dvk3.okd
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00098.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xjnrhcnr.s1u
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00097.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\kyfy25c2.b5h
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00096.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2iptuwln.vep
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00095.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\kevwmxle.eki
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00094.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\w05rpaha.4xr
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00093.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\3jduks0o.aeq
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00092.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\pbzom0vs.lni
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00091.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\ym5rrj4m.niw
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00090.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\j5nxalbw.djx
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00089.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\50szhv2a.fo4
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00088.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\rbi3bbrj.yw2
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00087.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\uhfztm12.nyy
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00086.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\3zfbg4xf.g5f
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00085.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\2tvkgh3e.jjb
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00084.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\4cuui1xa.moy
––
MD5:  ––
SHA256:  ––
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\xbv00083.vdf
vdf
MD5: 81d399946071ecfbdf773bd303e92cc0
SHA256: 7fa8891fc6196a53626f19d9822d148d90fc7936452cac7ca2fd74cc5c88e7be
2932
TotalAV.exe
C:\Program Files\TotalAV\SAVAPI\soka5xfi.aus
––